[resolved] my problems with ip-masquerade
Hi! At last I have resolved my problems.. an entire weekend checking my kernel, my routes.. etc.. and at the end: * It was a problem with my gateway's network card! I was reusing an old ne-2000 ISA clone and I suspect the newers pci cards were much more efficient taking control over my cable (I am using BNC it is an small LAN by now) so the channel hosts-gateway were fast while the gateway-hosts were completely inefficient.. Take care with this See you!! ip-masquerade its working GREAT now!! :) Regards Roberto Roberto Diaz [EMAIL PROTECTED] http://vivaldi.dhis.org Powered by GNU running on a Linux kernel. Powered by Debian (The real wonder) Concerto Grosso Op. 3/8 A minor Antonio Vivaldi (so... do you need beautiful words?)
problems with ip masquerade
Hi! I have configured a linux box as a router for my home LAN using ip-masquerade but now I am having some problems. My configuration: * 486/100Mhz 16 Mbytes ram debian potato as a router * 56 k modem ppp link (it works fine from the router) * Kernel 2.2.17 recompiled according to IP-Masquerade-HOWTO * rules configured using pmfirewall they look like this: (62.83.136.124 here is a dynamic dialup ip) Chain input (policy ACCEPT): target prot opt sourcedestination ports ACCEPT all -- 0.0.0.0/00.0.0.0/0 n/a ACCEPT tcp !y 0.0.0.0/062.83.136.124 * - * DENY all -- 10.0.0.0/8 62.83.136.124 n/a DENY all -- 127.0.0.0/8 62.83.136.124 n/a DENY all -- 172.16.0.0/1262.83.136.124 n/a DENY all -- 192.168.0.0/16 62.83.136.124 n/a DENY tcp l- 0.0.0.0/062.83.136.124 * - 31337 DENY udp l- 0.0.0.0/062.83.136.124 * - 31337 DENY tcp l- 0.0.0.0/062.83.136.124 * - 12345:12346 DENY udp l- 0.0.0.0/062.83.136.124 * - 12345:12346 DENY tcp l- 0.0.0.0/062.83.136.124 * - 1524 DENY tcp l- 0.0.0.0/062.83.136.124 * - 27665 DENY udp l- 0.0.0.0/062.83.136.124 * - 27444 DENY udp l- 0.0.0.0/062.83.136.124 * - 31335 DENY all -- 224.0.0.0/8 0.0.0.0/0 n/a DENY all -- 0.0.0.0/0224.0.0.0/8 n/a ACCEPT udp -- 0.0.0.0/00.0.0.0/0 * - 67:68 ACCEPT tcp -- 0.0.0.0/062.83.136.124 * - 22 ACCEPT tcp -- 0.0.0.0/062.83.136.124 * - 25 ACCEPT tcp -- 0.0.0.0/062.83.136.124 * - 80 ACCEPT tcp -- 192.168.10.0/24 62.83.136.124 * - 110 ACCEPT tcp -- 0.0.0.0/062.83.136.124 * - 113 ACCEPT udp -- 0.0.0.0/062.83.136.124 * - 113 ACCEPT tcp -- 0.0.0.0/062.83.136.124 * - 123 ACCEPT udp -- 0.0.0.0/062.83.136.124 * - 123 DENY tcp -- 0.0.0.0/00.0.0.0/0 * - 137:139 DENY udp -- 0.0.0.0/00.0.0.0/0 * - 137:139 REJECT udp -- 0.0.0.0/00.0.0.0/0 * - 520 DENY tcp l- 0.0.0.0/00.0.0.0/0 * - 2049 DENY udp l- 0.0.0.0/00.0.0.0/0 * - 2049 DENY tcp -- 0.0.0.0/00.0.0.0/0 * - 5999:6003 DENY udp -- 0.0.0.0/00.0.0.0/0 * - 5999:6003 ACCEPT all -- 192.168.10.0/24 0.0.0.0/0 n/a ACCEPT icmp -- 0.0.0.0/062.83.136.124 * - * ACCEPT tcp -- 0.0.0.0/062.83.136.124 * - 1023:65535 ACCEPT udp -- 0.0.0.0/062.83.136.124 * - 1023:65535 DENY all l- 0.0.0.0/00.0.0.0/0 n/a Chain forward (policy DENY): target prot opt sourcedestination ports ACCEPT all -- 192.168.10.0/24 192.168.10.0/24 n/a ACCEPT all -- 62.83.136.1240.0.0.0/0 n/a MASQ all -- 192.168.10.0/24 0.0.0.0/0 n/a Chain output (policy ACCEPT): target prot opt sourcedestination ports ACCEPT all -- 0.0.0.0/00.0.0.0/0 n/a ACCEPT all -- 192.168.10.0/24 0.0.0.0/0 n/a - tcp -- 0.0.0.0/00.0.0.0/0 * - 80 - tcp -- 0.0.0.0/00.0.0.0/0 * - 22 - tcp -- 0.0.0.0/00.0.0.0/0 * - 23 - tcp -- 0.0.0.0/00.0.0.0/0 * - 21 - tcp -- 0.0.0.0/00.0.0.0/0 * - 110 - tcp -- 0.0.0.0/00.0.0.0/0 * - 25 - tcp -- 0.0.0.0/00.0.0.0/0 * - 20 ACCEPT icmp -- 192.168.10.0/24 0.0.0.0/0 * - * ACCEPT icmp -- 62.83.136.1240.0.0.0/0 * - * ACCEPT all -- 0.0.0.0/00.0.0.0/0 n/a Well sorry it is long I know... My problem is that although ip-masquerading is working I have timeouts for both www and ftp now it is quite painfull to make an apt-upgrade from a masqued machine (it works but with a lot of timeouts) My mtu/mru is set to 1500. the router linux box is an old 486/100Mhz 16 Mbytes ram I understood
