I can't get my RH 5.2 linux to IP Masquerade. We used to have a Slackware se
rver doing the same job a few weeks ago, but the hardware died and we had no
backup. As far as I can tell I have used all the same ip information, inclu
ding the totally non-standard internal ip range. This range is due to suppo
rt of legacy Acorn Level 4 server compatability (which we don't need any mor
e but I don't want to go and reconfigure all the computers).
First of all what I've done:
Followed the IPMASQ-HOWTO and recompiled the kernal with the options it asked
for. However when compiling 'pentium' code it stopped my K6 166 from booting
so I used 386 code.
I found a posting somewhere that another RH5 user had had to do a few extra b
its so I added them to my /etc/rc.d/rc.local file also.
We have a network of computers using 1.0.128.0 sm 255.255.255.0. I use a rou
ter to dial up to demon and have it configured so it only accepts packets fro
m the linux. The linux is configured to be the gateway on all the computers.
It all used to work with the dead server, so I can narrow down the problem to
a configuration problem on the linux server.
route gives the following info:
Destination Gateway Genmask Flags Metric Ref Use Iface
1.0.128.0 * 255.255.255.0 U 0 0 13 eth0
127.0.0.0 * 255.0.0.0 U 0 0 3 lo
default router.beebug.d 0.0.0.0 UG 1 0 0 eth0
My /etc/rc.d/rc.local file: (a snippet actaully)
echo "Setting up ip masquerading"
echo "1" > /proc/sys/net/ipv4/ip_forward
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp.o
echo "Setting up permissions for 1.0.128.0 for mas"
/sbin/ipfwadm -I -f
/sbin/ipfwadm -F -p deny
/sbin/ipfwadm -F -a m -S 1.0.128.0/24 -D 0.0.0.0/0
echo "Removing router route"
/sbin/route del default
When I want to access the internet I call a script:
/sbin/route add default gw 1.0.128.1 metric 1
/sbin/route
And to remove the route I call another script:
/sbin/route del default
/sbin/route
I can access the internet from the linux (web, telnet, ftp, DNS) but not the
other computers. I can not ping any external address. Under the old system
I never could anyway. I could access the internet from the linux BEFORE I re
compiled or did any ipmasquerading configuration. It still seems to be the s
ame.
ipfwadm -l -F gives:
IP firewall forward rules, default policy: deny
type prot source destination ports
acc/m all 1.0.128.0/24 anywhere n/a
When trying to access the internet from a client I often get a first bit of t
he connection (as if the packet is going out). For example telnetting to 130
.89.230.12 from a client I get connected to 130.89.230.12.... And from a web
browser I get fetching http://blah. Or is it that the incorrect ip address
of the client is getting out and it is not masqueraded at all?
Any help would be greatly appreciated.
Thank you.
--
Daniel Barron - Senior Technical Assistant PC and Network Support Dept
Beebug, 117 Hatfield Road, St Albans, AL1 4JS Tel:01727 840303/fax860263
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
