Hello,
I'm trying to build slightly more advanced firewall using some of 2.2
kernel's features, but while some of the advertised features work, some
don't (for me).
According to ip-cref.tex (the iproute manual) following statement
should set-up masquerading for internal network 192.168.0.0/24:
# ip rule add pref 100 from 192.168.0.0/24 nat 0.0.0.0
And thus be (function-wise) equivalent with:
# ipchains -A forward -s 192.168.0.0/24 -d 0.0.0.0/0 -j MASQ
But somehow, it is not the case. "ip rules show" indicates, that the
setting is good:
diaspar:~# ip ru sh
0: from all lookup local
100: from 192.168.0.0/0 lookup main masquerade
32766: from all lookup main
32767: from all lookup default
But no masquerading does actually occur and tcpdump confirms this. I have
kernel 2.2.12 with all the necessary options turned on (advanced router,
policy routing etc.) Has anyone got idea what's wrong? Where should I look
for more info? Unfortunately I am not proficient enough to read kernel
source (I can read C, but the kernel is too complicated thing for me).
Bye Borek
--
=====================================================================
BOREK LUPOMESKY, network administrator University of J. E. Purkyne
Ceske mladeze 8
WWW: http://www.ujep.cz/~lupomesk/ Usti nad Labem, 40096
IRCnet: Borek @ #usti The Czech Republic
PGP keyid: B6A06AEB ICQ: 10139578 tel: +420-602-376368
==========[ MIME/ISO-8859-2 & PGP encrypted mail welcome ]===========
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to [EMAIL PROTECTED]
