Masquerading Trouble...firewall and forwarding work great. (help)

Masquerading Trouble...firewall and forwarding work great. (help)

Post by Paul Thomps » Thu, 13 Jun 1996 04:00:00

        Running 2.0 with firewalling, ip firewalling, ip forwarding,
        'Squish' is running ppp with a permanent address connected
to the internet, and also has an
an ethernet card to my home network (using as net), which
connects to several machines, including 'Febrile'.
        I can control all packets going in and out of Squish, and can
control which packets it forwards, using ipfwadm. Squish will happily
forward Febrile's packets to the net at large (where or course, no
one knows what to do with them). I tried using the masquerading options,
but then the packets no longer seem to get forwarded--the only
difference I can see at that point (using tcpdump) between trying to
masquerade and _not_ forwarding, is that when masqurading, Squish
doesnt send Febrile ICMP host unreachable packets.
        Has anyone got masqurading working under any kernel? I would
really like to hear from you...
        Any advice or a pointer to some documentation on this would
be great too--there was mention of '' in NET2 howto,
but they dont seem to be there anymore.
        Also, no matter what I do, 'ipfwadm -M -l' prints no information
        I would be very grateful for any info, and can provide as many
details as might be helpful, if needed.

Paul Thompson


Masquerading Trouble...firewall and forwarding work great. (help)

Post by Paul Thomps » Thu, 13 Jun 1996 04:00:00

        You fool. You are using ping to test your stupid little
networks attempt at masquerading arent you? Well get a clue, it
doesnt work. Try telnet and I bet it will. And then after you
succeed in making a telnet connection (you do know what that is,
dont you?), maybe ipfwadm -M -l will show you something.


ps. It worked. Thanks to the person who replied to anothers question
about masquerading and mentioned that ping would not work....
now if I could just figure out why my floppy drive thinks it is
write protected under the new kernels...


1. IP forwarding in firewalls and masquerade boxes

The Firewall HOWTO and some other sources that I've looked at emphasize that
you should turn IP forwarding off in firewalls and (I believe) IP
masquerading boxes as well.  In principle I understand that you should turn
off all the services possible to secure a box.  My question is, what
vulnerabilities does IP forwarding expose?

For instance suppose you have an IP masquerading box with two nics -- one
talking to a 192.168.x.y private network, and one with a public IP address.
I can see how maybe a cracker could come send some packets to the public
side of the masq box that appeared to come from an 192.168.x.y address...
but I can't see how that would do a cracker any good.  And if I am guessing
right and this is how a cracker would exploit IP forwarding, then is there a
way to stipulate that packets from a 192.168.x.y address should be rejected
by the publicly accessible NIC?

Thanks in advance

2. How to setup DNS?

3. forwarding, masquerading, firewalling??????

4. linux fdisk & win95

5. Masquerading, forwarding, firewalling Oh My.

6. file splitter

7. Trouble forwarding/routing packets - masquerade

8. Resolving IRQ and resource conflicts

9. Newbie questions about firewalls, masquerading, and forwarding

10. enabling port forwarding on a MASQUERADING firewall


12. IP FireWall and forwarding trouble?

13. Unable to forward but masquerading works fine...?