Very Computer

: Hello,
: I'v a problem with getting IP-Masq to work.
: I read the HOWTO's, but I can't figure out what's wrong.
: Still I can't ping the internet from my windows 95 pc.

: My linux box ip: 192.168.2.1
: My windows 95 ip: 192.168.2.5

: ipfwadm -F -p deny
: ipfwadm -F -a m -S 192.168.2.0/24 -D 0.0.0.0/0

: route

: annex1.urc.tue. *               255.255.255.255 U     0      0        0 ppp0
: annex1.urc.tue. *               255.255.255.255 U     32767  0        0 ppp0
: 192.168.2.0     *               255.255.255.0   U     32767  0        0 eth0
: default         annex1.urc.tue. 0.0.0.0         UG    0      0        0 ppp0

: ifconfig

: lo        Link encap:Local Loopback
:           inet addr:127.0.0.1  Bcast:127.255.255.255  Mask:255.0.0.0
:           UP BROADCAST LOOPBACK RUNNING  MTU:3584  Metric:1
:           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
:           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 coll:0

: eth0      Link encap:Ethernet  HWaddr 00:40:33:35:EA:17
:           inet addr:192.168.2.1  Bcast:192.255.255.255  Mask:255.255.255.0
:           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
:           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
:           TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 coll:0
:           Interrupt:12 Base address:0x240

: ppp0      Link encap:Point-to-Point Protocol
:           inet addr:131.155.12.29  P-t-P:131.155.12.10  Mask:255.255.255.255
:           UP POINTOPOINT RUNNING  MTU:296  Metric:1
:           RX packets:8 errors:0 dropped:0 overruns:0 frame:0
:           TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 coll:0

: Red Hat Linux release 4.2 (Biltmore)
: Kernel 2.1.55 on an i586

: [*] Network firewalls                                                    
: [ ] Socket Security API Support (EXPERIMENTAL)                        
: [*] Network aliasing                                                
: [*] TCP/IP networking                                                
: [ ] IP: multicasting                                                
: [*] IP: firewalling                                                
: [*] IP: firewall packet logging                                      
: [*] IP: masquerading                                                
: --- Protocol-specific masquerading support will be built as modules.
: [*] IP: transparent proxy support                                  
: [*] IP: always defragment                                            
: [*] IP: accounting                                                  
: [*] IP: optimize as router not host                                  
: < > IP: tunneling                                                  
: <M> IP: aliasing support                                            
: [ ] IP: TCP syncookie support (not enabled per default)              
: --- (it is safe to leave these untouched)                            
: [ ] IP: PC/TCP compatibility mode                                    
: < > IP: Reverse ARP                                                  
: [*] IP: Path MTU Discovery (normally enabled)                        
: [*] IP: Drop source routed frames  
: <M> The IPv6 protocol (EXPERIMENTAL)                                
: ---                                                                  
: <M> The IPX protocol                                                
: [*] Full internal IPX network                                        
: [*] IPX Type 20 Routing                                              
: <M> Appletalk DDP                                                    
: [ ] IP-over-DDP support (EXPERIMENTAL)                              
: < > Amateur Radio AX.25 Level 2                                      
: < > CCITT X.25 Packet Layer (EXPERIMENTAL)                          
: < > LAPB Data Link Driver (EXPERIMENTAL)                            
: [ ] Bridging (EXPERIMENTAL)    
: [ ] 802.2 LLC (EXPERIMENTAL)                                        
: [ ] WAN router                                                  

: I can ping my windows 95 pc and on the win95 pc I can ping linux.
: What goes wrong.

: I'm desperate....

: Thanks in advance,

: Marc

Marc,
Make sure you make your gateway on the win95 box
be the ip of eth0 on the linux box.

--

Ryan Rothert
Global Center/Primenet of Toledo

Hello,
I'v a problem with getting IP-Masq to work.
I read the HOWTO's, but I can't figure out what's wrong.
Still I can't ping the internet from my windows 95 pc.

My linux box ip: 192.168.2.1
My windows 95 ip: 192.168.2.5

ipfwadm -F -p deny
ipfwadm -F -a m -S 192.168.2.0/24 -D 0.0.0.0/0

route

annex1.urc.tue. *               255.255.255.255 U     0      0        0 ppp0
annex1.urc.tue. *               255.255.255.255 U     32767  0        0 ppp0
192.168.2.0     *               255.255.255.0   U     32767  0        0 eth0
default         annex1.urc.tue. 0.0.0.0         UG    0      0        0 ppp0

ifconfig

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Bcast:127.255.255.255  Mask:255.0.0.0
          UP BROADCAST LOOPBACK RUNNING  MTU:3584  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 coll:0

eth0      Link encap:Ethernet  HWaddr 00:40:33:35:EA:17
          inet addr:192.168.2.1  Bcast:192.255.255.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 coll:0
          Interrupt:12 Base address:0x240

ppp0      Link encap:Point-to-Point Protocol
          inet addr:131.155.12.29  P-t-P:131.155.12.10  Mask:255.255.255.255
          UP POINTOPOINT RUNNING  MTU:296  Metric:1
          RX packets:8 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0 coll:0

Red Hat Linux release 4.2 (Biltmore)
Kernel 2.1.55 on an i586

[*] Network firewalls                                                    
[ ] Socket Security API Support (EXPERIMENTAL)                        
[*] Network aliasing                                                
[*] TCP/IP networking                                                
[ ] IP: multicasting                                                
[*] IP: firewalling                                                
[*] IP: firewall packet logging                                      
[*] IP: masquerading                                                
--- Protocol-specific masquerading support will be built as modules.
[*] IP: transparent proxy support                                  
[*] IP: always defragment                                            
[*] IP: accounting                                                  
[*] IP: optimize as router not host                                  
< > IP: tunneling                                                  
<M> IP: aliasing support                                            
[ ] IP: TCP syncookie support (not enabled per default)              
--- (it is safe to leave these untouched)                            
[ ] IP: PC/TCP compatibility mode                                    
< > IP: Reverse ARP                                                  
[*] IP: Path MTU Discovery (normally enabled)                        
[*] IP: Drop source routed frames  
<M> The IPv6 protocol (EXPERIMENTAL)                                
---                                                                  
<M> The IPX protocol                                                
[*] Full internal IPX network                                        
[*] IPX Type 20 Routing                                              
<M> Appletalk DDP                                                    
[ ] IP-over-DDP support (EXPERIMENTAL)                              
< > Amateur Radio AX.25 Level 2                                      
< > CCITT X.25 Packet Layer (EXPERIMENTAL)                          
< > LAPB Data Link Driver (EXPERIMENTAL)                            
[ ] Bridging (EXPERIMENTAL)    
[ ] 802.2 LLC (EXPERIMENTAL)                                        
[ ] WAN router                                                  

I can ping my windows 95 pc and on the win95 pc I can ping linux.
What goes wrong.

I'm desperate....

Thanks in advance,

Marc

Quote:>Hello,
>I'v a problem with getting IP-Masq to work.
>I read the HOWTO's, but I can't figure out what's wrong.
>Still I can't ping the internet from my windows 95 pc.

If pinging is your only problem (try using telnet or something), then there
might be no problem. Ping uses ICMP, and it's only very recently (kernel
2.0.30 I think) that ICMP support was added to IP masquerading.

telnet, www should work, ftp needs patches (because it needs more than one
connection).

Good luck, Bert.

Bye,

Marc

...

Quote:>>: I can ping my windows 95 pc and on the win95 pc I can ping linux.
>>: What goes wrong.

>>: I'm desperate....
>>: Thanks in advance,

>>: Marc

>Marc,

>The last time I checked PING is not supported for IP masquerading.
>Try telnet instead.  Ping should bring the link up but you will never
>receive any response from the other machine on your W95 box.

In any case, it works on my LAN (Debian 1.3.0, Kernel 2.0.30, ppp conection
to ISP, IP Masq for local 192.168.x.x LAN).

************************************************************************
        "Tucked away in winter quarters,
        Gainsborough's sons and Buchan's daughters,
        Blue of *, clean-lined, and handsome,
        Priced beyond a prince's ransom,
        Where no danger can befall them,
        Rest till next year's Classics call them."

                        - Will H Ogilvie -

          hundreds, if not thousands, of dollars, every time he posts -
************************************************************************
rwvpf wpnrrj ibf ijrfer

Jerry Replies!

I'm using kernel 2.0.30, REMEMBER 2.1.X is considered bleeding edge.
No room for crying when something does not work with it, it's up to YOU
to help olve it.

I use IP masquerqading with 2.0.30, I can ping on any computer from my
LAN, traceroute, Quake, you name it!!!!!!!!!

On 8 Oct 1997, Bernt T. Hansen wrote:

the following was written:

Quote:> >: I can ping my windows 95 pc and on the win95 pc I can ping linux. >
>: Marc >
> Marc,

> The last time I checked PING is not supported for IP masquerading.
> Try telnet instead.  Ping should bring the link up but you will never
> receive any response from the other machine on your W95 box.

> Hope this helps,
> Bernt.

    # ipfwadm -F -a m -S 192.168.2.0/24 -D 0.0.0.0/0

will, infact, forward & masq icmp packets.
However,

    # ipfwadm -F -a m -P icmp -S 192.168.2.0/24 -D 0.0.0.0/0

will cause ipfwadm to report that it can't masq icmp.  
Just found this out today,so I haven't posted it to any of the relevant
people. Also, according to the Linux IP Masquerade mini HOWTO by Ambrose

url), there is now a icmp patch that will allow this.

Anyway....  Ryan, why are there 2 routes:

Quote:> >: annex1.urc.tue. *               255.255.255.255 U     0      0    

in your routing table?

Can you ping the internet from your linux box?
Your Incoming or Outgoing policies aren't blocking this, are they?

Try adding these to the end of your rules:

    # ipfwadm -I -a deny -S 0.0.0.0/0  -D 0.0.0.0/0 -o
    # ipfwadm -O -a deny -S 0.0.0.0/0  -D 0.0.0.0/0 -o
    # ipfwadm -F -a deny -S 0.0.0.0/0  -D 0.0.0.0/0 -o

The -o will cause any packets that are falling through the rest of your
rules to be logged in /var/adm/messages.  Besides being a good debugging
tool, this is an excelent policy to find out who & when somebody is
trying to do something that you have set your firewall to stop.

--

(remove NOSPAM to reply)
10/11/97 20:02