I have two machines, "charlesc" and "server". Both are Red Hat 5.2.
Server is a fresh installation. Server can dial out and connect to the
net. Ping and DNS, etc all work. The problem is that charlesc can ping
server's eth0 and server's end of the ppp connection, but can't ping the
ISP's end of the ppp connection. In all cases, I am using IP addresses,
not host names, so name resolution should be irrelevant.
Thanks in advance for your help.
hosts, on both machines:
# N.B. use the private, experimental class C net provided for in RFC
1597.
# 192.168.1.3 ccurley1
127.0.0.1 localhost localhost.localdomain
192.168.1.64 server server.localdomain
192.168.1.3 charlesc.localdomain charlesc loghost
192.168.1.4 bad_dog bad_dog.localdomain
192.168.1.32 laptop laptop.localdomain
host.conf on both:
order hosts,bind
multi on
Server is a 486/66 DX2. I have compile all the IP masqurading components
into the kernel. Eventually, I'll get rid of kerneld, but haven't taken
it out yet. Here is an extract from server's .config:
#
# Networking options
#
CONFIG_FIREWALL=y
CONFIG_NET_ALIAS=y
CONFIG_INET=y
CONFIG_IP_FORWARD=y
CONFIG_IP_MULTICAST=y
CONFIG_SYN_COOKIES=y
CONFIG_IP_FIREWALL=y
CONFIG_IP_FIREWALL_VERBOSE=y
CONFIG_IP_MASQUERADE=y
#
# Protocol-specific masquerading support will be built as modules.
#
CONFIG_IP_MASQUERADE_IPAUTOFW=y
CONFIG_IP_MASQUERADE_ICMP=y
CONFIG_IP_TRANSPARENT_PROXY=y
CONFIG_IP_ALWAYS_DEFRAG=y
CONFIG_IP_ACCT=y
# CONFIG_IP_ROUTER is not set
CONFIG_NET_IPIP=m
# CONFIG_IP_MROUTE is not set
CONFIG_IP_ALIAS=y
Normal route on charlesc is:
[root@charlesc /root]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.1.0 * 255.255.255.0 U 0 0 10
eth0
127.0.0.0 * 255.0.0.0 U 0 0 10
lo
When I run a shell script to add the default gateway, I get:
[root@charlesc /root]# ./add.gateway
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use
Iface
192.168.1.0 * 255.255.255.0 U 0 0 10
eth0
127.0.0.0 * 255.0.0.0 U 0 0 11
lo
default server 0.0.0.0 UG 0 0 0
eth0
[root@charlesc /root]#
On server, IP masquerading is set up as follows:
#!/bin/sh
#Set up & run IP masquerading. ipfwadm
case "$1" in
'start')
# /sbin/ipfwadm -F -a m -S 192.168.1.3/32 -D 0.0.0.0/0
/sbin/ipfwadm -F -p deny
/sbin/ipfwadm -F -a m -S 192.168.1.3/32 -D 0.0.0.0/0
;;
'stop')
;;
*)
echo "Usage: $0 { start | stop }"
;;
esac
exit 0
After running the above script (first line below), I do the following:
[root@server /root]# /etc/rc.d/init.d/ipmasqerading start
[root@server /root]# ipfwadm -M -l
IP masquerading entries
[root@server /root]# ipfwadm -F -l
IP firewall forward rules, default policy: deny
type prot source destination ports
acc/m all charlesc anywhere n/a
acc/m all charlesc anywhere n/a
acc/m all charlesc anywhere n/a
acc/m all charlesc anywhere n/a
[root@server /root]#
I have a few more rules here than I need. I don't suppose that's fatal?
--
-- C^2
I have sworn upon the altar of God eternal hostility against every form
of tyranny over the mind of man.
-- Thomas Jefferson, letter to Benjamin Rush, 1800 A.D.
Thomas Jefferson, Patron Saint of the Internet:
http://w3.trib.com/~ccurley/Jefferson.html
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
