REALLY Need HELP with IP Masq

REALLY Need HELP with IP Masq

Post by Brian Davi » Wed, 14 Oct 1998 04:00:00



Hi,
Pleae read the whole thing, I know that it is long but I really need help.

    I have been working for days trying to get IP Masquerading up and
running on my machine.  I cannot get it running and I have no idea what the
problem can be at this point.

Here is a list of what I have done up until now:

1. Compiled Kernel 2.0.35 to support 2 3Com 3C509 Ethernet cards.  Said yes
instead of module when doing "make config" to load the drivers in the kernel
and not as modules so I can use both at the same time.

2.  As part of step one, compiled in all of the masquerading options.

3. I have DHCP get an address for my external (eth0) interface, this works
fine.

4. I have a private address on the internal (eth1) interface and on my pc.

5a. I can ping the internal interface from the PC.
5b. I can ping the external interface from the PC.

6. I then played with ipfwadm to set up the masquerading and forwarding
rules.  At one point I got so frustrated that I turned on all outgoing and
incoming rules to default to accept everything.

7.  I put the forwarding rule as follows:
ipfwadm -F -a m -W eth0 -S 192.168.1.0/24

This does not work.  When I try to ping something on the internet, I get
"Request timed out".  The packet count from the ipfwadm -F -l -e does not
increase at all.  It is like the forwarding rule is not even seeing the
packets.  When I do a tcpdump on eth1, all of the packets are indeed coming
into the interface.

What can I do at this point?  Does anyone know if this can be solved?  Do I
have to "turn on" IP Masqerading some how.  Is there some way to verfiy that
do indeed have it in the kernel and running.

Please help me out,
Brian

 
 
 

REALLY Need HELP with IP Masq

Post by Adam » Wed, 14 Oct 1998 04:00:00


ipfwadm -F -i masquerade -S 192.168.1.0/24 -D 0.0.0.0/0

The *internal* (i.e. 192.168) address of your linux machine needs to be set
as the default gateway on your other computer.  If you can ping the
*external* address, then your masquerading is working.

did you enable ICMP Masquerading in the kernel?  If not, then I don't think
you'll be able to ping or traceroute.  Have you tried hitting a web site?

look at http://www.flounder.net/firewalling.txt

--Adam
--

Quality domain hosting from $10/month
http://www.virtual-estate.net

:Hi,
:Pleae read the whole thing, I know that it is long but I really need help.
:
:    I have been working for days trying to get IP Masquerading up and
:running on my machine.  I cannot get it running and I have no idea what the
:problem can be at this point.
:

 
 
 

REALLY Need HELP with IP Masq

Post by Rod Roar » Thu, 15 Oct 1998 04:00:00


You didn't way which Linux distribution you have.  With Red Hat,
/etc/sysconfig/network should have FORWARD_IPV4=true.

-- Rod
----------------------------------------------------------------------
Sunset Systems                         Home of the $500 Linux Computer
http://www.sunsetsystems.com/

----------------------------------------------------------------------


>Hi,
>Pleae read the whole thing, I know that it is long but I really need help.
>    I have been working for days trying to get IP Masquerading up and
>running on my machine.  I cannot get it running and I have no idea what the
>problem can be at this point.
>Here is a list of what I have done up until now:
>1. Compiled Kernel 2.0.35 to support 2 3Com 3C509 Ethernet cards.  Said yes
>instead of module when doing "make config" to load the drivers in the kernel
>and not as modules so I can use both at the same time.
>2.  As part of step one, compiled in all of the masquerading options.
>3. I have DHCP get an address for my external (eth0) interface, this works
>fine.
>4. I have a private address on the internal (eth1) interface and on my pc.
>5a. I can ping the internal interface from the PC.
>5b. I can ping the external interface from the PC.
>6. I then played with ipfwadm to set up the masquerading and forwarding
>rules.  At one point I got so frustrated that I turned on all outgoing and
>incoming rules to default to accept everything.
>7.  I put the forwarding rule as follows:
>ipfwadm -F -a m -W eth0 -S 192.168.1.0/24
>This does not work.  When I try to ping something on the internet, I get
>"Request timed out".  The packet count from the ipfwadm -F -l -e does not
>increase at all.  It is like the forwarding rule is not even seeing the
>packets.  When I do a tcpdump on eth1, all of the packets are indeed coming
>into the interface.
>What can I do at this point?  Does anyone know if this can be solved?  Do I
>have to "turn on" IP Masqerading some how.  Is there some way to verfiy that
>do indeed have it in the kernel and running.
>Please help me out,
>Brian

 
 
 

REALLY Need HELP with IP Masq

Post by Todd A. Woo » Thu, 15 Oct 1998 04:00:00


Here is what I did to get IP Masq working for me on RH5.1:

# IP Forwarding is enabled
# echo "1" > /proc/sys/net/ipv4/ip_forward
# ipfwadm -F -p deny
# ipfwadm -F -a m -S 192.10.10.0/24 -D 0.0.0.0/0
  ________
 /        \
< Internet >
 \________/
    |
    | ppp0
    |
+---^----------------+             +--------------------+
| Linux (Red Hat 5.1)|             |  Linux/Windoze 95  |
|                    |_____________|                    |
| ppp0: Dynamic IP   | 192.10.10.0 | eth0: 192.10.10.20 |
| eth0: 192.10.10.20 |   (eth0)    |                    |
+--------------------+             +--------------------+

Sincerely,
Todd A. Wood


> You didn't way which Linux distribution you have.  With Red Hat,
> /etc/sysconfig/network should have FORWARD_IPV4=true.

> -- Rod
> ----------------------------------------------------------------------
> Sunset Systems                         Home of the $500 Linux Computer
> http://www.sunsetsystems.com/

> ----------------------------------------------------------------------


> >Hi,
> >Pleae read the whole thing, I know that it is long but I really need help.

> >    I have been working for days trying to get IP Masquerading up and
> >running on my machine.  I cannot get it running and I have no idea what the
> >problem can be at this point.

 
 
 

REALLY Need HELP with IP Masq

Post by Todd A. Woo » Thu, 15 Oct 1998 04:00:00


Oops... I should proof read more
Windoze box is 192.10.10.10

> Here is what I did to get IP Masq working for me on RH5.1:

> # IP Forwarding is enabled
> # echo "1" > /proc/sys/net/ipv4/ip_forward
> # ipfwadm -F -p deny
> # ipfwadm -F -a m -S 192.10.10.0/24 -D 0.0.0.0/0
>   ________
>  /        \
> < Internet >
>  \________/
>     |
>     | ppp0
>     |
> +---^----------------+             +--------------------+
> | Linux (Red Hat 5.1)|             |  Linux/Windoze 95  |
> |                    |_____________|                    |
> | ppp0: Dynamic IP   | 192.10.10.0 | eth0: 192.10.10.10 |
> | eth0: 192.10.10.20 |   (eth0)    |                    |
> +--------------------+             +--------------------+

 
 
 

REALLY Need HELP with IP Masq

Post by Chri » Fri, 16 Oct 1998 04:00:00


What is IP Masquerading?
From the name, it sounds to me like it's a 'thing?' that does not show your real
IP to anyone wanting to know

> Hi,
> Pleae read the whole thing, I know that it is long but I really need help.

>     I have been working for days trying to get IP Masquerading up and
> running on my machine.  I cannot get it running and I have no idea what the
> problem can be at this point.

> Here is a list of what I have done up until now:

> 1. Compiled Kernel 2.0.35 to support 2 3Com 3C509 Ethernet cards.  Said yes
> instead of module when doing "make config" to load the drivers in the kernel
> and not as modules so I can use both at the same time.

> 2.  As part of step one, compiled in all of the masquerading options.

> 3. I have DHCP get an address for my external (eth0) interface, this works
> fine.

> 4. I have a private address on the internal (eth1) interface and on my pc.

> 5a. I can ping the internal interface from the PC.
> 5b. I can ping the external interface from the PC.

> 6. I then played with ipfwadm to set up the masquerading and forwarding
> rules.  At one point I got so frustrated that I turned on all outgoing and
> incoming rules to default to accept everything.

> 7.  I put the forwarding rule as follows:
> ipfwadm -F -a m -W eth0 -S 192.168.1.0/24

> This does not work.  When I try to ping something on the internet, I get
> "Request timed out".  The packet count from the ipfwadm -F -l -e does not
> increase at all.  It is like the forwarding rule is not even seeing the
> packets.  When I do a tcpdump on eth1, all of the packets are indeed coming
> into the interface.

> What can I do at this point?  Does anyone know if this can be solved?  Do I
> have to "turn on" IP Masqerading some how.  Is there some way to verfiy that
> do indeed have it in the kernel and running.

> Please help me out,
> Brian

 
 
 

REALLY Need HELP with IP Masq

Post by Richard S. Lumpki » Fri, 16 Oct 1998 04:00:00



> What is IP Masquerading?
> From the name, it sounds to me like it's a 'thing?' that does not show your real
> IP to anyone wanting to know

Simplistically, it is hiding a local network behind a single address, so
that multiple machines make take advantage of a single network
connection/address.  The details and a less simplistic explanation can
be found at:

http://sunsite.unc.edu/LDP/HOWTO/mini/IP-Masquerade.html

------------------------------------------------------------------------
Richard S. Lumpkin, Ph.D.                            Associate Professor
Department of Chemistry                                     256-890-6365
University of Alabama in Huntsville                     fax 256-890-6349
Huntsville, AL 35899                          http://chromophore.uah.edu
------------------------------------------------------------------------

 
 
 

REALLY Need HELP with IP Masq

Post by Matt Hughe » Tue, 20 Oct 1998 04:00:00


    I have IP Masq setup to pass packets to a cable modem. Two 3com 509s, except
my eth0 is the internal card and eth1 is the external card.

My eth0 is setup as follows (rc.inet1):
ifconfig eth0 $192.168.1.1 broadcast 192.168.1.255 netmask 255.255.255.0
route add -net 192.168.1.0 netmask 255.255.255.0 eth0

I use dhcpcd to configure and route the second card from a server on the other
side of the cable modem (look at the dhcp HOWTO):
dhcpcd eth1

My ipfwadm rules are:
ipfwadm -F -p deny
ifpwadm -F -a m -b 192.168.1.0/24 -D 0.0.0.0/0

Maybe you just need to add the -D destination part. This is a shot in the dark,
but you copied the rebuilt kernel from /usr/src/linux/arch/i386/boot/compressed
to your root directory and reconfigured LILO to load it right? (Assuming your
using LILO)

I don't know if this will help any, but that's my two bits.

Matt Hughes


> Hi,
> Pleae read the whole thing, I know that it is long but I really need help.

>     I have been working for days trying to get IP Masquerading up and
> running on my machine.  I cannot get it running and I have no idea what the
> problem can be at this point.

> Here is a list of what I have done up until now:

> 1. Compiled Kernel 2.0.35 to support 2 3Com 3C509 Ethernet cards.  Said yes
> instead of module when doing "make config" to load the drivers in the kernel
> and not as modules so I can use both at the same time.

> 2.  As part of step one, compiled in all of the masquerading options.

> 3. I have DHCP get an address for my external (eth0) interface, this works
> fine.

> 4. I have a private address on the internal (eth1) interface and on my pc.

> 5a. I can ping the internal interface from the PC.
> 5b. I can ping the external interface from the PC.

> 6. I then played with ipfwadm to set up the masquerading and forwarding
> rules.  At one point I got so frustrated that I turned on all outgoing and
> incoming rules to default to accept everything.

> 7.  I put the forwarding rule as follows:
> ipfwadm -F -a m -W eth0 -S 192.168.1.0/24

> This does not work.  When I try to ping something on the internet, I get
> "Request timed out".  The packet count from the ipfwadm -F -l -e does not
> increase at all.  It is like the forwarding rule is not even seeing the
> packets.  When I do a tcpdump on eth1, all of the packets are indeed coming
> into the interface.

> What can I do at this point?  Does anyone know if this can be solved?  Do I
> have to "turn on" IP Masqerading some how.  Is there some way to verfiy that
> do indeed have it in the kernel and running.

> Please help me out,
> Brian

 
 
 

REALLY Need HELP with IP Masq

Post by C. Abn » Fri, 30 Oct 1998 04:00:00



Quote:> Windoze box is 192.10.10.10

Isn't 192.10.* a valid range of addresses for the internet?  If so,
you may be blocking access of some sites to your network.

The networking howto clarifies this (I'm in too much of a hurry to
nail it down right now, myself.)

-C
--
Internet Service Providers:  MAKE MONEY FAST!!!!!!! TOTALLY LEGAL!
Collect UCE/UBE from your users, and $50 per incidence!
Offer only good in California, Nevada, and Washington.       -C. Abney

 
 
 

1. IP Masq'd Workstation to connect to IP Masq'd Workstation

I have setup my Linux Box with IPMasq. Everything runs fine from my win box
behind the proxy. Now I just encountered a problem. I have tried to connect
to an ftp server that is behind NAT server which are both on winboxs

------------              -------------                   ------------      
        ------------------
|                 |             | IP Masq    |   Internet    |   NAT       |
| Win workstation |
| Win         |---------|    Linux      |------------|    Sygate
|---------|    FTP                |
|                 |             |   Proxy      |   Internet    |    Win box
|              | server                |
------------              -------------                   -------------    
        ------------------

I can't seem to connect to the FTP even when the FTP Client is set to
passive mode. Does anyone know whether there is anything I can do on my side
of the connection such as reconfiguring my Linux Box to fwd properly?

2. miata sound card

3. IP Masq - Specify IP to Masq as?

4. Printing sideways

5. Newbie needs help w/ IP MASQ

6. How to customize sound - volume settings that startup...

7. IP Masq and ftp help needed

8. system.fvwm2rc under RHL 5.0

9. tcp/ip problem - REALLY NEED HELP!

10. Linux-D3 IP address woes...Really need HELP

11. I need some help with IP MASQ

12. Help needed on IP Masq

13. Newbie needs help with PPP and IP-Masq