/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */
I have recently upgraded several network gateway machines to various
versions of the 2.2.x kernel (where x=6, 7, and 10). I was previously
running 2.0.34 which I compiled to include support for IP Masquerading,
and this setup worked very well. I used ipfwadmin to initialize the
masquerading.
I then converted to the various 2.2.x kernels, followed the howto, and
converted all of the ipfwadmin usage to ipchains and made sure to enable
ip forwarding. Here is the current, relevant portion of my
/etc/rc.d/rc.inet:
---
/sbin/ifconfig eth0 0.0.0.0 up
/sbin/rrdhcpcd
/sbin/rrlogind
/sbin/ifconfig eth0:0 10.0.7.1 up
/sbin/route add -net 10.0.7.0 netmask 255.255.255.0 eth0:0
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -s 10.0.7.0/24 -i eth0 -j MASQ
echo 1 > /proc/sys/net/ipv4/ip_forward
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_user
---
I have had varying success with external access using machines on the
local network (10.0.7.0/24). Windows machines (arrgh) and Unix
workstations (two SGI Indys, an HP workstation, an AlphaStation, and a
Sun) have no trouble accessing the Internet through the masquerading
gateway, though all of the Linux boxen have very flaky access.
After rebooting, I can (for example) ping netscape.com
seemingly indefinitely. I then try to ping freshmeat.net, and get at most
four ping responses. Following that, I am unable to access any other
external servers. The same thing happens with any set of two external
servers.
I have read some FAQ's and newsgroups, and tried two things:
* I applied the patch from http://juanjox.linuxhq.com/ and recompiled
the kernel. This slightly decreased the flakiness (I'm sorry I need to
refer to it in such qualitative terms, though the problem seems very
transient and difficult to test) though it is still very unreliable.
* The MTU on both the gateway and one internal machine I tried was set
to 1500. I tried setting this on all devices on both machines to 296 as
per one FAQ. This did not solve the problem and only seemed to
significantly slow down external transfers.
Has anyone else encountered this problem? I have followed the howto and
completely started over on three instances, with three kernel versions on
two separate computers, and encountered precisely the same problem, which
leads me to believe it may be a kernel bug (or configuration braindamage
on my part). Any suggestions would be appreciated.
Thank you,
Steve
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
