Re: masquerading for internet access
According to Michel Loos on Fri, Nov 16, 2001 at 09:54:53PM -0200: I thought this would just work out of the box :( It works out of the box if eth0 is external and eth1 is local. In your case you have to modify the 00Interfaces(?sp I use iptables now) file in order to switch external and internal ethernet cards. that did not work for me - but this entry in modules.conf did: ### update-modules: start processing /etc/modutils/ethernet alias eth0 rtl8139 alias eth1 3c59x Now I have the eth0 pointing to the cable modem and eth1 to the lan as suggested. But I still get this kernel pollution from ipmasq: Packet log: input DENY eth0 PROTO=2 62.108.30.1:65535 224.0.0.1:65535 L=28 S=0xC0 I=33568 F=0x T=1 (#9) Packet log: input DENY eth0 PROTO=2 62.108.30.1:65535 224.0.0.1:65535 L=28 S=0xC0 I=34426 F=0x T=1 (#9) whats up? -- Eric Smith
Re: masquerading for internet access
On Sat, 2001-11-17 at 08:36, Eric Smith wrote: According to Michel Loos on Fri, Nov 16, 2001 at 09:54:53PM -0200: I thought this would just work out of the box :( It works out of the box if eth0 is external and eth1 is local. In your case you have to modify the 00Interfaces(?sp I use iptables now) file in order to switch external and internal ethernet cards. that did not work for me - but this entry in modules.conf did: ### update-modules: start processing /etc/modutils/ethernet alias eth0 rtl8139 alias eth1 3c59x the file I talked of was not /etc/network/interfaces, but the ipmasq/rules/something interfaces Now I have the eth0 pointing to the cable modem and eth1 to the lan as suggested. But I still get this kernel pollution from ipmasq: Packet log: input DENY eth0 PROTO=2 62.108.30.1:65535 224.0.0.1:65535 L=28 S=0xC0 I=33568 F=0x T=1 (#9) Packet log: input DENY eth0 PROTO=2 62.108.30.1:65535 224.0.0.1:65535 L=28 S=0xC0 I=34426 F=0x T=1 (#9) whats up? IPmasq does also, out of the box, some elementary firewall work. From your examples I suppose 62.108.30.1 is your own machine, which tries to access 224.0.0.1 passing through eth0 on input which is (correctly) refused since only the access from world to your own IP and loopback are authorized. Did you define your loopback as 224.0.0.1 instead of 127.0.0.1 ? that rule is somewhere in *spoof* file in /etc/ipmasq/rules MIchel.
Re: masquerading for internet access
On Sat, 2001-11-17 at 08:36, Eric Smith wrote: According to Michel Loos on Fri, Nov 16, 2001 at 09:54:53PM -0200: I thought this would just work out of the box :( It works out of the box if eth0 is external and eth1 is local. In your case you have to modify the 00Interfaces(?sp I use iptables now) file in order to switch external and internal ethernet cards. that did not work for me - but this entry in modules.conf did: ### update-modules: start processing /etc/modutils/ethernet alias eth0 rtl8139 alias eth1 3c59x Now I have the eth0 pointing to the cable modem and eth1 to the lan as suggested. But I still get this kernel pollution from ipmasq: Packet log: input DENY eth0 PROTO=2 62.108.30.1:65535 224.0.0.1:65535 L=28 S=0xC0 I=33568 F=0x T=1 (#9) Packet log: input DENY eth0 PROTO=2 62.108.30.1:65535 224.0.0.1:65535 L=28 S=0xC0 I=34426 F=0x T=1 (#9) whats up? Sorry my first answer was wrong. 224.0.0.1 is multicasting, which seems to be blocked by the firewall part of ipmasq. If you use it you can accept multicasting with the appropriate ipchains command for the input chain. Michel.
Re: masquerading for internet access
On Sat, Nov 17, 2001 at 11:36:31AM +0100, Eric Smith wrote: According to Michel Loos on Fri, Nov 16, 2001 at 09:54:53PM -0200: I thought this would just work out of the box :( that did not work for me - but this entry in modules.conf did: ### update-modules: start processing /etc/modutils/ethernet alias eth0 rtl8139 alias eth1 3c59x Now I have the eth0 pointing to the cable modem and eth1 to the lan as suggested. If you are using debian pre-compiled 2.4 Kernel like me, you need to enable quite a bit more modules to get ipmasq to work. Tricky. I have followings in /etc/modules # net/ipv-4 ip_gre ipip # net/ipv-4/netfilter # iptable (in order) ip_tables ip_conntrack ip_conntrack_ftp iptable_nat iptable_filter iptable_mangle # ip_nat_ftp ip_queue # ipt_LOG ipt_MARK ipt_MASQUERADE ipt_MIRROR ipt_REDIRECT ipt_REJECT ipt_TCPMSS ipt_TOS ipt_limit ipt_mac ipt_mark ipt_multiport ipt_owner ipt_state ipt_tcpmss ipt_tos ipt_unclean # ipchains ipfwadm # Cheers ;-) -- ~\^o^/~~~ ~\^.^/~~~ ~\^*^/~~~ ~\^_^/~~~ ~\^+^/~~~ ~\^:^/~~~ ~\^v^/~~~ + Osamu Aoki [EMAIL PROTECTED], GnuPG-key: 1024D/D5DE453D + + My debian quick-reference, http://www.aokiconsulting.com/quick/+
masquerading for internet access
I am on unstable and trying to give a client machine internet access. eth1 on the server gets internet access via cable modem via dhcpcd and the eth0 to the local LAN. The client and server communicate fine but the client does not get internet access. Also the default ipmasq installation results in the following kernel messages Packet log: output DENY tap0 PROTO=17 192.168.0.1:1025 62.108.1.65:53 L=61 S=0x00 I=45 F=0x T=64 (#2) Packet log: input DENY eth1 PROTO=2 62.108.30.1:65535 224.0.0.1:65535 L=28 S=0xC0 I=15219 F=0x T=1 (#9) I thought this would just work out of the box :( -- Eric Smith
Re: masquerading for internet access
On Fri, 2001-11-16 at 21:41, Eric Smith wrote: I am on unstable and trying to give a client machine internet access. eth1 on the server gets internet access via cable modem via dhcpcd and the eth0 to the local LAN. The client and server communicate fine but the client does not get internet access. Also the default ipmasq installation results in the following kernel messages Packet log: output DENY tap0 PROTO=17 192.168.0.1:1025 62.108.1.65:53 L=61 S=0x00 I=45 F=0x T=64 (#2) Packet log: input DENY eth1 PROTO=2 62.108.30.1:65535 224.0.0.1:65535 L=28 S=0xC0 I=15219 F=0x T=1 (#9) I thought this would just work out of the box :( It works out of the box if eth0 is external and eth1 is local. In your case you have to modify the 00Interfaces(?sp I use iptables now) file in order to switch external and internal ethernet cards. Michel.
Re: masquerading for internet access - swopping eth0 and eth1
According to Michel Loos on Fri, Nov 16, 2001 at 09:54:53PM -0200: On Fri, 2001-11-16 at 21:41, Eric Smith wrote: I am on unstable and trying to give a client machine internet access. eth1 on the server gets internet access via cable modem via dhcpcd and the eth0 to the local LAN. The client and server communicate fine but the client does not get internet access. Also the default ipmasq installation results in the following kernel messages Packet log: output DENY tap0 PROTO=17 192.168.0.1:1025 62.108.1.65:53 L=61 S=0x00 I=45 F=0x T=64 (#2) Packet log: input DENY eth1 PROTO=2 62.108.30.1:65535 224.0.0.1:65535 L=28 S=0xC0 I=15219 F=0x T=1 (#9) I thought this would just work out of the box :( It works out of the box if eth0 is external and eth1 is local. In your case you have to modify the 00Interfaces(?sp I use iptables now) file in order to switch external and internal ethernet cards. Oh, So I adapted one of the given examples thusly: auto eth0 eth1 iface eth0 inet dhcp pre-up /usr/share/doc/ifupdown/examples/check-mac-address.sh eth0 00:50:Fc:43:Cd:F0 up /etc/init.d/ipmasq start iface eth1 inet static pre-up /usr/share/doc/ifupdown/examples/check-mac-address.sh eth1 00:50:04:11:F3:EB address 192.168.0.1 netmask 255.255.255.0 up /sbin/dhcpcd But still cannot switch the cards after a reboot. Anything wrong with the above? -- Eric Smith