Hi everyone.
As I am using the mentioned configuration (RedHat 5.2 with kernel 2.0.36) I
gave this a try and my results seem to backup what Michele is saying:
BEFORE pinging I typed in the following two commands and got the expected
response:
> ipfwadm -M -l
IP masquerading entries
prot expire source destination ports
tcp 09:59.26 192.168.100.5 ftp.univie.ac.at 1318 (61067) -> ftp
udp 01:48.42 192.168.100.5 icq.mirabilis.com 1333 (61079) -> 4000
> ./netstat -M
IP masquerading entries
prot expire source destination ports
tcp 9:50.08 192.168.100.5 ftp.univie.ac.at 1318 -> ftp (61067)
udp 1:59.36 192.168.100.5 icq.mirabilis.com 1333 -> 4000 (61079)
(192.168.100.5 ist the masqueraded machine, 192.168.100.1 would be my linux
box)
THEN I did a "ping www.linux.org" on my internal machine and got the following
results:
> ipfwadm -M -l
IP masquerading entries
ipfwadm: unexpected input data
Try `ipfwadm -h' for more information.
> ./netstat -M
masq_info.c: Internal Error `ip_masquerade unknown type'.
I have encountered the "ipfwadm: unexpected input data" error before, but never
new what caused it. Now it seems that does indeed indicate nothing else but a
masqueraded ICMP entry.
After waiting a while (presumably until the ICMP entry expired) I got "normal"
results out of the above commands again.
Robert.
------------------------------------------------------------
Robert Wunderer
mailto:[EMAIL PROTECTED]
http://www.fait.at
------------------------------------------------------------
On Thursday, February 11, 1999 10:11 AM, Michele Nicosia
[SMTP:[EMAIL PROTECTED]] wrote:
> Anyone in this list using kernel 2.0.35/36 can do a ping to some site to
> internet, and for the linux masquerade server can do a netstat -M ??? what
> do it report??? if it come up with an error it si like me, if it report
> nothing the icmp masquerading isn't working, if it come up with somthing
> like this:
> IP masquerading entries
> prot expire source destination ports
> tcp 1:59.98 Itamik.altro.it venere.inet.it 1075 -> nntp
> (61233)
>
> naturally the prot field would be better to be icmp, but from my machine i
> can see only tcp or udp entry.
> The icmp works, i reach the site and can see the reply, but net-tools are
> offended for this thing.
>
>
> Bye
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> For daily digest info, email [EMAIL PROTECTED]
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
