> From: Gerry Jensen <[EMAIL PROTECTED]>
>
> On Fri, 27 Sep 1996, Simon Martin wrote:
>
>> 2) recompiled the kernel experimental, with the masquerade, firewall,
etc
>> enabled, ip forwarding, etc disabled, as per the instructions in the
>> IP_MASQUERADE mini howto. (I can connect to my ISP without any problems)
>
>If I understand you right, you're saying you disabled IP forwarding?
>Are you sure the masq mini howto said to do this? I'm quite sure you need
>IP forwarding enabled to use masquerading. In fact, the latest kernels
>don't even allow you to enable masquerading unless IP forwarding is also
>enabled first.
>
>Gerry
Sorry Gerry, I was misleading you. I just checked my config and
CONFIG_IP_FORWARDING is enabled.
In another mail:
>From: Giuseppe Vacanti <[EMAIL PROTECTED]>
<snip>
># Forward packets from ds3-net, masquerading as deselby.xs4all.nl.
>ipfwadm -F -a masquerade -S 192.168.1.0/24 -D 0.0.0.0/0 -V 192.168.1.1
>ipfwadm -F -p deny
I can see how this will masquerade/forward all messages coming in on
network 192.168.1, going to any IP address via 192.168.1.1 (i.e. the
server). Before I set this up on a running network I would like to be able
to test IP masquerading/forwarding on the server in isolation first.
As far as I can see diald should set up a static SLIP interface with a
given IP address and, upon demand, dial out to an ISP, connect using PPP
and generate a PPP interface, as follows
SLIP: interface IP: 192.168.2.1
PPP: interface IP: xxx.xxx.xxx.xxx
where xxx.xxx.xxx.xxx is the dynamic ISP assigned IP address. If I turn
reroute off in diald, some software must forward packets from the SLIP
interface (which receives the original request) to the PPP interface which
is connected to the real world. I was hoping to be able to use ipfw to do
this.
1) Watching the changes that occur even with reroute turned off both the
SLIP and PPP interfaces are modified when diald connects
2) In the following configuration:IP:
----------------------
| server |
| 192.168.1.1 |
| |
------ PPP |
| ^ |
| V | net: 192.168.1.0
| SLIP <--> Ethernet -------------------
----------------------
should the <SLIP IP>=<Ethernet IP>=192.168.1.1
3) Is there any way of testing forwarding/masquerading withount "going
live"?
Thanks already to Gerry and Giuseppe. Are there any more suggestions?
"Simon Martin"<[EMAIL PROTECTED]>
"Old software engineers never die, they just fail to boot"
Any Trademarks used in this document are recognized as Registered
Trademarks of their respective owners.
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]
