/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting!
/* ALSO: Don't quote this header. It makes you look lame :-) */
Hi.
I was going to ask the question first, but realized it makes little
sense until I describe the environment.
Got a linux box, 2.4.21, set up as a router/IP forwarder/masquerade
machine (and wireless access point). Three other boxes hang on
an internal net off of it (wireless). It (the router/WAP) has
a dial-up connection, PPP, to an ISP.
I followed the HOWTO to the letter to get things set up, exactly
in sequence. One thing I skipped, however, was use of the
simple firewall script - went straight to the firewall-2.4-stronger
script.
The sequence of getting things set up that (I believe) has to happen
in rc.local is:
a. Set up ppp0 via the usual call to pppd (am presently using
the demand-dial method, referenced also in the HOWTO).
b. Set up wlan0 via the several calls to iwconfig/ifconfig
(a and b can be in either order)
c. Set up the firewall via the call to rc.firewall.
When invoking the firewall script from /etc/rc.d/rc.local as is called out
in the HOWTO, note that it's now setting things up against
10.64.64.64, which is the address given to the ppp0 interface before
there is an actual connection generated by some TCP application request
on one of the machines. So when such a request is generated (say,
telnet to an external machine from an internal machine), the ppp link
comes up, but since everything about the masquerading and firewall
was set up against the wrong address, nothing works.
Conversely, within the firewall script itself, there comments that
say in essence, "for PPP, have /etc/ppp/ip-up call this script". Had
tried that too. Problem with that is that if the script isn't called
BEFORE someone generates the first TCP request, there's no way
for the TCP request to get anywhere to trigger pppd to bring up
the link and thus bring up IP, so the script never gets called.
It took me awhile to figure out that this was going on. Had been
thinking it was some crazy option in the kernel that was hurting
me. Finally I got it narrowed down, and got past the problem by
calling the script twice - once from /etc/rc.d/rc.local, and then
again by /etc/ppp/ip-up. Obviously, this is not an elegant
solution.
I'm not at all familiar with what exactly needs to be done to set up
forwarding vs. masquerading, and what the dependencies are; but if
I had to guess, I'd say that this script needs to be broken into
two pieces - one that sets up forwarding and one that sets up
masquerading.
Can anyone make some suggestions in that regard, or some other regard?
Also, totally different: The HOWTO references primarily linux-2.4.20,
but for the kernel config params is referencing 2.4.14. As I said above,
I was thinking my problem was that I maybe was including some parameter
that seemed like it should be ok to include but maybe wasn't (I've
recompiled up and down a whole bunch o' times now to rule that
out as a factor while troubleshooting the script invocation). Does
anyone have an authoritative list of kernel params relative to either
2.4.20 (or better, 2.4.21) and their status (i.e. should/should not
be included in the kernel)? That way, I won't be guessing.
Thx,
jbh
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ --
THIS INCLUDES UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
