Wow, I learned alot from this message and have my ip masquerading working great! The problem was what dave had suggested and my IP masquerading was disabled. I enabled it at the command line and I was in business. Thanks everyone -----Original Message----- From: Dave Cox <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]> Date: Thursday, June 11, 1998 6:41 PM Subject: Re: [masq] [masq] [masq] IP - masquerade setup problems You need to 'ipfwadm -F -p deny' first to set a default policy. then you can 'ipfwadm -F -a ...' to append forwarding rules to the default policy. Re-read the last sentence you quoted below. On 11 Jun 98 at 17:01, Bill Eldridge wrote: >From the man page: > > These rules regulate the acceptance of incoming IP > local network interfaces are checked against the > input firewall rules. The first rule that matches > with a packet determines the policy to use and will > also cause the rule's packet en byte counters being > adapted. When no matching rule is found, the > default policy for the input firewall is used. > > >If you deny everything first, then any packet will match >that denial, and be rejected. (which is the same way >Ciscos do it). Unless I'm horribly confused. >-- >Bill Eldridge >Radio Free Asia >[EMAIL PROTECTED] > >-----Original Message----- >From: Joachim Feise <[EMAIL PROTECTED]> >To: Bill Eldridge <[EMAIL PROTECTED]> >Cc: Steve Helder <[EMAIL PROTECTED]>; [EMAIL PROTECTED] ><[EMAIL PROTECTED]> Date: Thursday, June 11, 1998 4:54 PM >Subject: Re: [masq] [masq] IP - masquerade setup problems > > >>Bill Eldridge wrote: >> >>> Order matters, so if you deny everythingfirst, then the rules never >meet the allowclauses later. As mmy first guess.-- >> >>That is not quite right, actually, it is wrong. >>For security reasons, you always should deny everything first, and >subsequently >>allow things like forwarding. >>Did you enable forwarding in the proc fs? Try adding this line to your rc >>script: >>echo 1 > /proc/sys/net/ipv4/ip_forward >> >>Oh, and please don't send HTML-formatted messages. ASCII is preferred (I >hope I >>didn't copy the tags over when I copied the text). >> >>-Joe >> >>> Bill Eldridge >>> Radio Free Asia >>> [EMAIL PROTECTED] >>> >>> -----Original Message----- >>> From: Steve Helder <[EMAIL PROTECTED]> >>> To: [EMAIL PROTECTED] <[EMAIL PROTECTED]> >>> Date: Thursday, June 11, 1998 2:36 PM >>> Subject: [masq] IP - masquerade setup problemsI am attempting to >use IP-Masquerading on a newly >>> installed Redhat 5.1 Linux box. I am connected to my ISP using >PPP and can ping the nameservers from >>> Linux. I have followed the instructions in the Linux IP >Masquerade mini HOWTO by Ambrose Au for setting >>> up my Windows 95 machine. After I set it up I can ping the >ethernet card on the Linux box which is >>> 10.0.100.5 but can't get any further. (pinging the nameservers) I >have setup the ipfwadm -F -p deny and >>> ipfwadm -F -a m S 10.0.100.0/24 -D 0.0.0.0/0 on the Linux box. I >am assuming I am close but missing >>> something. Any assistance would be appreciated Steve Helder >> >> >>-- >>Joachim Feise Microsoft Certified Solution Developer >>mailto:[EMAIL PROTECTED] http://www.ics.uci.edu/~jfeise/ >>mailto:[EMAIL PROTECTED] mailto:[EMAIL PROTECTED] >>--------------------------------------------------------------------- > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] For >additional commands, e-mail: [EMAIL PROTECTED] For daily >digest info, email [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED] --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
