I got ip masquerading working with my 2 systems with very little fuss or
bother. Both are running linux(RH 5.1), but I have a couple of things
puzzling me. If these have been covered over & over here I apologize.
When I went to the mailing list archive and clicked on a link to view a
message, it just loaded the list of messages again(was I missing
something?). Also, the mini-howto doesn't address this, the faq it
refers you too is older than dirt (last revised 1/7/96)and only the
concepts seem to apply anymore, and the IP Masquerade Resource Page
(masq.home.ml.org) has been down for the past 4 days I've been working
on this. So please don't give me "RTFM", but if there is something you
think I should read, don't hesitate to point me in the right direction.
Anyway, the first problem is that when the box behind the firewall
boots, I get the following message:
loading device 'eth0'...
ne.c:v1.0 9/23/94 Donald Becker ([EMAIL PROTECTED])
NE*000 ethercard probe at 0x300: 00 c0 a8 00 19 5e
eth0: NE2000 found at 0x300, using IRQ5.
loading device 'eth1'...
Now, I only have one nic in my box, so the first 3 lines aren't any
problem. The problem is with 'eth1'. I never had a 2nd nic installed,
and I've never set up a 2nd nic. I can't find any reference to an eth1
anywhere in my startup scripts. This just started appearing after I
started using ip masquerading(if it was there before I never noticed
it). If I run ifconfig, it only lists lo & eth0, so it tries but does
not successfully set up an eth1. Anybody have any ideas?
Secondly, I can successfully run a traceroute from the box behind the
firewall, but if I try it from the firewall box itself I get
"traceroute: Warning: Multiple interfaces found; using 192.168.1.1 @
eth0". I figured it would be the other way around, that the one behind
the firewall would be more limited.
Lastly, I have a problem using ftp from the box behind the firewall. I
can connect to an ftp server. I can also do a 'pwd' and 'cd', but when
I do 'ls' I get the following:
500 Illegal PORT Command
ftp: bind: Address already in use
Occaisionally I don't even get that; I get no response, no 'ftp>'
prompt, and the connection finally times out. I usually get the illegal
port message though. This may or may not be fixable, I don't know.
In addition to running the newest stable kernel (2.0.36) on the firewall
box, and compiling everything into the kernel as suggested in the
ip-masq mini-howto, I issue the following ipfwadm command to begin the
masquerading(using ipfwadm 2.3.0):
ipfwadm -F -p deny
ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0
Does this look about right? The man page for ipfwadm almost caused more
confusion than it helped. I took that command line straight out of the
mini-howto.
I'm sorry for being so long-winded, but if anybody can offer some
assistance with any of these problems I would appriciate it.
-Jeff
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
