Re: [Leaf-user] LEAF routing private IP space

Thu, 07 Feb 2002 10:30:07 -0800 


I use Eigerstein.
  In network.conf there is a setting  MASQ=YES
What this does, in ipfilter.conf, is turn on a  masquerading rule.

If your config is entirely different from this then you need a single command

ipchains -A forward -j MASQ  -p all  -s 192.  . 0/24(internal net) -d  ! 192.  .
0/24(internal netl)

i.e   add a rule to the forward chain to send to MASQ all protocols
  FROM  the internal net  TO NOT the internal net

You can enter this from the command line for now.

Otherwise your DSL router will have to have a route to you.





Greg R <[EMAIL PROTECTED]> on 02/07/2002 11:50:06 AM

To:   [EMAIL PROTECTED]
cc:    (bcc: Phillip Watts/austin/Nlynx)

Subject:  Re: [Leaf-user] LEAF routing private IP space



Yes, the DSL router responds to ping on it's internal interface. Yes ICMP
is enabled and yes forwarding is enabled.

Maybe something very fundamental I am missing here - does the Oxygen
release 1.8 not set up the router to perform NAT between interfaces eth0 &
eth1 by default? I am working on the assumption that it is, but if all it
is doing is routing, then of course - i am missing a route on the DSL
router.

Greg R


--- [EMAIL PROTECTED] wrote:
>
>
>   But you didn't say if you could ping the DSL router from the LEAF
> router
> (or anywhere else)
> Does the DSL router respond to ping?   probably does
> You said you can ping anywhere from LEAF so icmp is probably enabled
> in proc/sys/net/ipv4.
> I assume forwarding is enabled.
>
> FOR ME, that only leaves that your DSL router doesn't have a route to
> your internal net.  You said you have no firewall, I assumes that means
> no NAT, so the DSL router needs a route to you.
>
>
>
>
>
>
> Greg R <[EMAIL PROTECTED]> on 02/07/2002 11:12:15 AM
>
> To:   [EMAIL PROTECTED]
> cc:   [EMAIL PROTECTED] (bcc: Phillip Watts/austin/Nlynx)
>
> Subject:  [Leaf-user] Re: LEAF routing private IP space
>
>
>
> Thank you Matt & David for you replies.
>
> Let me see if I can provide some more information for you.
>
> I do not have any firewall enabled, nor is ipchains installed - the
> router
> is wide open. eth0 is the outside interface - I am sure. From the router
> I
> can ping anything anywhere, by IP and by FQDN.
>
> I have enabled both interfaces to respond to ICMP, and like I said in my
> first post I can ping both of the interfaces (eth0 & eth1) from the
> router
> itself, I can ping the external interface (eth0) from the DSL router in
> front of it, and I can ping the internal interface (eth1) from the
> workstation behind it.
>
> When I say that ping "fails" when I attempt to ping the internal
> interface
> of the DSL router from the workstation behind the LEAF router I mean that
> there is 100% packet loss - in other words ping just sits there until I
> issue an interrupt at which point is shows the following message:
>
> workstation:/root # ping 192.168.68.1
> PING 192.168.68.1 (192.168.68.1): 56 data bytes
>
> --- 192.168.68.1 ping statistics ---
> 3 packets transmitted, 0 packets received, 100% packet loss
>
>
> Here is the output of the commands you requested:
>
> # lsmod
> Module                  Size  Used by
> ip_masq_autofw          2432   0 (unused)
> ip_masq_portfw          2416   0 (unused)
> smc-ultra               4168   2
> 8390                    6340   0 [smc-ultra]
>
> #which ipmasqadm
> /usr/sbin/ipmasqadm
>
> Please let me know if there is more info I can include in the
> troubleshooting report and thanks for all your attention so far.
>
> Greg R
>
>
> --- Matt Schalit <[EMAIL PROTECTED]> wrote:
> > Ray Olszewski wrote:
> > >
> > > <sigh> We need a FAQ answer for this one too (or do we have one?).
> > >
> > > LEAF basic firewalls by default block ALL private-address traffic on
> > the
> > > external interface. (At least Dachstein and Eigerstein do, and I
> think
> > > Oxygen is the same in that regard.)
> >
> > Nope.  Oxygen has zero ipchains rules by default.
> > In fact, you'd be hard pressed to even find ipchains
> > on the boot diskette :)
> >
> > But then again, it's meant to load from more than
> > one diskette, network, cdrom, ftp, tftp, whatever.
> > You can squeeze ipchains.lrp on the first diskette
> > though.  But that's another thread.
> >
> > As far as Greg's question goes, he's done a good
> > job so far and made a good post.  But he left
> > out a few things like the output of
> >
> >    [ which ipchains ] && ipchains -L -v -n || echo "Doh!"
> >     lsmod
> >     which ipmasqadm
> >
> > I realize that's along the lines of your post, though :)
> > We just don't know if he's even has ipchains yet.
> >
> > (And the arp cache listing from the 192.168.1.50 would help
> > along with the exact failed ping output.)
> >
> > Best,
> > Matthew


__________________________________________________
Do You Yahoo!?
Send FREE Valentine eCards with Yahoo! Greetings!
http://greetings.yahoo.com

_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user





_______________________________________________
Leaf-user mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/leaf-user























					Reply via email to