Help! IP-Masquerade not working, but ICMP does?!?

Help! IP-Masquerade not working, but ICMP does?!?

Post by Paul Chattaw » Thu, 22 Jan 1998 04:00:00



I've been at this for days now, and could really use some help right
about now.  I've checked all the relevant news groups, and done a
search on DejaNews, as well as read the relevant docs, and either I
missed the answer due to lack of caffeine, or this is a unique
problem.

I'm attempting to do away with WinGate by setting up a Linux gateway
on my LAN.  I've gotten past all the hurdles like setting up multiple
ethernet cards and strange SCSI controllers, but IP-Masquerading
refuses to be beaten.  I've followed all the steps in the howto,
compiled the kernel with the necessary options, and it just won't
budge.

However, there is one odd thing: I can ping internet hosts through the
gateway from my LAN.  DNS lookups also appear to be working, but none
of the other protocols get through.  And another thing I've noticed,
which may or may not be related, is that FTPing into the linux box
from the LAN takes forever, but does work in the end (I don't think
it's a DNS problem, I'm using IP addresses, not host names when
FTPing).

The configuration is as follows:
Cable modem with static IP feeding into a linux box.
Linux box is a P133 with 48MB/RAM, DECchip DS21041, and KTI ET32/Px
Linux box is using Slackware 3.4, kernel 2.0.33, anything even
remotely related to TCP/IP networking and IP-Masquerading enabled.
The Linux box can access both the internet and the intranet.
The intranet can access the linux box (although somewhat flakily,
judging by the FTP performance).
ipfwadm is setup according to the mini-howto
route -n lists both ethernet cards' IP addresses, and a default
gateway is specified.
And, as mentioned before, ICMP packets are somehow getting through the
linux box.

If any of you have any hints/tips, please email them to:


              http://home.bc.rogers.wave.ca/daybreak/lab/        \ | /
------------------------------------------------------------------ * -
        It's called the miracle of modern communications only    / | \
          because nothing modern is supposed to be a curse.

 
 
 

Help! IP-Masquerade not working, but ICMP does?!?

Post by Meelis Roo » Thu, 22 Jan 1998 04:00:00


Quote:> And another thing I've noticed,
> which may or may not be related, is that FTPing into the linux box
> from the LAN takes forever, but does work in the end (I don't think
> it's a DNS problem, I'm using IP addresses, not host names when
> FTPing).

Still - it's a DNS issue. The linux box wants to do a reverse lookup
of the client host to determine where the connection came from. At first,
you may do with /etc/hosts to solve that.

--

                        www:    http://www.cs.ut.ee/~mroos/

 
 
 

Help! IP-Masquerade not working, but ICMP does?!?

Post by Buddy VanBru » Fri, 23 Jan 1998 04:00:00


I have set up ip masquerading many times with no problems.  I would first
suspect your routing...  try some traceroutes and see what happens.



>I've been at this for days now, and could really use some help right
>about now.  I've checked all the relevant news groups, and done a
>search on DejaNews, as well as read the relevant docs, and either I
>missed the answer due to lack of caffeine, or this is a unique
>problem.

>I'm attempting to do away with WinGate by setting up a Linux gateway
>on my LAN.  I've gotten past all the hurdles like setting up multiple
>ethernet cards and strange SCSI controllers, but IP-Masquerading
>refuses to be beaten.  I've followed all the steps in the howto,
>compiled the kernel with the necessary options, and it just won't
>budge.

>However, there is one odd thing: I can ping internet hosts through the
>gateway from my LAN.  DNS lookups also appear to be working, but none
>of the other protocols get through.  And another thing I've noticed,
>which may or may not be related, is that FTPing into the linux box
>from the LAN takes forever, but does work in the end (I don't think
>it's a DNS problem, I'm using IP addresses, not host names when
>FTPing).

>The configuration is as follows:
>Cable modem with static IP feeding into a linux box.
>Linux box is a P133 with 48MB/RAM, DECchip DS21041, and KTI ET32/Px
>Linux box is using Slackware 3.4, kernel 2.0.33, anything even
>remotely related to TCP/IP networking and IP-Masquerading enabled.
>The Linux box can access both the internet and the intranet.
>The intranet can access the linux box (although somewhat flakily,
>judging by the FTP performance).
>ipfwadm is setup according to the mini-howto
>route -n lists both ethernet cards' IP addresses, and a default
>gateway is specified.
>And, as mentioned before, ICMP packets are somehow getting through the
>linux box.

>If any of you have any hints/tips, please email them to:


>              http://home.bc.rogers.wave.ca/daybreak/lab/        \ | /
>------------------------------------------------------------------ * -
>        It's called the miracle of modern communications only    / | \
>          because nothing modern is supposed to be a curse.

 
 
 

Help! IP-Masquerade not working, but ICMP does?!?

Post by Tim Spen » Fri, 23 Jan 1998 04:00:00


What exactly are you trying to do that doesn't work? How about posting the
output of: ifconfig, netstat -r, ipfwadm -F -l, ipfwadm -O -l, ipfwadm -I -l.
Also, some configuration info on the clients would be helpful. IP addresses,
etc.

Tim Spence

 
 
 

Help! IP-Masquerade not working, but ICMP does?!?

Post by Paul Chattaw » Sat, 24 Jan 1998 04:00:00


Just to let you all know that I've finally straightened things out.
Many thanks to all those who gave me help and advice!

For the record, if anyone should ever experience similar symptoms,
here's what the problem actually was:

1. Trumpet Winsock on the Win3.1 client was configured to use a
firewall on an IP address that didn't even exist on my network (I have
no idea how this happened).  This was killing most protocols, and was
responsible for the sluggish FTP performance.  The strange thing is,
it worked with WinGate (don't ask me how, even when WinGate is running
that IP address still doesn't exist).

2. Netscape has a * little bug: Even if you select "No Proxy"
under network options, if there is *anything* entered in "Manual
Proxy", it will go ahead and try to use a proxy.  The only cure is to
clear all fields under Manual Proxy, and then select No Proxy.

Anyway, everything's just flying now.  Thanks again!

Cheers,


              http://www.veryComputer.com/;      \ | /
------------------------------------------------------------------ * -
        It's called the miracle of modern communications only    / | \
          because nothing modern is supposed to be a curse.

 
 
 

Help! IP-Masquerade not working, but ICMP does?!?

Post by Marco Angles » Sat, 24 Jan 1998 04:00:00



>However, there is one odd thing: I can ping internet hosts through the gateway
>from my LAN.  DNS lookups also appear to be working, but none of the other
>protocols get through.  And another thing I've noticed, which may or may not be
>related, is that FTPing into the linux box from the LAN takes forever, but does
>work in the end.  Whether I'm trying to connect, retrieve a directory listing,
>or transfer a file, it will sit there for 20 seconds before doing anything. (I
>don't think it's a DNS problem, my host.conf and hosts files are setup
>correctly).

Have you explicitly (as in, in rc.modules) loaded all the ip masquerading
modules?

Also, you have to set up IP forwarding explicitly; have rc.local perform
the following line

echo "1" > /proc/net/ipv4/ip_forwarding
or it could be
echo "1" > /proc/net/ip_forward

depending on your network setup (I use the latter for kernel 2.0.33 and
Slackware 3.2). Browse through your proc tree to be sure.

Your setup sounds somewhat like mine, except I use a crappier box for the
gateway :)

marco


Idiot: someone who disagrees with you. - Gustave Flaubert

 
 
 

1. IP Masquerading works, but does not masquerade from within the local network

I've got a box running Redhat 6.1 working as a gateway for our home network.
It's connected to a cable modem, and we've only got one IP address, so it's
doing IP forwarding and masquerading for us.

Now, consider this situation: I've got a webcam running on one of my windows
boxes, whose IP address is 192.168.0.1 (for instance). The webcam is on port
8888, and I've got the linux box set up to forward this port along from
port, say, 9999, using a line much like

ipmasqadm portfw -a -P tcp -L xxx.xxx.xxx.xxx 9999 -R 192.168.0.1 8888

in my rc.local.

This works very well for people connecting in from outside - they'd use a
URL like:

http://xxx.xxx.xxx.xxx:9999/video/frame

but if I try and use that URL from inside the local network, it doesn't
connect, I'd have to use:

http://192.168.0.1:8888/video/frame

which is rather annoying as it makes it difficult to test things (I have to
VNC out to work and boot up a browser there)

I'm fairly sure the problem isn't with the webcam software - I've had the
same problem when trying to connected to an apache server inside the network
as well.

any ideas?

cheers,

Tim


2. ttymon trouble

3. RH5 and ICMP Masquerade not working

4. Solaris 8 linker patch 109147-39 causes matlab 7 to fail

5. IP masquerade -- does not work --help

6. POP3 and Linux

7. IP Masquerading not working! HELP!

8. ufs log size - performance

9. Ip-Masquerade and games over the net...what am I doing wrong????????

10. IP Masquerading not working

11. telnet not work with ip masquerading

12. IP Masquerade: ICMP & UDP support