Thanks for your reply Kirk.
> Are you sure you have IP Masquerading compiled into the kernel? As I
> understand it (and I could be *way* off, I admit),
Yes.
>
> 1) If your Linux box makes a proper PPP connection, it doesn't need IP
> Masq to "surf" (this is a fact, e.q. Windows)
Confused - what do you mean by 'surf'?
> 2) If the kernel doesn't have IP Masq compiled in but *does* have IP
> Forwarding enabled, it will simply forward packets from one interface to
> another without "masquerading" them.
No masquerading DOES work here, however 'initial' UDP packets are not
being masqueraded - they are being merely forwarded onto my public
interface. After a while it suddenly works - ie BOTH UDP and TCP are being
masqueraded...
>
> Any other voices of reason?
>
> peace favor your sword
>
> -----Original Message-----
> From: Rod Moffitt
> Sent: Monday, June 21, 1999 12:22 PM
> To: Kirk Lawson
> Cc: 'MASQ@SMTP <[EMAIL PROTECTED]>'; 'LINUX-DI@SMTP
> <[EMAIL PROTECTED]>'
> Subject: RE: Masq&Diald: When 'initial' traffic t
>
> On Mon, 21 Jun 1999, Kirk Lawson wrote:
>
> >
> > What Linux distro. are you using, specifically, what version and
> kernel?
> >
>
>
> Sorry about that - I am using 2.0.36 with the ipportfw and egcs
> patches...
>
> - Rod
>
> > peace favor your sword
> >
> > -----Original Message-----
> > From: Rod Moffitt
> > Sent: Monday, June 21, 1999 11:56 AM
> > To: LKLawson; 'MASQ@SMTP <[EMAIL PROTECTED]>'; 'LINUX-DI@SMTP
>
>
> > <[EMAIL PROTECTED]>'
> > Subject: Masq&Diald: When 'initial' traffic that
> >
> > Original Subject:
> > Masq&Diald: When 'initial' traffic that brings up link is UDP
> >
> > Masq&Diald: When 'initial' traffic that brings up link is UDP kernel
> DOES
> > not masq - it merely forwards...
> >
> -------------------------------------------------------------------------
>
> >
> > I recently helped a friend out who used a modem to access the net. They
> > recently picked up a second machine for their kid and as such wanted a
> > LAN. I of course recognized the situation (since it was mine a few
> years
> > ago!) and offered to not only help setup a LAN, yet add a firewall so
>
>
> > that
> > BOTH of the computers could access the LAN - and to boot that this
> > magical
> > firewall could automatically detect when you wanted to get on the
> > Internet and dial up for you. They of course loved the idea and that is
> > what I spent the good part of last week and this last weekend doing.
> >
> > Now the problem - of course the Masq stuff was easy since I merely
> cloned
> > most of my rules. In addition the diald stuff was easy since all I had
> > to do was modify the 'connect' chat script. And of course when I tested
>
>
> > it
> > from the firewall it worked great! If I pinged a host the link would
> come
> > up and the Masquerading worked great!
> >
> > Now the bad news, when I tried it from one of the Win95 hosts it didn't
> > work so great. When the 'initial' traffic that caused diald to get ppp
> up
> > was UDP (say an initial DNS lookup for a web site, or for a
> > Starcraft-battlenet connection) Masquerading did not occur - the kernel
> > merely forward the packets out! Take a look at a snapshot of the
> > following
> > kernel logs (W.X.Y.Z is the address of the Win95 host, A.B.C.D and
> > E.F.G.H
> > are addresses of DNS hosts) where DNS packets where not properly
> > Masqueraded, instead they were merely forwarded.
> >
> > Now Masquerading did work for all packet types from the firewall
> machine.
> > In addition this whole scenario worked for me nearly two years ago when
> I
> > did not have my static IP as I do today, and I never saw this type of
> > problem.
> >
> > I checked the How-to and FAQs (BTW the masq mailing list archives are
> NOT
> > searchable - this would be a real time saver). When scanning the diald
>
>
> > FAQ
> > (http://www.loonie.net/~eschenk/diald/diald-faq-6.html#ss6.11) it says
> > that TCP connections are not to be used 'to bring up the link' yet UDP
>
>
> > are
> > (it has to with not being able to change the address of a TCP
> > connection),
> > therefore this problem seems to be the inverse?!?!
> >
> > Anyone have an idea?
> >
> >
> > Jun 19 20:12:32 router kernel: IP fw-out deny ppp0 UDP W.X.Y.Z:61232
> > A.B.C.D:53 L=65 S=0x00 I=4096 F=0x0000 T=31
> > Jun 19 20:12:47 router kernel: IP fw-out deny ppp0 UDP W.X.Y.Z:61233
> > E.F.G.H:53 L=65 S=0x00 I=4352 F=0x0000 T=31
> > Jun 19 20:13:02 router kernel: IP fw-out deny ppp0 UDP W.X.Y.Z:61232
> > A.B.C.D:53 L=65 S=0x00 I=4608 F=0x0000 T=31
> > Jun 19 20:13:22 router kernel: IP fw-out deny ppp0 UDP W.X.Y.Z:61233
> > E.F.G.H:53 L=65 S=0x00 I=4864 F=0x0000 T=31
> >
> >
> > Here are my masquerading rules:
> >
> > ipfwadm -F -f
> > ipfwadm -F -p deny
> >
> > echo "masquerade-forwarding from $PRIVATE_NET"
> > ipfwadm -F -a accept -m -W $PUBLIC_INT -S $PRIVATE_NET
> >
> > echo "masquerade-forwarding on $DIALD_INT from $PRIVATE_NET"
> > ipfwadm -F -a accept -m -W $DIALD_INT -S $PRIVATE_NET
> >
> > ipfwadm -F -a deny -o
> >
> >
> > --
> >
> > ============ Geek Technology at its best: http://nuked.org
> > ===============
> >
> ``````````````````````````````````````````````````````````````````````````
>
>
>
>
>
> > Rod Moffitt ICQ# 6696644 Linux: multi-platform, multi-tasking,
> > [EMAIL PROTECTED] multi-user, fast & free!
> > http://www.linux.org
> > PGP RSA KeyID 570A0731 Protect your privacy!
> > http://www.pgpi.com
> > http://rodmoffitt.org Net, s/w & h/w consulting:
> > http://vissitt.com
> >
> ..........................................................................
>
>
> >
> > ========= Where loved ones are remembered: http://memoriam.org
> > ===========
> >
> > Last yeer I kudn't spel Engineer. Now I are won.
> >
> >
> >
> >
> >
> > -
> > To unsubscribe from this list: send the line "unsubscribe linux-diald"
> in
> > the body of a message to [EMAIL PROTECTED]
> >
>
> --
>
> ============ Geek Technology at its best: http://nuked.org
> ===============
> ``````````````````````````````````````````````````````````````````````````
>
> Rod Moffitt ICQ# 6696644 Linux: multi-platform, multi-tasking,
> [EMAIL PROTECTED] multi-user, fast & free!
> http://www.linux.org
> PGP RSA KeyID 570A0731 Protect your privacy!
> http://www.pgpi.com
> http://rodmoffitt.org Net, s/w & h/w consulting:
> http://vissitt.com
> ..........................................................................
>
> ========= Where loved ones are remembered: http://memoriam.org
> ===========
>
> Last yeer I kudn't spel Engineer. Now I are won.
>
>
>
> -
> To unsubscribe from this list: send the line "unsubscribe linux-diald" in
> the body of a message to [EMAIL PROTECTED]
>
--
============ Geek Technology at its best: http://nuked.org ===============
``````````````````````````````````````````````````````````````````````````
Rod Moffitt ICQ# 6696644 Linux: multi-platform, multi-tasking,
[EMAIL PROTECTED] multi-user, fast & free! http://www.linux.org
PGP RSA KeyID 570A0731 Protect your privacy! http://www.pgpi.com
http://rodmoffitt.org Net, s/w & h/w consulting: http://vissitt.com
..........................................................................
========= Where loved ones are remembered: http://memoriam.org ===========
Last yeer I kudn't spel Engineer. Now I are won.
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
http://tiffany.indyramp.com/mailman/listinfo/masq
Admin requests can be handled by web (above) or [EMAIL PROTECTED]
