Re: [masq] Minor oddities with ip masq

Wed, 2 Dec 1998 15:48:42 -0500 


>Now, I only have one nic in my box, so the first 3 lines aren't any
>problem.  The problem is with 'eth1'.  I never had a 2nd nic installed,
>and I've never set up a 2nd nic.  

First, what kind of kernel do you use?

        Uses modules:           - check your /etc/modules.conf file for
        (stock redhat kernel)     multiple alias lines for eth1

        monolithic kernel:              - check your /etc/lilo.conf for
        (you compiled everything          "append="ether=0,0,eth1 ether=0,0"
         into it NOT as modules)


>If I run ifconfig, it only lists lo & eth0,  so it tries but does
>not successfully set up an eth1.  Anybody have any ideas?

Either way.. it isn't hurting anything.  NE2000 support under
Linux is a little weird anyway due to NE2000's not liking to be
probed.


>Secondly, I can successfully run a traceroute from the box behind the
>firewall, but if I try it from the firewall box itself I get
>"traceroute: Warning: Multiple interfaces found; using 192.168.1.1 @
>eth0".  I figured it would be the other way around, that the one behind
>the firewall would be more limited.

This is normal for a box that has multiple NICs in it.  Is this a
different box or do you really only have one NIC?  Are you running
"aliasing" on it?


>Lastly, I have a problem using ftp from the box behind the firewall.  I
>can connect to an ftp server.  I can also do a 'pwd' and 'cd', but when
>I do 'ls' I get the following:
>
>        500 Illegal PORT Command
>        ftp: bind: Address already in use


Weird.  run "lsmod" and email the list your results.  You *NEED* to 
have the "ip_masq_ftp" module running.  If you don't have it in there,
check out the kernel compiling and rc.firewall script in TrinityOS

        http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS.wri


>        ipfwadm -F -p deny
>        ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0
>
>Does this look about right?  

This is OK but its VERY weak.  Use a better ruleset like the one
in TrinityOS.

--David
.----------------------------------------------------------------------------.
|  David A. Ranch - Remote Access/Linux/PC hardware      [EMAIL PROTECTED]  |
!----                                                                    ----!
`----- For more detailed info, see http://www.ecst.csuchico.edu/~dranch -----'
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]

Reply via email to