Re: ipmasq and howto

2000-04-03 Thread Jeff Gordon 
- Forwarded message from Oswald Buddenhagen <[EMAIL PROTECTED]> -

> a connection is something open, it needs (at least) two (active) ends. 
> otherwise it is only a route. a masq rule is (kind of) a route.

>>> Thank you for helping clarify the distinction.
 
> no problem. sorry for the harsh tone. maybe, i assumed too much knowledge...

(Probably because you saw me trying to help someone else at the time.  Happens 
to me in stores, too -- folks often come up and talk to me as though they 
figure I must work there. :-)

  -- Jeff --   

  "There's nothing left in the world to prove.  All that's worth doing
   is to love one another, using whatever means are available to serve."

Re: ipmasq and howto

2000-04-02 Thread Oswald Buddenhagen 
> Hmm; the actual emphasis lies on "connections which are currently
> masqueraded".  The word "open" was filled-in for you by your
> already-existing understanding of what's going on; it's not present in the
> text I was poring over and that you've quoted.  
> 
> My understanding had reached this far:  "Routes exist when no traffic is
> moving on them; therefore 'currently masqueraded connections' could mean
> 'those pathways I've indicated in a masquerading rule, whether there's
> traffic on them right now or not'."
> 
a connection is something open, it needs (at least) two (active) ends. 
otherwise it is only a route. a masq rule is (kind of) a route.

> Thank you for helping clarify the distinction.
> 
no problem. sorry for the harsh tone. maybe, i assumed too much knowledge
...

-- 
Hi! I'm a .signature virus! Copy me into your ~/.signature, please!
--
Linux - the last service pack you'll ever need.

Re: ipmasq and howto

2000-04-02 Thread Jeff Gordon 
From: Oswald Buddenhagen <[EMAIL PROTECTED]>

>> (Now I'm trying to figure out what's made the difference -- why it is
>> that previously I was seeing specific entries with 'ipchains -M -L'
>> and now I'm not...possibly something's been updated, dunno; as long 
>> as things keep working, I'm planning not to worry about it too much.

> RTFM!!! 

(I did, thank you; many times -- the man pages, the HOW-TO pages,
and everything I could find, short of daring to ask anyone who might
react by belching forth, "RTFM!!!")

>man ipchains clearly states:
>-M, --masquerading
>   This option allows viewing of  the  currently  masĀ­
>   queraded  connections  (in  conjuction  with the -L
>   option) or to set the kernel masqerading parameters
>   (with the -S option).
> The emphasis lies on "currently*"! That is, only if a masqueraded host
> hast open connections, something will show up!

Hmm; the actual emphasis lies on "connections which are currently
masqueraded".  The word "open" was filled-in for you by your
already-existing understanding of what's going on; it's not present in the
text I was poring over and that you've quoted.  

My understanding had reached this far:  "Routes exist when no traffic is
moving on them; therefore 'currently masqueraded connections' could mean
'those pathways I've indicated in a masquerading rule, whether there's
traffic on them right now or not'."

Thank you for helping clarify the distinction.

 -- Jeff --   

 "There's nothing left in the world to prove.  All that's worth doing
  is to love one another, using whatever means are available to serve."

RE: (jg) Re: ipmasq and howto

2000-04-02 Thread Oswald Buddenhagen 
> > But still when I do "ipchains -M -L" I don't get anything.
> > 
> > Any ideas?
> 
> I'm now experiencing the same thing. :-)  But as long as I can see the MASQ
> entry in the output from "ipchains -L", things appear to be working.
> 
> (Now I'm trying to figure out what's made the difference -- why it is that
> previously I was seeing specific entries with 'ipchains -M -L' and now I'm
> not...possibly something's been updated, dunno; as long as things keep
> working, I'm planning not to worry about it too much. :-)
> 
RTFM!!! man ipchains clearly states:
   -M, --masquerading
  This option allows viewing of  the  currently  masĀ­
  queraded  connections  (in  conjuction  with the -L
  option) or to set the kernel masqerading parameters
  (with the -S option).
The emphasis lies on "currently*"! That is, only if a masqueraded host
hast open connections, something will show up!

regards

-- 
Hi! I'm a .signature virus! Copy me into your ~/.signature, please!
--
Linux - the last service pack you'll ever need.

RE: (jg) Re: ipmasq and howto

2000-04-02 Thread Jeff Gordon 

On 01-Apr-2000 matt garman wrote:

> But still when I do "ipchains -M -L" I don't get anything.
> 
> Any ideas?

I'm now experiencing the same thing. :-)  But as long as I can see the MASQ
entry in the output from "ipchains -L", things appear to be working.

(Now I'm trying to figure out what's made the difference -- why it is that
previously I was seeing specific entries with 'ipchains -M -L' and now I'm
not...possibly something's been updated, dunno; as long as things keep
working, I'm planning not to worry about it too much. :-)

 -- Jeff --   

 "There's nothing left in the world to prove.  All that's worth doing
  is to love one another, using whatever means are available to serve."

Re: ipmasq and howto

2000-04-02 Thread Peter Ross 
On Fri, Mar 31, 2000 at 09:47:51AM -0600, Nathan E Norman wrote:
> On Fri, Mar 31, 2000 at 11:16:16AM +1000, Peter Ross wrote:
> > Install the `ipmasq' package, it will automatically set up IP
> > Masquerading for you providing the IP addresses you have chosen are
> > private ie 10.x.x.x or 192.168.0.x or 172.15.x.x where x can be
> > anything.
> 
> To be correct, the "private" networks are 10.0.0.0/8, 172.16.0.0/12
> and 192.168.0.0/16.  RFC1918 contains all the details.
> 
You are indeed correct, thanks for the information.

Pete

Re: ipmasq and howto

2000-04-01 Thread matt garman 
On Sat, Apr 01, 2000 at 12:14:52PM -0600, matt garman wrote:
> I executed "ipchains -P forward ACCEPT" for the three default chains
> (forward, output, intput), so that I could in fact have "(policy ACCEPT)"
> for all three chains.
> ...

Problem solved, all of my roommates and I are connected!

Thank you very much all of you that helped me out!

Matt

-- 
Matt Garman, [EMAIL PROTECTED]
"I was just reading the interview with Korn in _Guitar_World_, and one of
 the guitarists said they don't play guitar solos because they've been
 done.  Well, I guess that's true if you stick with what's been done.
 But you have to look beyond that; there's a lot more left to say on the
 guitar."  -- Warren Haynes of Gov't Mule

Re: ipmasq and howto

2000-04-01 Thread matt garman 
On Fri, Mar 31, 2000 at 11:02:15PM -0500, Jeff Gordon wrote:
> ...and you should see "(policy ACCEPT)" for the three 'chains'. If
> that's okay, do:
> 
>  ipchains -M -L
> 
> ...and see if the MASQ entry is still present -- dunno why yet, but
> we're experiencing that entry's disappearance from time to time; 'diald'
> or somebody is deleting it, I think, when being taken down, and not
> putting it back up again.

I executed "ipchains -P forward ACCEPT" for the three default chains
(forward, output, intput), so that I could in fact have "(policy ACCEPT)"
for all three chains.

But when I do the "ipchains -M -L" I have no entries, even after
executing the following line:

ipchains -A forward -s 192.168.0.0/24 -d 0/0 -j MASQ

I even went through and did a "ipchains -F " for all chains
(output, input, forward).  The I re-did the line above, so my output of
"ipchains -L" looks like the following:

Chain input (policy ACCEPT):
Chain forward (policy ACCEPT):
target prot opt sourcedestination   ports
MASQ   all  --  home/24  anywhere  n/a
Chain output (policy ACCEPT):

But still when I do "ipchains -M -L" I don't get anything.

Any ideas?

Thanks as always,
Matt

-- 
Matt Garman, [EMAIL PROTECTED]
"I was just reading the interview with Korn in _Guitar_World_, and one of
 the guitarists said they don't play guitar solos because they've been
 done.  Well, I guess that's true if you stick with what's been done.
 But you have to look beyond that; there's a lot more left to say on the
 guitar."  -- Warren Haynes of Gov't Mule

Re: ipmasq and howto

2000-04-01 Thread Bill 
Try something like this with your IP No's  in   /etc/init.d/network

#! /bin/sh
ifconfig lo 127.0.0.1
route add -net 127.0.0.0
#ethernet card
ifconfig eth0 192.168.1.1
route -add net 192.168.1.0
route -add net 0.0.0.0 gw 192.168.1.1
IPADDR=192.168.1.1
NETMASK=255.255.255.0
NETWORK=192.168.1.0
BROADCAST=192.168.1.255
ifconfig ppp ${IPADDR} netmask ${NETMASK} broadcast ${BROADCAST}
route add -net ${NETWORK}
[ "${GATEWAY}" ] && route add default gw ${GATEWAY} metric 1
/sbin/ipfwadm -F -a acc -m -b -S 192.168.1.0/24 -D 0.0.0.0/0


- Original Message -
From: matt garman <[EMAIL PROTECTED]>
To: Jeff Gordon <[EMAIL PROTECTED]>
Sent: Saturday, April 01, 2000 6:47 AM
Subject: Re: ipmasq and howto


> On Fri, Mar 31, 2000 at 07:52:01AM -0500, Jeff Gordon wrote:
> > The answer seems to be, "Yes...sort of." :-)  See if this helps:
> > ...
>
> Thanks for all the help!  But unfortunately it's not working.
>
> I double checked the IP-Masquerading howto to make sure I have all the
> necessary kernel components compiled in.  I also installed the ipmasq
> package and rebooted.  When I establish a PPP connection, however, I
> cannot see the external network (i.e. the internet) from my roommate's
> computer (e.g. cannot ping outside of 192.168.*, cannot load web pages).
>
> By the way, I do have my roommate's computer recognizing mine and mine
> seeing his (I've got samba working to share files between the two
> computers also).
>
> I also tried following your steps, still no luck.  I've got a network
> traffic monitor utility called wmnet running on both my modem and ethernet
> card.  I had my roommate watch these programs for activity while I tried
> pinging, telnetting and httping from his computer.  He said he saw
> activity on both monitors, but still I couldn't get productive results on
> his computer.  He's running Windows 98.
>
> Anyone have any ideas?  Are there any config files I could post that would
> be useful in diagnosing the problem, or output of any particular program?
>
> Thanks,
> Matt
>
> --
> Matt Garman, [EMAIL PROTECTED]
> "I was just reading the interview with Korn in _Guitar_World_, and one of
>  the guitarists said they don't play guitar solos because they've been
>  done.  Well, I guess that's true if you stick with what's been done.
>  But you have to look beyond that; there's a lot more left to say on the
>  guitar."  -- Warren Haynes of Gov't Mule
>
>
> --
> Unsubscribe?  mail -s unsubscribe [EMAIL PROTECTED] <
/dev/null
>
>

Re: ipmasq and howto

2000-04-01 Thread Jeff Gordon 
On Fri, 31 Mar 2000 14:47:20 -0600, matt garman <[EMAIL PROTECTED]> wrote:

> Thanks for all the help!  But unfortunately it's not working.

You're probably really, really close to succeeding. :-)  

It -sounds- like all the bits are working, but 'forwarding' is not fully 
activated; that your roommate's requests are not getting out the door because 
they don't know where the door is.  That can be either a glitch in your routing 
setup, or 'forwarding' itself is not enabled.  Do:

 cat /proc/sys/net/ipv4/ip_forward

...and see if "1" is the result.  If not, re-do the 'echo' command that puts 
"1" there:

 echo "1" > /proc/sys/net/ipv4/ip_forward

If no success after that, do:

 ipchains -L

...and you should see "(policy ACCEPT)" for the three 'chains'. If that's okay, 
do:

 ipchains -M -L

...and see if the MASQ entry is still present -- dunno why yet, but we're 
experiencing that entry's disappearance from time to time; 'diald' or somebody 
is deleting it, I think, when being taken down, and not putting it back up 
again.

Also useful:  Your roommate's computer should have a 'hosts' file and a 
'resolv' file (or whatever Mr. Gates may have used in place of those :-).

 -- Jeff --   

 "There's nothing left in the world to prove.  All that's worth doing
  is to love one another, using whatever means are available to serve."

Re: ipmasq and howto

2000-03-31 Thread matt garman 
On Fri, Mar 31, 2000 at 07:52:01AM -0500, Jeff Gordon wrote:
> The answer seems to be, "Yes...sort of." :-)  See if this helps:
> ...

Thanks for all the help!  But unfortunately it's not working.

I double checked the IP-Masquerading howto to make sure I have all the
necessary kernel components compiled in.  I also installed the ipmasq
package and rebooted.  When I establish a PPP connection, however, I
cannot see the external network (i.e. the internet) from my roommate's
computer (e.g. cannot ping outside of 192.168.*, cannot load web pages).

By the way, I do have my roommate's computer recognizing mine and mine
seeing his (I've got samba working to share files between the two
computers also).

I also tried following your steps, still no luck.  I've got a network
traffic monitor utility called wmnet running on both my modem and ethernet
card.  I had my roommate watch these programs for activity while I tried
pinging, telnetting and httping from his computer.  He said he saw
activity on both monitors, but still I couldn't get productive results on
his computer.  He's running Windows 98.
 
Anyone have any ideas?  Are there any config files I could post that would
be useful in diagnosing the problem, or output of any particular program?

Thanks,
Matt

-- 
Matt Garman, [EMAIL PROTECTED]
"I was just reading the interview with Korn in _Guitar_World_, and one of
 the guitarists said they don't play guitar solos because they've been
 done.  Well, I guess that's true if you stick with what's been done.
 But you have to look beyond that; there's a lot more left to say on the
 guitar."  -- Warren Haynes of Gov't Mule

Re: ipmasq and howto

2000-03-31 Thread Nathan E Norman 
On Fri, Mar 31, 2000 at 11:16:16AM +1000, Peter Ross wrote:
> Install the `ipmasq' package, it will automatically set up IP
> Masquerading for you providing the IP addresses you have chosen are
> private ie 10.x.x.x or 192.168.0.x or 172.15.x.x where x can be
> anything.

To be correct, the "private" networks are 10.0.0.0/8, 172.16.0.0/12
and 192.168.0.0/16.  RFC1918 contains all the details.

-- 
Nathan Norman "Eschew Obfuscation"  Network Engineer
GPG Key ID 1024D/51F98BB7http://home.midco.net/~nnorman/
Key fingerprint = C5F4 A147 416C E0BF AB73  8BEF F0C8 255C 51F9 8BB7


pgpDucNvH1tbn.pgp
Description: PGP signature

Re: ipmasq and howto

2000-03-31 Thread Nathan E Norman 
On Fri, Mar 31, 2000 at 03:14:57PM +0700, Oki DZ wrote:
> 
> 
> On Thu, 30 Mar 2000, matt garman wrote:
> > In other words, having installed ipmasq and other related Debian packages,
> > do I still need to follow all the steps in the howto?
> 
> Yes sure, no package installer would know the setup of your firewall (IP
> numbers, network devices, etc.)

That's not true in this case - the ipmasq package examines your
configuration and creates a default setup that is generally sane.  As
long as you're using RFC1918 addresses on your LAN masquerading will
be setup automatically (even if you're using ppp to connect to the
net!)

Of course, you should check the rules; they're in /etc/ipmasq/rules/

The ipmasq package is without a doubt the easiest way to set up a
fire-walling proxy.  I can think of several instances where I've
literally installed the package and it worked, though I always reboot
right after installing, generally because I've also just installed a
new kernel.  However, when I have noticed problems with the ipmasq
package I've been able to solve most of them by rebooting, or going
single user and then back to runlevel 2.

HTH,

-- 
Nathan Norman "Eschew Obfuscation"  Network Engineer
GPG Key ID 1024D/51F98BB7http://home.midco.net/~nnorman/
Key fingerprint = C5F4 A147 416C E0BF AB73  8BEF F0C8 255C 51F9 8BB7


pgp9QXx0u8jnq.pgp
Description: PGP signature

Re: ipmasq and howto

2000-03-31 Thread Robert Varga 

I just installed ipmasq package on the stock potato kernel.
After this I needed to take out a line from /etc/init.d/network which set
a default route to eth0. 

After it everything went flawlessly.

Robert Varga

On Fri, 31 Mar 2000, Jeff Gordon wrote:

> Hi, Matt --
> 
> On Thu, 30 Mar 2000 17:38:05 -0600, matt garman <[EMAIL PROTECTED]> wrote:
> 
> > Perhaps I'm not making myself clear.  I just want to get IP Masquerading
> > working on my Linux box.  So I read the IP Masquerading howto.  But I
> > believe some steps outlined in the howto would be redundant given the
> > packages I have installed on my computer.
> >
> > In other words, having installed ipmasq and other related Debian packages,
> > do I still need to follow all the steps in the howto?
> 
> The answer seems to be, "Yes...sort of." :-)  See if this helps:
> 
> I've got a dial-up connection, and a 2-station LAN, with my brother's machine 
> needing to dial out through the modem on my machine.  What appears to have 
> been necessary to get this working included these steps:
> 
>  - ipmasq and ipchains are installed;
>  - ip_masquerading is enabled in the kernel -- not sure why, but it wasn't 
> enabled in the 2.2.14 kernel I had, and I had to compile one in which it was 
> enabled.  I think it's possible I might've answered a question during 
> installation that switched masquerading 'off', but I don't know for sure.  
> Whatever -- if you run ipmasq, you'll either get a message about masquerading 
> not being enabled, or you won't, and can go from there.
>  - forwarding policies are set to 'allow' -- the default on these, 
> understandably, is 'deny', so you have to take active steps to get forwarding 
> turned 'on'.  These commands do that across-the-board (leaving you wide open, 
> so this is not a good final state to be in if you're hosting folks with a 
> permanent connection, etc.):
> 
>  ipchains -P input ACCEPT
>  ipchains -P output ACCEPT
>  ipchains -P forward ACCEPT
> 
>  - also do:  
> 
>  echo "1" > /proc/sys/net/ipv4/ip_forward
> 
>  - and, yes:
> 
>  ipchains -A forward -s 10.0.0.30 -j MASQ
> 
> ...with the IP to be masqueraded in place of the 10.0.0.30 I'm showing here.  
> 
> NOTE, all this is about using ipmasq with 2.2.14 and ipchains.  The HOW-TO 
> instructions are (for the moment) confusing about this, since they mention 
> ipfwadm, etc., and only if your eyes haven't yet glazed over do you locate 
> the info at the -bottom- of the HOW-TO that mentions the "new" ipchains.
> 
> Helps...?
> 
>  -- Jeff --   
> 
>  "There's nothing left in the world to prove.  All that's worth doing
>   is to love one another, using whatever means are available to serve."
> 
> 
> 
> -- 
> Unsubscribe?  mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
> 
>

Re: ipmasq and howto

2000-03-31 Thread Jeff Gordon 
Hi, Matt --

On Thu, 30 Mar 2000 17:38:05 -0600, matt garman <[EMAIL PROTECTED]> wrote:

> Perhaps I'm not making myself clear.  I just want to get IP Masquerading
> working on my Linux box.  So I read the IP Masquerading howto.  But I
> believe some steps outlined in the howto would be redundant given the
> packages I have installed on my computer.
>
> In other words, having installed ipmasq and other related Debian packages,
> do I still need to follow all the steps in the howto?

The answer seems to be, "Yes...sort of." :-)  See if this helps:

I've got a dial-up connection, and a 2-station LAN, with my brother's machine 
needing to dial out through the modem on my machine.  What appears to have been 
necessary to get this working included these steps:

 - ipmasq and ipchains are installed;
 - ip_masquerading is enabled in the kernel -- not sure why, but it wasn't 
enabled in the 2.2.14 kernel I had, and I had to compile one in which it was 
enabled.  I think it's possible I might've answered a question during 
installation that switched masquerading 'off', but I don't know for sure.  
Whatever -- if you run ipmasq, you'll either get a message about masquerading 
not being enabled, or you won't, and can go from there.
 - forwarding policies are set to 'allow' -- the default on these, 
understandably, is 'deny', so you have to take active steps to get forwarding 
turned 'on'.  These commands do that across-the-board (leaving you wide open, 
so this is not a good final state to be in if you're hosting folks with a 
permanent connection, etc.):

 ipchains -P input ACCEPT
 ipchains -P output ACCEPT
 ipchains -P forward ACCEPT

 - also do:  

 echo "1" > /proc/sys/net/ipv4/ip_forward

 - and, yes:

 ipchains -A forward -s 10.0.0.30 -j MASQ

...with the IP to be masqueraded in place of the 10.0.0.30 I'm showing here.  

NOTE, all this is about using ipmasq with 2.2.14 and ipchains.  The HOW-TO 
instructions are (for the moment) confusing about this, since they mention 
ipfwadm, etc., and only if your eyes haven't yet glazed over do you locate the 
info at the -bottom- of the HOW-TO that mentions the "new" ipchains.

Helps...?

 -- Jeff --   

 "There's nothing left in the world to prove.  All that's worth doing
  is to love one another, using whatever means are available to serve."

Re: ipmasq and howto

2000-03-31 Thread Oki DZ 


On Thu, 30 Mar 2000, matt garman wrote:
> In other words, having installed ipmasq and other related Debian packages,
> do I still need to follow all the steps in the howto?

Yes sure, no package installer would know the setup of your firewall (IP
numbers, network devices, etc.)

Oki

Re: ipmasq and howto

2000-03-31 Thread Peter Ross 
Install the `ipmasq' package, it will automatically set up IP
Masquerading for you providing the IP addresses you have chosen are
private ie 10.x.x.x or 192.168.0.x or 172.15.x.x where x can be
anything.

On Thu, Mar 30, 2000 at 12:52:23PM -0600, matt garman wrote:
> 
> I read the IP-Masquerading howto and I am confused as to how it relates to
> Debian.  For example, it says I need to get the ipchains and ipfwadm
> packages.  I couldn't find these via a search in dselect.  But I have the
> "ipchains" and "ipfwadm" binaries on my system.  I presume they were
> installed by the ipmasq Debian package (which I installed).
> 
> Also, the IP-Masquerading howto talks about making the rc.firewall script.
> Do I still need to do this, or is that functionality already provided by
> me having the ipmasq package installed?
> 
> In short, what do I need to do as instructed by the howto, and what does
> the ipmasq package take care of automatically?  
> 
> -- 
> Matt Garman, [EMAIL PROTECTED]
> "I was just reading the interview with Korn in _Guitar_World_, and one of
>  the guitarists said they don't play guitar solos because they've been
>  done.  Well, I guess that's true if you stick with what's been done.
>  But you have to look beyond that; there's a lot more left to say on the
>  guitar."  -- Warren Haynes of Gov't Mule
> 
> 
> -- 
> Unsubscribe?  mail -s unsubscribe [EMAIL PROTECTED] < /dev/null

Re: ipmasq and howto

2000-03-31 Thread Pollywog 

On 30-Mar-2000 23:58:12 indra wardhana wrote:
> ipchains and ipfwadm is the same function
> if u are using linux kernel 2.0.x u will using ipfwadm (because linux kernel
> 2.0.x doesn't support ipchains)
> if u are using linux kernel 2.2.x u will using ipchains (ipfwadm still work
> in linux kernel 2.2.x but ipchains is better than ipfwadm)
> if u are using linux kernel 2.4.x u will using nat
> 
I will have to again replace my firewall software when I upgrade to a 2.4.x
kernel?  That is not good :(

I was just getting accustomed to ipchains.

--
Andrew

Re: ipmasq and howto

2000-03-31 Thread indra wardhana 
ipchains and ipfwadm is the same function
if u are using linux kernel 2.0.x u will using ipfwadm (because linux kernel
2.0.x doesn't support ipchains)
if u are using linux kernel 2.2.x u will using ipchains (ipfwadm still work
in linux kernel 2.2.x but ipchains is better than ipfwadm)
if u are using linux kernel 2.4.x u will using nat

-Original Message-
From: matt garman <[EMAIL PROTECTED]>
To: Debian User's List 
Date: Friday, 31 March, 2000 06:50
Subject: Re: ipmasq and howto


>On Thu, Mar 30, 2000 at 11:24:54PM +0100, Oliver Elphick wrote:
>> Well, once you know it is , you can look in /usr/doc/
>> for documentation that ought to explain this. If it's not there,
>> complain to the maintainer (@packages.debian.org), because that
>> sort of thing ought to
>
>Perhaps I'm not making myself clear.  I just want to get IP Masquerading
>working on my Linux box.  So I read the IP Masquerading howto.  But I
>believe some steps outlined in the howto would be redundant given the
>packages I have installed on my computer.
>
>In other words, having installed ipmasq and other related Debian packages,
>do I still need to follow all the steps in the howto?
>
>MG
>
>--
>Matt Garman, [EMAIL PROTECTED]
>"I was just reading the interview with Korn in _Guitar_World_, and one of
> the guitarists said they don't play guitar solos because they've been
> done.  Well, I guess that's true if you stick with what's been done.
> But you have to look beyond that; there's a lot more left to say on the
> guitar."  -- Warren Haynes of Gov't Mule
>
>
>--
>Unsubscribe?  mail -s unsubscribe [EMAIL PROTECTED] <
/dev/null
>
>

Re: ipmasq and howto

2000-03-30 Thread matt garman 
On Thu, Mar 30, 2000 at 11:24:54PM +0100, Oliver Elphick wrote:
> Well, once you know it is , you can look in /usr/doc/
> for documentation that ought to explain this. If it's not there,
> complain to the maintainer (@packages.debian.org), because that
> sort of thing ought to

Perhaps I'm not making myself clear.  I just want to get IP Masquerading
working on my Linux box.  So I read the IP Masquerading howto.  But I
believe some steps outlined in the howto would be redundant given the
packages I have installed on my computer.

In other words, having installed ipmasq and other related Debian packages,
do I still need to follow all the steps in the howto?

MG

-- 
Matt Garman, [EMAIL PROTECTED]
"I was just reading the interview with Korn in _Guitar_World_, and one of
 the guitarists said they don't play guitar solos because they've been
 done.  Well, I guess that's true if you stick with what's been done.
 But you have to look beyond that; there's a lot more left to say on the
 guitar."  -- Warren Haynes of Gov't Mule

Re: ipmasq and howto

2000-03-30 Thread Herbeth de Freitas Vieira 
30/03/00 16:14:04, matt garman <[EMAIL PROTECTED]> wrote:

>On Thu, Mar 30, 2000 at 10:15:38PM +0100, Oliver Elphick wrote:
>>   >I read the IP-Masquerading howto and I am confused as to how it relates to
>>   >Debian.  For example, it says I need to get the ipchains and ipfwadm
>>   >packages.  I couldn't find these via a search in dselect.  But I have the
>>   >"ipchains" and "ipfwadm" binaries on my system.  I presume they were
>>   >installed by the ipmasq Debian package (which I installed).
>> 
>> ipchains is in the netbase package
>> 
>> (This is how you find out:
>>...
>
>Ah, yes...  But in my question what I meant was, In all the steps outlined
>in the IP-Masquerading howto, where does Debian leave off, and where do I
>need to pick up?
>
>MG
>
>-- 
>Matt Garman, [EMAIL PROTECTED]
>"I was just reading the interview with Korn in _Guitar_World_, and one of
> the guitarists said they don't play guitar solos because they've been
> done.  Well, I guess that's true if you stick with what's been done.
> But you have to look beyond that; there's a lot more left to say on the
> guitar."  -- Warren Haynes of Gov't Mule
>
>
>-- 
>Unsubscribe?  mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
>
>
>
>

Re: ipmasq and howto

2000-03-30 Thread Oliver Elphick 
matt garman wrote:
  >On Thu, Mar 30, 2000 at 10:15:38PM +0100, Oliver Elphick wrote:
  >> ipchains is in the netbase package
...
  >Ah, yes...  But in my question what I meant was, In all the steps outlined
  >in the IP-Masquerading howto, where does Debian leave off, and where do I
  >need to pick up?
 
Well, once you know it is , you can look in /usr/doc/ for
documentation that ought to explain this. If it's not there, complain to the
maintainer (@packages.debian.org), because that sort of thing ought to
be documented.

-- 
Oliver Elphick[EMAIL PROTECTED]
Isle of Wight  http://www.lfix.co.uk/oliver
   PGP key from public servers; key ID 32B8FAA1
 
 "But the fruit of the Spirit is love, joy, peace,  
  patience, kindness, goodness, faithfulness,   
  gentleness, self control; against such there is no   
  law."Galatians 5:22,23

Re: ipmasq and howto

2000-03-30 Thread matt garman 
On Thu, Mar 30, 2000 at 10:15:38PM +0100, Oliver Elphick wrote:
>   >I read the IP-Masquerading howto and I am confused as to how it relates to
>   >Debian.  For example, it says I need to get the ipchains and ipfwadm
>   >packages.  I couldn't find these via a search in dselect.  But I have the
>   >"ipchains" and "ipfwadm" binaries on my system.  I presume they were
>   >installed by the ipmasq Debian package (which I installed).
> 
> ipchains is in the netbase package
> 
> (This is how you find out:
>...

Ah, yes...  But in my question what I meant was, In all the steps outlined
in the IP-Masquerading howto, where does Debian leave off, and where do I
need to pick up?

MG

-- 
Matt Garman, [EMAIL PROTECTED]
"I was just reading the interview with Korn in _Guitar_World_, and one of
 the guitarists said they don't play guitar solos because they've been
 done.  Well, I guess that's true if you stick with what's been done.
 But you have to look beyond that; there's a lot more left to say on the
 guitar."  -- Warren Haynes of Gov't Mule

Re: ipmasq and howto

2000-03-30 Thread Oliver Elphick 
matt garman wrote:
  >
  >I read the IP-Masquerading howto and I am confused as to how it relates to
  >Debian.  For example, it says I need to get the ipchains and ipfwadm
  >packages.  I couldn't find these via a search in dselect.  But I have the
  >"ipchains" and "ipfwadm" binaries on my system.  I presume they were
  >installed by the ipmasq Debian package (which I installed).

ipchains is in the netbase package

(This is how you find out:
   [EMAIL PROTECTED] dpkg -S ipchains
   netbase: /usr/share/man/man8/ipchains-restore.8.gz
   netbase: /sbin/ipchains-restore
   netbase: /usr/share/man/man8/ipchains.8.gz
   netbase: /usr/share/man/man8/ipchains-save.8.gz
   netbase: /sbin/ipchains
   netbase: /sbin/ipchains-save
   netbase: /usr/share/doc/netbase/ipchains-quickref.ps.gz
   netbase: /usr/share/doc/netbase/ipchains-HOWTO.txt.gz
   [EMAIL PROTECTED] 
)
-- 
Oliver Elphick[EMAIL PROTECTED]
Isle of Wight  http://www.lfix.co.uk/oliver
   PGP key from public servers; key ID 32B8FAA1
 
 "But the fruit of the Spirit is love, joy, peace,  
  patience, kindness, goodness, faithfulness,   
  gentleness, self control; against such there is no   
  law."Galatians 5:22,23

ipmasq and howto

2000-03-30 Thread matt garman 

I read the IP-Masquerading howto and I am confused as to how it relates to
Debian.  For example, it says I need to get the ipchains and ipfwadm
packages.  I couldn't find these via a search in dselect.  But I have the
"ipchains" and "ipfwadm" binaries on my system.  I presume they were
installed by the ipmasq Debian package (which I installed).

Also, the IP-Masquerading howto talks about making the rc.firewall script.
Do I still need to do this, or is that functionality already provided by
me having the ipmasq package installed?

In short, what do I need to do as instructed by the howto, and what does
the ipmasq package take care of automatically?  

-- 
Matt Garman, [EMAIL PROTECTED]
"I was just reading the interview with Korn in _Guitar_World_, and one of
 the guitarists said they don't play guitar solos because they've been
 done.  Well, I guess that's true if you stick with what's been done.
 But you have to look beyond that; there's a lot more left to say on the
 guitar."  -- Warren Haynes of Gov't Mule