Re: ipchains diagnostics
On Mon, 24 Jan 2000, Michel D?nzer wrote: /sbin/ipchains -A forward -s 10.0.0.0/24 -j MASQ The IP address looks funny. Sure it's private? That's the private Class A network address. It does look like he is using a Class C network 10.0.0 though. If not, it should be 10.0.0.0/8 instead. -- hypnos mailto:[EMAIL PROTECTED]
Re: ipchains diagnostics
Would you mind explaining when to use 10.0.0.0/8 10.0.0.0/24 and 10.0.0.0/32 as I never understand and don't know if using the wrong one will break anything. If its an RTFM situatiion, a pointer at a howto would be appreciated. Patrick /sbin/ipchains -A forward -s 10.0.0.0/24 -j MASQ The IP address looks funny. Sure it's private? That's the private Class A network address. It does look like he is using a Class C network 10.0.0 though. If not, it should be 10.0.0.0/8 instead. -- hypnos mailto:[EMAIL PROTECTED] -- Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null
Re: ipchains diagnostics
--- hypnos [EMAIL PROTECTED] wrote: On Mon, 24 Jan 2000, Michel Dänzer wrote: /sbin/ipchains -A forward -s 10.0.0.0/24 -j MASQ The IP address looks funny. Sure it's private? That's the private Class A network address. It does look like he is using a Class C network 10.0.0 though. If not, it should be 10.0.0.0/8 instead. That's what I was trying to say :) Michel = Software is like sex; it's better when it's free -- Linus Torvalds If you continue running Windows, your system may become unstable. -- Windows 95 BSOD __ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com
Re: ipchains diagnostics
--- Patrick Kirk [EMAIL PROTECTED] wrote: Would you mind explaining when to use 10.0.0.0/8 10.0.0.0/24 and 10.0.0.0/32 With 10.0.0.0/24, the masquerading code will only forward from/to IPs 10.0.0.x, whereas with 10.0.0.0/8 10.x.x.x , which is probably what you want (although it escapes me why anyone would need such a big private network? :) as I never understand and don't know if using the wrong one will break anything. If it's wrong, your packets probably won't get routed. Michel = Software is like sex; it's better when it's free -- Linus Torvalds If you continue running Windows, your system may become unstable. -- Windows 95 BSOD __ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com
ipchains diagnostics
I can't get ipchains to work and get no error messages when I run echo 1 /proc/sys/net/ipv4/ip_forward /sbin/ipchains -P forward DENY /sbin/ipchains -A forward -s 10.0.0.0/24 -j MASQ How can I tell what's wrong? I see nothing in logs nor tail -f /var/log/messages. Patrick
Re: ipchains diagnostics
IP forwarding and IP masq-ing are enabled in the kernel? Regards, Onno At 10:29 AM 1/24/00 +, Patrick wrote: I can't get ipchains to work and get no error messages when I run echo 1 /proc/sys/net/ipv4/ip_forward /sbin/ipchains -P forward DENY /sbin/ipchains -A forward -s 10.0.0.0/24 -j MASQ How can I tell what's wrong? I see nothing in logs nor tail -f /var/log/messages. Patrick
Re: ipchains diagnostics
ip masq is definately enabled in the kernel but not sure about ip forwarding. My real question is how can I diagnose the error. Where can I get a message what setting I've missed as I know this is Operator Error. Patrick
Re: ipchains diagnostics
At 01:56 PM 1/24/00 +, Patrick wrote: ip masq is definately enabled in the kernel but not sure about ip forwarding. My real question is how can I diagnose the error. Where can I get a message what setting I've missed as I know this is Operator Error. If 'ls /proc/sys/net/ipv4' yields a 'ip_forward' then the kernel supports ip forwarding. But futher diagnostics is done step bij step: (others: please correct me when I'm wrong because I'm doing this 'on the fly') - check the kernel for support - check kernel parameters - check ifconfig - check route - check ipchains Good luck, Onno
Re: ipchains diagnostics
i assume your talking about ipmasq ? did u set the gateway of the other machines to the ip of the linux box? what happens exactly? make sure your using kernel 2.2 if yer usin ipchains nate On Mon, 24 Jan 2000, Patrick wrote: patric I can't get ipchains to work and get no error messages when I run patric echo 1 /proc/sys/net/ipv4/ip_forward patric /sbin/ipchains -P forward DENY patric /sbin/ipchains -A forward -s 10.0.0.0/24 -j MASQ patric patric How can I tell what's wrong? I see nothing in logs nor patric tail -f /var/log/messages. patric patric Patrick patric patric patric patric patric -- patric Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] /dev/null patric [mailto:[EMAIL PROTECTED] ]-- Vice President Network Operations http://www.firetrail.com/ Firetrail Internet Services Limited http://www.aphroland.org/ Everett, WA 425-348-7336http://www.linuxpowered.net/ Powered By:http://comedy.aphroland.org/ Debian 2.1 Linux 2.0.36 SMPhttp://yahoo.aphroland.org/ -[mailto:[EMAIL PROTECTED] ]-- 6:37am up 157 days, 18:43, 1 user, load average: 1.02, 1.46, 1.39
Re: ipchains diagnostics
--- Patrick [EMAIL PROTECTED] wrote: I can't get ipchains to work and get no error messages when I run echo 1 /proc/sys/net/ipv4/ip_forward /sbin/ipchains -P forward DENY /sbin/ipchains -A forward -s 10.0.0.0/24 -j MASQ The IP address looks funny. Sure it's private? Michel = Software is like sex; it's better when it's free -- Linus Torvalds If you continue running Windows, your system may become unstable. -- Windows 95 BSOD __ Do You Yahoo!? Talk to your friends online with Yahoo! Messenger. http://im.yahoo.com