At 11:05 13/12/98 +0000, Daniel Barron wrote:
>I can't get my RH 5.2 linux to IP Masquerade. We used to have a Slackware se
>rver doing the same job a few weeks ago, but the hardware died and we had no
>backup. As far as I can tell I have used all the same ip information, inclu
>ding the totally non-standard internal ip range. This range is due to suppo
>rt of legacy Acorn Level 4 server compatability (which we don't need any mor
>e but I don't want to go and reconfigure all the computers).
>
>First of all what I've done:
>
>Followed the IPMASQ-HOWTO and recompiled the kernal with the options it asked
>for. However when compiling 'pentium' code it stopped my K6 166 from booting
>so I used 386 code.
>
>I found a posting somewhere that another RH5 user had had to do a few extra b
>its so I added them to my /etc/rc.d/rc.local file also.
>
>We have a network of computers using 1.0.128.0 sm 255.255.255.0. I use a rou
>ter to dial up to demon and have it configured so it only accepts packets fro
>m the linux. The linux is configured to be the gateway on all the computers.
>
>It all used to work with the dead server, so I can narrow down the problem to
> a configuration problem on the linux server.
>
>route gives the following info:
>
>Destination Gateway Genmask Flags Metric Ref Use Iface
>1.0.128.0 * 255.255.255.0 U 0 0 13 eth0
>127.0.0.0 * 255.0.0.0 U 0 0 3 lo
>default router.beebug.d 0.0.0.0 UG 1 0 0 eth0
>
>
>My /etc/rc.d/rc.local file: (a snippet actaully)
>
>echo "Setting up ip masquerading"
>echo "1" > /proc/sys/net/ipv4/ip_forward
>/sbin/depmod -a
>/sbin/modprobe ip_masq_ftp.o
>echo "Setting up permissions for 1.0.128.0 for mas"
>/sbin/ipfwadm -I -f
>/sbin/ipfwadm -F -p deny
>/sbin/ipfwadm -F -a m -S 1.0.128.0/24 -D 0.0.0.0/0
>echo "Removing router route"
>/sbin/route del default
>
>When I want to access the internet I call a script:
>
>/sbin/route add default gw 1.0.128.1 metric 1
>/sbin/route
>
>And to remove the route I call another script:
>
>/sbin/route del default
>/sbin/route
>
>I can access the internet from the linux (web, telnet, ftp, DNS) but not the
>other computers. I can not ping any external address. Under the old system
>I never could anyway. I could access the internet from the linux BEFORE I re
>compiled or did any ipmasquerading configuration. It still seems to be the s
>ame.
>
>ipfwadm -l -F gives:
>
>IP firewall forward rules, default policy: deny
>type prot source destination ports
>acc/m all 1.0.128.0/24 anywhere n/a
>
>When trying to access the internet from a client I often get a first bit of t
>he connection (as if the packet is going out). For example telnetting to 130
>.89.230.12 from a client I get connected to 130.89.230.12.... And from a web
> browser I get fetching http://blah. Or is it that the incorrect ip address
> of the client is getting out and it is not masqueraded at all?
Is it possible that the newer kernel won't ip masq with my strange internal
ip addresses???
--
Daniel Barron - Senior Technical Assistant PC and Network Support Dept
Beebug, 117 Hatfield Road, St Albans, AL1 4JS Tel:01727 840303/fax860263
***********************************************
I work with PCs so I can afford an Acorn.
If I worked on Acorns I could only afford a PC.
***********************************************
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
