IP Chains, IP Masq, and Dial on Demand Problems

IP Chains, IP Masq, and Dial on Demand Problems

Post by Mike Westerfiel » Wed, 02 Jun 1999 04:00:00

I've set up my RH6.0 machine as a dial on demand router to the internet
for my home network.
The Dial on demand part seems to be working pretty well.  My problems
lies (I believe) in that I do not understand IPChains at all (this is
after reading the man pages
and HOWTO's).  Here are my issues.
1.  Client workstations can't send mail .  They can recv. it fine.
2.  My browser keeps telling me that I've been disconnected from the
internet and would I like to work offline or connect.  I hit connect and

everything's OK.
3.  Some web pages aren't working properly through it.  most noteably is

dejanews.  It draws most of the page and then states that the connection

is lost when It tries to display the message.

When I do an ipchains -L this is what I get
chain input (policy ACCEPT):
chain forward (policy MASQ):
chain output (policy ACCEPT):

I'm using IPChains version 1.3.8 for firewall and IP Masq.
I'm using the RH 6.0 default kernel 2.2.5-15
I'm using pppd 2.3.7 for the dial on demand



1. IP Chains / IP Masq FTP Problem

I've used IP masquerading via ipfwadm for about two years now with
great success.  I just set up a new gateway for a cable modem, and I
decided to try IP Chains instead.  I downloaded the source and the
2.0.34 patch, and I applied it to my 2.0.36 kernel.  I spent some time
creating a firewall script, and everything seemed to work great!  Or
so I thought.

I tried to use ftp - I would log on to a remote host, and as soon as I
tried a command like ls or get, I would lose my connection.  I then
realized that I forgot to load the ip_masq_ftp module.  I loaded it
and everything seemed to work great again... or so I thought.

I tried to use LiveUpdate for Norton Utilities and Norton Antivirus on
my Win95 machines.  I would connect to the Symantec ftp site, but
would then lose the connection through the LiveUpdate software.  I
tried to connect to the ftp site manually, but when I would try the ls
or get commands, I would lose my connection (just as I wrote above).

I re-installed ipfwadm (a new kernel), and the problem went away.  I
like IP Chains because it seems more flexible, but I need to be able
to update my Norton Utilities and my virus definistions.

I tried compiling different kernels with the IP Chains patch, but I
couldn't solve the aforementioned problem.  I've even loaded every
ip_masq* module, but I cannot correct this problem.

Does anyone know what's going on, and how I can fix it?  I've tried to
find other IP Masquerading tools, but everything that I see mentions


2. man.1 files available for tex, mf and related programs

3. ip masq/ip chains and @home email

4. HELP!!! GCC 4 HP-UX ! ?

5. MS Game Zone w/ Linux 2.2.5/IP Masq/IP Chains

6. VirtualHosting on the same IP

7. IP Masq/IP Chains Question (forwarding smtp to 'internal' mail server...)

8. How to modify my documents "during fly" (Apache 1.0.5)

9. Dial on Demand and IP Masq

10. IP masq + dial-on-demand question

11. HELP! IP Masq, pppd, demand dialing

12. IP masq and demand dialing

13. Configuring net (IP-tunnel, IP-Alias, Proxy-ARP, NAT, IP-Masq?)