IP-masquerade, routing ???

IP-masquerade, routing ???

Post by Ryan Rother » Fri, 03 Oct 1997 04:00:00




: Hello,
: I'v a problem with getting IP-Masq to work.
: I read the HOWTO's, but I can't figure out what's wrong.
: Still I can't ping the internet from my windows 95 pc.

: My linux box ip: 192.168.2.1
: My windows 95 ip: 192.168.2.5

: ipfwadm -F -p deny
: ipfwadm -F -a m -S 192.168.2.0/24 -D 0.0.0.0/0

: route

: annex1.urc.tue. *               255.255.255.255 U     0      0        0 ppp0
: annex1.urc.tue. *               255.255.255.255 U     32767  0        0 ppp0
: 192.168.2.0     *               255.255.255.0   U     32767  0        0 eth0
: default         annex1.urc.tue. 0.0.0.0         UG    0      0        0 ppp0

: ifconfig

: lo        Link encap:Local Loopback
:           inet addr:127.0.0.1  Bcast:127.255.255.255  Mask:255.0.0.0
:           UP BROADCAST LOOPBACK RUNNING  MTU:3584  Metric:1
:           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
:           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 coll:0

: eth0      Link encap:Ethernet  HWaddr 00:40:33:35:EA:17
:           inet addr:192.168.2.1  Bcast:192.255.255.255  Mask:255.255.255.0
:           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
:           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
:           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 coll:0
:           Interrupt:12 Base address:0x240

: ppp0      Link encap:Point-to-Point Protocol
:           inet addr:131.155.12.29  P-t-P:131.155.12.10  Mask:255.255.255.255
:           UP POINTOPOINT RUNNING  MTU:296  Metric:1
:           RX packets:8 errors:0 dropped:0 overruns:0 frame:0
:           TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 coll:0

: Red Hat Linux release 4.2 (Biltmore)
: Kernel 2.1.55 on an i586

: [*] Network firewalls                                                    
: [ ] Socket Security API Support (EXPERIMENTAL)                        
: [*] Network aliasing                                                
: [*] TCP/IP networking                                                
: [ ] IP: multicasting                                                
: [*] IP: firewalling                                                
: [*] IP: firewall packet logging                                      
: [*] IP: masquerading                                                
: --- Protocol-specific masquerading support will be built as modules.
: [*] IP: transparent proxy support                                  
: [*] IP: always defragment                                            
: [*] IP: accounting                                                  
: [*] IP: optimize as router not host                                  
: < > IP: tunneling                                                  
: <M> IP: aliasing support                                            
: [ ] IP: TCP syncookie support (not enabled per default)              
: --- (it is safe to leave these untouched)                            
: [ ] IP: PC/TCP compatibility mode                                    
: < > IP: Reverse ARP                                                  
: [*] IP: Path MTU Discovery (normally enabled)                        
: [*] IP: Drop source routed frames  
: <M> The IPv6 protocol (EXPERIMENTAL)                                
: ---                                                                  
: <M> The IPX protocol                                                
: [*] Full internal IPX network                                        
: [*] IPX Type 20 Routing                                              
: <M> Appletalk DDP                                                    
: [ ] IP-over-DDP support (EXPERIMENTAL)                              
: < > Amateur Radio AX.25 Level 2                                      
: < > CCITT X.25 Packet Layer (EXPERIMENTAL)                          
: < > LAPB Data Link Driver (EXPERIMENTAL)                            
: [ ] Bridging (EXPERIMENTAL)    
: [ ] 802.2 LLC (EXPERIMENTAL)                                        
: [ ] WAN router                                                  

: I can ping my windows 95 pc and on the win95 pc I can ping linux.
: What goes wrong.

: I'm desperate....

: Thanks in advance,

: Marc

Marc,
Make sure you make your gateway on the win95 box
be the ip of eth0 on the linux box.

--

Ryan Rothert
Global Center/Primenet of Toledo

 
 
 

IP-masquerade, routing ???

Post by Marc van Duijnhov » Fri, 03 Oct 1997 04:00:00


Hello,
I'v a problem with getting IP-Masq to work.
I read the HOWTO's, but I can't figure out what's wrong.
Still I can't ping the internet from my windows 95 pc.

My linux box ip: 192.168.2.1
My windows 95 ip: 192.168.2.5

ipfwadm -F -p deny
ipfwadm -F -a m -S 192.168.2.0/24 -D 0.0.0.0/0

route

annex1.urc.tue. *               255.255.255.255 U     0      0        0 ppp0
annex1.urc.tue. *               255.255.255.255 U     32767  0        0 ppp0
192.168.2.0     *               255.255.255.0   U     32767  0        0 eth0
default         annex1.urc.tue. 0.0.0.0         UG    0      0        0 ppp0

ifconfig

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Bcast:127.255.255.255  Mask:255.0.0.0
          UP BROADCAST LOOPBACK RUNNING  MTU:3584  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 coll:0

eth0      Link encap:Ethernet  HWaddr 00:40:33:35:EA:17
          inet addr:192.168.2.1  Bcast:192.255.255.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 coll:0
          Interrupt:12 Base address:0x240

ppp0      Link encap:Point-to-Point Protocol
          inet addr:131.155.12.29  P-t-P:131.155.12.10  Mask:255.255.255.255
          UP POINTOPOINT RUNNING  MTU:296  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 coll:0

Red Hat Linux release 4.2 (Biltmore)
Kernel 2.1.55 on an i586

[*] Network firewalls                                                    
[ ] Socket Security API Support (EXPERIMENTAL)                        
[*] Network aliasing                                                
[*] TCP/IP networking                                                
[ ] IP: multicasting                                                
[*] IP: firewalling                                                
[*] IP: firewall packet logging                                      
[*] IP: masquerading                                                
--- Protocol-specific masquerading support will be built as modules.
[*] IP: transparent proxy support                                  
[*] IP: always defragment                                            
[*] IP: accounting                                                  
[*] IP: optimize as router not host                                  
< > IP: tunneling                                                  
<M> IP: aliasing support                                            
[ ] IP: TCP syncookie support (not enabled per default)              
--- (it is safe to leave these untouched)                            
[ ] IP: PC/TCP compatibility mode                                    
< > IP: Reverse ARP                                                  
[*] IP: Path MTU Discovery (normally enabled)                        
[*] IP: Drop source routed frames  
<M> The IPv6 protocol (EXPERIMENTAL)                                
---                                                                  
<M> The IPX protocol                                                
[*] Full internal IPX network                                        
[*] IPX Type 20 Routing                                              
<M> Appletalk DDP                                                    
[ ] IP-over-DDP support (EXPERIMENTAL)                              
< > Amateur Radio AX.25 Level 2                                      
< > CCITT X.25 Packet Layer (EXPERIMENTAL)                          
< > LAPB Data Link Driver (EXPERIMENTAL)                            
[ ] Bridging (EXPERIMENTAL)    
[ ] 802.2 LLC (EXPERIMENTAL)                                        
[ ] WAN router                                                  

I can ping my windows 95 pc and on the win95 pc I can ping linux.
What goes wrong.

I'm desperate....

Thanks in advance,

Marc

 
 
 

IP-masquerade, routing ???

Post by Bert Lindn » Sat, 04 Oct 1997 04:00:00




Quote:>Hello,
>I'v a problem with getting IP-Masq to work.
>I read the HOWTO's, but I can't figure out what's wrong.
>Still I can't ping the internet from my windows 95 pc.

[explanation of situation]

If pinging is your only problem (try using telnet or something), then there
might be no problem. Ping uses ICMP, and it's only very recently (kernel
2.0.30 I think) that ICMP support was added to IP masquerading.

telnet, www should work, ftp needs patches (because it needs more than one
connection).

Good luck, Bert.

 
 
 

IP-masquerade, routing ???

Post by Marc van Duijnhov » Sat, 04 Oct 1997 04:00:00





> >Hello,
> >I'v a problem with getting IP-Masq to work.
> >I read the HOWTO's, but I can't figure out what's wrong.
> >Still I can't ping the internet from my windows 95 pc.
> [explanation of situation]
> If pinging is your only problem (try using telnet or something), then there
> might be no problem. Ping uses ICMP, and it's only very recently (kernel
> 2.0.30 I think) that ICMP support was added to IP masquerading.
> telnet, www should work, ftp needs patches (because it needs more than one
> connection).
> Good luck, Bert.

You are absolutely right. Netscape works (suprise suprise), but I can't ping
the web.
This is no problem for me.

Bye,

Marc

 
 
 

IP-masquerade, routing ???

Post by Jeremy Mathe » Thu, 09 Oct 1997 04:00:00




...

Quote:>>: I can ping my windows 95 pc and on the win95 pc I can ping linux.
>>: What goes wrong.

>>: I'm desperate....
>>: Thanks in advance,

>>: Marc

>Marc,

>The last time I checked PING is not supported for IP masquerading.
>Try telnet instead.  Ping should bring the link up but you will never
>receive any response from the other machine on your W95 box.

PING is supported as of the 2.0.30 kernel (so I've heard).

In any case, it works on my LAN (Debian 1.3.0, Kernel 2.0.30, ppp conection
to ISP, IP Masq for local 192.168.x.x LAN).

************************************************************************
        "Tucked away in winter quarters,
        Gainsborough's sons and Buchan's daughters,
        Blue of *, clean-lined, and handsome,
        Priced beyond a prince's ransom,
        Where no danger can befall them,
        Rest till next year's Classics call them."

                        - Will H Ogilvie -


          hundreds, if not thousands, of dollars, every time he posts -
************************************************************************
rwvpf wpnrrj ibf ijrfer

 
 
 

IP-masquerade, routing ???

Post by jerry-normandi » Thu, 09 Oct 1997 04:00:00


Jerry Replies!

I'm using kernel 2.0.30, REMEMBER 2.1.X is considered bleeding edge.
No room for crying when something does not work with it, it's up to YOU
to help olve it.

I use IP masquerqading with 2.0.30, I can ping on any computer from my
LAN, traceroute, Quake, you name it!!!!!!!!!

On 8 Oct 1997, Bernt T. Hansen wrote:

> In article <611c30$...@nntp02.primenet.com>,
>    Ryan Rothert <rrot...@primenet.com> writes:
> > Marc van Duijnhoven <ma...@stack.nl> wrote:
> >: Hello,
> >: I'v a problem with getting IP-Masq to work.
> >: I read the HOWTO's, but I can't figure out what's wrong.
> >: Still I can't ping the internet from my windows 95 pc.

> >: My linux box ip: 192.168.2.1
> >: My windows 95 ip: 192.168.2.5

> >: ipfwadm -F -p deny
> >: ipfwadm -F -a m -S 192.168.2.0/24 -D 0.0.0.0/0

> >: route

> >: annex1.urc.tue. *               255.255.255.255 U     0      0        0 ppp0
> >: annex1.urc.tue. *               255.255.255.255 U     32767  0        0 ppp0
> >: 192.168.2.0     *               255.255.255.0   U     32767  0        0 eth0
> >: default         annex1.urc.tue. 0.0.0.0         UG    0      0        0 ppp0

> >: ifconfig

> >: lo        Link encap:Local Loopback
> >:           inet addr:127.0.0.1  Bcast:127.255.255.255  Mask:255.0.0.0
> >:           UP BROADCAST LOOPBACK RUNNING  MTU:3584  Metric:1
> >:           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> >:           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 coll:0

> >: eth0      Link encap:Ethernet  HWaddr 00:40:33:35:EA:17
> >:           inet addr:192.168.2.1  Bcast:192.255.255.255  Mask:255.255.255.0
> >:           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
> >:           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
> >:           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 coll:0
> >:           Interrupt:12 Base address:0x240

> >: ppp0      Link encap:Point-to-Point Protocol
> >:           inet addr:131.155.12.29  P-t-P:131.155.12.10  Mask:255.255.255.255
> >:           UP POINTOPOINT RUNNING  MTU:296  Metric:1
> >:           RX packets:8 errors:0 dropped:0 overruns:0 frame:0
> >:           TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 coll:0

> >: Red Hat Linux release 4.2 (Biltmore)
> >: Kernel 2.1.55 on an i586

> >: [*] Network firewalls                                                    
> >: [ ] Socket Security API Support (EXPERIMENTAL)                        
> >: [*] Network aliasing                                                
> >: [*] TCP/IP networking                                                
> >: [ ] IP: multicasting                                                
> >: [*] IP: firewalling                                                
> >: [*] IP: firewall packet logging                                      
> >: [*] IP: masquerading                                                
> >: --- Protocol-specific masquerading support will be built as modules.
> >: [*] IP: transparent proxy support                                  
> >: [*] IP: always defragment                                            
> >: [*] IP: accounting                                                  
> >: [*] IP: optimize as router not host                                  
> >: < > IP: tunneling                                                  
> >: <M> IP: aliasing support                                            
> >: [ ] IP: TCP syncookie support (not enabled per default)              
> >: --- (it is safe to leave these untouched)                            
> >: [ ] IP: PC/TCP compatibility mode                                    
> >: < > IP: Reverse ARP                                                  
> >: [*] IP: Path MTU Discovery (normally enabled)                        
> >: [*] IP: Drop source routed frames  
> >: <M> The IPv6 protocol (EXPERIMENTAL)                                
> >: ---                                                                  
> >: <M> The IPX protocol                                                
> >: [*] Full internal IPX network                                        
> >: [*] IPX Type 20 Routing                                              
> >: <M> Appletalk DDP                                                    
> >: [ ] IP-over-DDP support (EXPERIMENTAL)                              
> >: < > Amateur Radio AX.25 Level 2                                      
> >: < > CCITT X.25 Packet Layer (EXPERIMENTAL)                          
> >: < > LAPB Data Link Driver (EXPERIMENTAL)                            
> >: [ ] Bridging (EXPERIMENTAL)    
> >: [ ] 802.2 LLC (EXPERIMENTAL)                                        
> >: [ ] WAN router                                                  

> >: I can ping my windows 95 pc and on the win95 pc I can ping linux.
> >: What goes wrong.

> >: I'm desperate....

> >: Thanks in advance,

> >: Marc

> Marc,

> The last time I checked PING is not supported for IP masquerading.
> Try telnet instead.  Ping should bring the link up but you will never
> receive any response from the other machine on your W95 box.

> Hope this helps,
> Bernt.
> --
> Bernt T. Hansen    - Norang Consulting Incorporated ---   bthan...@hookup.net
> Computer Systems/  - 235 Bellamy Road N., Scarborough -  phone: (416)431-6216
> Analyst            - Ontario, Canada M1J-2L7 ----------  fax:   (416)431-2617
> PGP Public Key fingerprint = CB 99 EC 07 DE F8 D5 8D  59 99 A5 E7 7E 7A 8C 9C

 
 
 

IP-masquerade, routing ???

Post by Scam » Mon, 13 Oct 1997 04:00:00




the following was written:




> >: Hello,
> >: I'v a problem with getting IP-Masq to work.
> >: I read the HOWTO's, but I can't figure out what's wrong.
> >: Still I can't ping the internet from my windows 95 pc.

> >: My linux box ip: 192.168.2.1
> >: My windows 95 ip: 192.168.2.5

> >: ipfwadm -F -p deny
> >: ipfwadm -F -a m -S 192.168.2.0/24 -D 0.0.0.0/0

> >: route

> >: annex1.urc.tue. *               255.255.255.255 U     0      0    

  0 ppp0 > >: annex1.urc.tue. *               255.255.255.255 U    
32767  0        0 ppp0 > >: 192.168.2.0     *              
255.255.255.0   U     32767  0        0 eth0 > >: default        
annex1.urc.tue. 0.0.0.0         UG    0      0        0 ppp0 > >

Quote:> >: I can ping my windows 95 pc and on the win95 pc I can ping linux. >
>: Marc >
> Marc,

> The last time I checked PING is not supported for IP masquerading.
> Try telnet instead.  Ping should bring the link up but you will never
> receive any response from the other machine on your W95 box.

> Hope this helps,
> Bernt.

Actually, I've found an interesting caveat with that, Brent.
Running 2.0.30 & ipfwadm 2.3,

    # ipfwadm -F -a m -S 192.168.2.0/24 -D 0.0.0.0/0

will, infact, forward & masq icmp packets.
However,

    # ipfwadm -F -a m -P icmp -S 192.168.2.0/24 -D 0.0.0.0/0

will cause ipfwadm to report that it can't masq icmp.  
Just found this out today,so I haven't posted it to any of the relevant
people. Also, according to the Linux IP Masquerade mini HOWTO by Ambrose

url), there is now a icmp patch that will allow this.

Anyway....  Ryan, why are there 2 routes:

Quote:> >: annex1.urc.tue. *               255.255.255.255 U     0      0    

  0 ppp0 > >: annex1.urc.tue. *               255.255.255.255 U    
32767  0        0 ppp0

in your routing table?

Can you ping the internet from your linux box?
Your Incoming or Outgoing policies aren't blocking this, are they?

Try adding these to the end of your rules:

    # ipfwadm -I -a deny -S 0.0.0.0/0  -D 0.0.0.0/0 -o
    # ipfwadm -O -a deny -S 0.0.0.0/0  -D 0.0.0.0/0 -o
    # ipfwadm -F -a deny -S 0.0.0.0/0  -D 0.0.0.0/0 -o

The -o will cause any packets that are falling through the rest of your
rules to be logged in /var/adm/messages.  Besides being a good debugging
tool, this is an excelent policy to find out who & when somebody is
trying to do something that you have set your firewall to stop.

--

(remove NOSPAM to reply)
10/11/97 20:02

 
 
 

1. Problem with IP Masquerade + routed internal network (pretty newbie question)

I have a class C internal network divided into 3 sections (one central
office and two branches) connected by 2 routers (DSL router). Routers are
communicating throuth RIP2 protocol. Machines are Win98 and WinXP, servers
are Linux servers (Samba and SQL used), Windows adresses are leased through
DHCP. The network looks like this:

192.168.1.0/24  network (around 10 computers) - 192.168.1.1 server,
192.168.2.1 router
        |
192.168.1.2
192.168.0.3
        |
192.168.0/24 network (50 computers) - 192.168.0.1 server, 192.168.0.3 and
192.168.0.2 routers
        |
192.168.0.2
192.168.2.1
        |
192.168.2.0/24 network (20 computers) 192.168.2.3 server, 192.168.2.1 router

It works fine, but now we want to connect central office (192.168.0.0/24) to
the internet. We have one public IP adress and we would like to use IP
Masquerade. I have set up a Red Hat 9 Linux as a NAT server with adress
192.168.0.10, IP Masquerade works fine, but now there is a problem with
internal routed network. I had to set up 192.168.0.10 server as a default
gateway but that breaks connection with other two subnetworks. If I define
static routes to two subnetworks on each of the Windows machines then it
works fine, but I can't set up static routed through DHCP, and I know of no
other way to define routes other than typing route add... in command prompt.
If static routes are not defined then everything that goes out of
192.168.0.0/24 nework goes to 192.168.0.10 NAT server, where it gets lost.
If it were only one internal network then it wouldn't be a problem but this
way I don't know how to solve the problem. Tnx in advance.

                        Dragan

2. Resetting Xdm processes

3. Ip Masquerading, Routing different kinds of traffic.

4. searching file within ftp site

5. IP Masquerading, routing, in R5

6. Database to expose command line utilities to X?

7. IP Masquerade/Routing

8. CMOS set on SRM

9. IP Masquerading\Routing problem

10. proxy route gateway ip masquerading ip chains ?

11. Route IP masqueraded packets according to their source IP?

12. IP Masquerade works, but how do you route an unMasquerade IP?