[Masq] ICMP Masquerading fails

Tue, 26 Mar 2002 11:04:29 -0800 

/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! 
/* ALSO: Don't quote this header. It makes you look lame :-) */


 I'm using Redhat 6.2 (kernel version 2.2.14) on the server that does the
masquerading.
 My setup fails at the step "Testing external MASQ ICMP forwarding".
 My server talks to the external world via eth0 as 64.81.51.51, and to
the internal client (192.168.0.105, running debian) over eth1. The client
can ping 64.81.51.51, but cannot ping any external addresses outside
64.81.51.*. How can I debug this?

 I am trying to set up the forwarding with this command:
/sbin/ipchains -A forward -i eth0 -s 192.168.0.0/24 -j MASQ  -d 0.0.0.0/0

netstat -rn says:
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
64.81.51.51     0.0.0.0         255.255.255.255 UH        0 0          0 eth0
192.168.0.1     0.0.0.0         255.255.255.255 UH        0 0          0 eth1
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 eth1
64.81.51.0      0.0.0.0         255.255.255.0   U         0 0          0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
0.0.0.0         64.81.51.1      0.0.0.0         UG        0 0          0 eth1
0.0.0.0         64.81.51.1      0.0.0.0         UG        0 0          0 eth0
0.0.0.0         192.168.0.1     0.0.0.0         UG        0 0          0 eth1
0.0.0.0         64.81.51.1      0.0.0.0         UG        0 0          0 eth0

/sbin/ipchains -n -L says:
Chain input (policy ACCEPT):
Chain forward (policy DENY):
target     prot opt     source                destination           ports
MASQ       all  ------  192.168.0.0/24       0.0.0.0/0             n/a
Chain output (policy ACCEPT):

 As far as I can tell, none of the traffic from "tcpdump -i eth0" is coming
from the client. Here's a sample of the traffic I do see from tcpdump:
10:32:43.739702 > dsl081-051-051.sfo1.dsl.speakeasy.net.www > 
adsl-63-199-157-2.dsl.snfc21.pacbell.net.17930: S 592521732:592521732(0) ack 
3813867521 win 32696
<mss 536> (DF)
10:32:45.629820 < 209.130.30.130.4330 > dsl081-051-051.sfo1.dsl.speakeasy.net.www: S 
72417280:72417280(0) win 65535
10:32:45.629854 > dsl081-051-051.sfo1.dsl.speakeasy.net.www > 209.130.30.130.4330: S 
639949639:639949639(0) ack 72417281 win 32696 <mss 536> (DF)
10:32:48.739692 > dsl081-051-051.sfo1.dsl.speakeasy.net.www > 209.130.30.130.4330: S 
639949639:639949639(0) ack 72417281 win 32696 <mss 536> (DF)
-- 
------------------------------------------------------------------------------
Peter McCluskey          | Free Jon Johansen!
http://www.rahul.net/pcm | 
_______________________________________________
Masq maillist  -  [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- 
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]

PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.

Reply via email to