/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! /* ALSO: Don't quote this header. It makes you look lame :-) */
Pls check "echo 1 > /proc/sys/net/ipv4/ip_forward" Also, why don't you upgrade your kernel together with ipchains to iptables^_^? ----- Original Message ----- From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, March 27, 2002 5:09 AM Subject: Masq digest, Vol 1 #603 - 1 msg > Send Masq mailing list submissions to > [EMAIL PROTECTED] > > To subscribe or unsubscribe via the World Wide Web, visit > http://home.indyramp.com/mailman/listinfo/masq > or, via email, send a message with subject or body 'help' to > [EMAIL PROTECTED] > > You can reach the person managing the list at > [EMAIL PROTECTED] > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of Masq digest..." > > > This is the Linux IP Masquerading mailing list digest. To unsubscribe, change to >realtime distribution, or adjust your other list options, visit the web page at > > http://home.indyramp.com/mailman/listinfo/masq > > PLEASE read the HOWTO and search the archives before posting. > You can start your search at http://www.indyramp.com/masq/ > Please keep general linux/unix/pc/internet questions off the list. > > Today's Topics: > > 1. ICMP Masquerading fails (Peter C. McCluskey) > > --__--__-- > > Message: 1 > To: [EMAIL PROTECTED] > Date: Tue, 26 Mar 2002 11:00:04 -0800 (PST) > From: [EMAIL PROTECTED] (Peter C. McCluskey) > Subject: [Masq] ICMP Masquerading fails > > > I'm using Redhat 6.2 (kernel version 2.2.14) on the server that does the > masquerading. > My setup fails at the step "Testing external MASQ ICMP forwarding". > My server talks to the external world via eth0 as 64.81.51.51, and to > the internal client (192.168.0.105, running debian) over eth1. The client > can ping 64.81.51.51, but cannot ping any external addresses outside > 64.81.51.*. How can I debug this? > > I am trying to set up the forwarding with this command: > /sbin/ipchains -A forward -i eth0 -s 192.168.0.0/24 -j MASQ -d 0.0.0.0/0 > > netstat -rn says: > Kernel IP routing table > Destination Gateway Genmask Flags MSS Window irtt Iface > 64.81.51.51 0.0.0.0 255.255.255.255 UH 0 0 0 eth0 > 192.168.0.1 0.0.0.0 255.255.255.255 UH 0 0 0 eth1 > 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1 > 64.81.51.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo > 0.0.0.0 64.81.51.1 0.0.0.0 UG 0 0 0 eth1 > 0.0.0.0 64.81.51.1 0.0.0.0 UG 0 0 0 eth0 > 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 eth1 > 0.0.0.0 64.81.51.1 0.0.0.0 UG 0 0 0 eth0 > > /sbin/ipchains -n -L says: > Chain input (policy ACCEPT): > Chain forward (policy DENY): > target prot opt source destination ports > MASQ all ------ 192.168.0.0/24 0.0.0.0/0 n/a > Chain output (policy ACCEPT): > > As far as I can tell, none of the traffic from "tcpdump -i eth0" is coming > from the client. Here's a sample of the traffic I do see from tcpdump: > 10:32:43.739702 > dsl081-051-051.sfo1.dsl.speakeasy.net.www > >adsl-63-199-157-2.dsl.snfc21.pacbell.net.17930: S 592521732:592521732(0) ack >3813867521 win 32696 > <mss 536> (DF) > 10:32:45.629820 < 209.130.30.130.4330 > dsl081-051-051.sfo1.dsl.speakeasy.net.www: S >72417280:72417280(0) win 65535 > 10:32:45.629854 > dsl081-051-051.sfo1.dsl.speakeasy.net.www > 209.130.30.130.4330: S >639949639:639949639(0) ack 72417281 win 32696 <mss 536> (DF) > 10:32:48.739692 > dsl081-051-051.sfo1.dsl.speakeasy.net.www > 209.130.30.130.4330: S >639949639:639949639(0) ack 72417281 win 32696 <mss 536> (DF) > -- > ------------------------------------------------------------------------------ > Peter McCluskey | Free Jon Johansen! > http://www.rahul.net/pcm | > > > --__--__-- > > _______________________________________________ > Masq maillist - [EMAIL PROTECTED] > http://home.indyramp.com/mailman/listinfo/masq > Admin requests handled at the above URL or [EMAIL PROTECTED] > > PLEASE read the HOWTO and search the archives before posting. > You can start your search at http://www.indyramp.com/masq/ > Please keep general linux/unix/pc/internet questions off the list. > > End of Masq Digest _______________________________________________ Masq maillist - [EMAIL PROTECTED] Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES UNSUBSCRIBING! or email to [EMAIL PROTECTED] PLEASE read the HOWTO and search the archives before posting. You can start your search at http://www.indyramp.com/masq/ Please keep general linux/unix/pc/internet questions off the list.
