/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */
(second post; first one was 99/09/19)
I have set up several Linux boxes now using MASQ with a cable modem, and all
work great! But, they all use 1 ethernet segment on the private side. Now, I
have a client who has had his system set up for 3 yrs now (by another
individual who did not apparently know about RFC 1597). My Linux box is 6.0,
2.2.x kernel with 2 cards, eth0 (150.10.0.1) and eth1 (207.50.50.185)
This new challenge consists of a Novell network (3.11) using TCP/IP
forward=yes option on the server between
segment 150.10.0.2 (card1 in Novell) and segment 150.15.0.3 (card2 in Novell)
AND he also has 2 other Novell servers in other cities tied to the primary
server via bridge cards
to sum it all up:
Primary Novell server
------------------------
segment 1 150.10.0.x including an AIX host that must be seen by ALL and
presently works fine
segment 2 150.15.0.x
city #2 server
------------------------
segment 3 150.20.0.x
city #3 server
------------------------
segment 4 150.30.0.x
Note: subnet masks are set to 255.255.0.0
here is my present rc.firewall:
#!/bin/sh
# rc.firewall for LINUX 2.2.x kernels
#
/sbin/depmod -a
# load required MASQ modules
#
# support for ftp via the PORT method
#
/sbin/modprobe ip_masq_ftp
# support RealAudio
#
/sbin/modprobe ip_masq_raudio
# enable IP forwarding
#
echo "1" > /proc/sys/net/ipv4/ip_forward
# for DHCP, this must be enabled; so for static IP, it must be disabled
# IMPORTANT, see DHCP line #39 below also
#
#echo "1" > /proc/sys/net/ipv4/ip_dynaddr
# MASQ timeout values
# 2 hrs for TCP session
# 10 sec for traffic after TCP/IP "FIN" packet is received
# 160 sec for UDP traffic (mostly for ICQ users)
#
/sbin/ipchains -M -S 7200 10 60
# DHCP for people who receive their external IP address from DHCP, it is
# necessary to use the following BEFORE the deny command.
#
#/sbin/ipchains -A input -j ACCEPT -i eth1 -s 0/0 67 -d 0/0 68 -p udp
# Enable IP forwarding and Masquerading
#
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -s 150.10.0.0/24 -j MASQ
With this config, MASQ works as expected, but only for those on the same
segment 150.10.0.x
So, how do I get the other segments to see the Linux box and therefore "surf"
the net?
Todd Patterson, President
TB Business Micro Systems, Inc.
3409 S Georgia, Suite 14
Amarillo, Texas 79109
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/ -- THIS INCLUDES
UNSUBSCRIBING!
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
