Very Computer

I now have the Linux PC (Toshiba Laptop with two PCMCIA NICs - one
connected to the cablemodem and the other to a 3COM hub) setup with
MASQ (I believe) connected to the hub on one NIC and my cablemodem
connected to the other.  .  

From the Linux MASQ PC I can ping the local PCs and I can ping any IP
or name on the internet.  Netscape works ok out to the internet also.

From the MASQed PCs, I can ping the Linux NIC on the hub (local
network) and I can ping the Linux Nic attached to the cablemodem.   I
cannot ping anything on the intenet, either IP or name from the MASQed
PCs.  

cat /proc/sys/net/ipv4/ip_forward returns "1".

ifconfig returns:
eth0 Link encap:Ethernet  HWaddr 00:80:C7:F1:5D:80  
       inet addr:24.64.128.226  Bcast:255.255.255.255
Mask:255.255.255.0
          UP BROADCAST RUNNING  MTU:1500  Metric:1
          RX packets:944 errors:0 dropped:0 overruns:0 frame:0
          TX packets:731 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          Interrupt:3 Base address:0x300

eth1 Link encap:Ethernet  HWaddr 00:80:C7:E9:45:3D  
        inet addr:172.16.2.4  Bcast:172.16.2.255  Mask:255.255.255.0
        UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
        RX packets:1553 errors:0 dropped:0 overruns:0 frame:0
        TX packets:122 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:100
          Interrupt:5 Base address:0x310

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:3924  Metric:1
          RX packets:22 errors:0 dropped:0 overruns:0 frame:0
          TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0

netstat -rn returns:
Kernel IP routing table
Destination  Gateway     Genmask         Flags   MSS Win irtt Iface
172.16.2.4    0.0.0.0   255.255.255.255   UH     0 0     0 eth1
172.16.2.0    0.0.0.0   255.255.255.0      U        0 0     0 eth1
24.64.128.0  0.0.0.0   255.255.255.0      U        0 0     0 eth0
127.0.0.0      0.0.0.0   255.0.0.0             U         0 0     0 lo
0.0.0.0      24.64.128.1  0.0.0.0              UG      0 0     0 eth0

I'm using the basic rc.firewall from the HOW-TO and it looks like
this:
#!/bin/sh
#
# rc.firewall - Initial simple ip masq test for 2.2.X kernels
#
# Load all required IP MASQ modules
#
# NOTE: Only load the IP MASQ modules needed.  All IP MASQ modules
#        are shown below but are commented out from loading.  
#
# Needed to initially load modules
#
/sbin/depmod -a
# Supports the proper masqu of FTP transfers using the PORT method
#
/sbin/modprobe ip_masq_ftp
#
# Supports the masq of RealAudio over UDP.  Without this module,
# RealAudio will function but in TCP mode.  This can cause a reduction

# in sound quality.  
#
#/sbin/modprobe ip_masq_raudio
# Supports the masq of IRC DCC file transfers
#
#/sbin/modprobe ip_masq_irc
# Supports the masq of Quake and QuakeWorld by default.   This is
# for multiple users behind the Linux MASQ server.  For
# Quake I, II, and III, use the second example.
#
#Quake I / QuakeWorld (ports 26000 and 27000)
#/sbin/modprobe ip_masq_quake
#
#Quake I/II/III / QuakeWorld (ports 26000, 27000, 27910, 27960)
#/sbin/modprobe ip_masq_quake ports=26000,27000,27910,27960
# Supports the masq of the CuSeeme vidio conferencing software
#
#/sbin/modprobe ip_masq_vdolive
#CRITICAL: Enable IP forwarding since it is disabled by default since
#Redhat : You may try changing options in /etc/sysconfig/network from:
#FORWARD_IPV4=false
#to
#FORWARD_IPV4=true
#
echo "1" > /proc/sys/net/ipv4/ip_forward
#Dynamic IP users
#If you get your IP address dynamically from SLIP,PPP,or DHCP, enable
this following
#option.  This enable dynamic-ip address hacking in IP MASQ, making
the life
#with Diald and similar probrams much easier.
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
#MASQ timeouts
#
# 2 hrs timeout for TCP session timeouts
# 10 sec timeout for traffic after the TCP/IP "FIN" packet is received
# 160 sec timeout for UDP traffic (important for MASQ'ed ICQ users
#
/sbin/ipchains -M -S 7200 10 160
# DHCP For people who receive their IP address from either DHCP
# such as ADSL or CABLE MODEMS users.
#
/sbin/ipchains -A input -j ACCEPT -i eth1 -s 0/0 67 -d 0/0 68 -p udp
#
# Enable simple IP forwarding and Masq
#
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -s 172.16.2.0/24 -j MASQ

I won't tell you how long I've been working on this laptop install of
RH 6.1 or how many books I've read and lists I've searched to reach
this point.  Any help would be greatly appreciated.  

Harry

take the backwards linux out of my email to reach me.

-Tom
--
Tom Eastep               \    Opinions expressed here are

Shoreline, Washington USA  \    those of my employer
ICQ #60745924               \____________________________

As a side note, and a confusing one at that, (which probably means
nothing) is that when I have the NT box connected to the cablemodem,
it has a DHCP  IP of 24.64.155.x but when I unplug it and plug the
Linux PC in and boot it up, it ends up with an IP of 24.64.128.x
(according to ifconfig, anyway).  As I said, this probably means
nothing but it repeats each time I test the Linux PC as MASQ and then
disconnect and go back to the NT box running NAT32.  The only reason I
can figure for this is that when the PC asks for a DHCP IP, the ISP
knows it is not the same PC (NIC HW address?) as the NT box and gives
it a different IP.  

Does "/sbin/ipchains -L -n -v" show that your rules are configured the way
that you think that they are. If so, when you ping from the Win98 machine
to 24.64.128.1, does do you see the packet and byte counts increasing on
the three chains?

-Tom
--
Tom Eastep               \    Opinions expressed here are

Shoreline, Washington USA  \    those of my employer
ICQ #60745924               \____________________________

You must be on the track of something here.  When I ping the Linux box
from the WIN98, there is no change in the packet counts for input,
output, or forward  (even thought I get the response back from that
IP).  But, when I ping the WIN98 box from the Linux box, the packet
counts for input and output increment.  

I'm assuming they should increment when I ping from the WIN box to the
Linux box but I have no idea why they don't ? ? ?

I got to looking at the IPs and if you look at my original post, the
ifconfig shows the IP of  eth0 to be 24.64.128.226 and I CANNOT ping
that address.  While in netstat -rn it shows a "gateway" address of
24.64.128.1 for eth0 and I can ping that address.  I have no idea
where the "gateway" Ip comes from.  How do the outputs of the netstat
and ifconfig compare to yours?  What addresses should be where?  

Thanks,

Harry

I was trying to do some testing without going on line with the Linux
box due to the re-config/reboot hassle and as I just found out, it
doesn't give the same symptoms if you aren't on line.  

I CAN ping the Linux eth0 connection 24.64.128.226 and the packet
counters DO increment.  All three of them (input, output, forward).
The only unusual thing I see there is that when I try to ping an IP on
the internet (it times out) then the packet counters increment as
below:

packets/bytes

                            before              after
input               359/32696           397/36348
forward           219/17650            223/17890
output             266/23067            270/23307

I guess the increments are correct if you assume no response we ever
received.  Although, I can ping from the Linux box to the internet and
all is well.  

Harry