/* HINT: Search archives @ http://www.indyramp.com/masq/ before posting! */
I think you just have the IPCHAINS rule wrong. I don't think there's any
way to defeat masquerading from a routing standpoint; the whole POINT of it
is to be as invisible as possible. :) You can certainly defeat it by
encoding IP addresses inside packets, which is why there are all the hacks
and workarounds to get things like games to work properly with masq.
Try this line:
ipchains -A forward -i eth0 -s 192.168.1.0/24 -j MASQ
I am using a line very similar to this one, though I don't use 192.168
internally.
I think your problem may be that your netmask is in a bad format. The /24
is a shortcut for "255.255.255.0" -- it means '24 bits of netmask'
basically. A class B would use /16 (255.255.0.0), and class A uses /8
(255.0.0.0). You can use other netmasks, but don't unless you know why you
want to.
A link you may want to check out:
http://rlz.ne.mediaone.net/linux/firewall/
This is a really excellent site that lets you click your way through some
basic questions about what traffic you want to allow and reject, and then
builds a very nice firewall script for you. It helped me enormously in
learning ipchains. It will also do your MASQ rule, so you get it all at
once. :-)
Even after running through that, I have spent many hours studying that
script and learning how things work. I shudder to think of how long it
would have taken without the help -- and how many boneheaded mistakes I
would have made. My only real caveat about his site is this: if you enable
ICQ, it lets a large number of ports through. If you can live without ICQ
you will be safer. He doesn't really explain just how much gets opened up
to make ICQ work.
<<RON>>
----- Original Message -----
From: Bruno Melloni <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, August 22, 1999 2:02 PM
Subject: [Masq] Redhat6.0 and 2 network cards
> I have gone through the current howto, looked at the archives and used
> masquerading for serveral years, yet I'm stumped. Please help.
>
> Problem description:
> - Setting up a new home server using RedHat 6.0, 2 network cards (one
> internal and one to talk to the ADSL modem). eth0 is the card for the
> outside network, eth1 is the card for my home network. Basic networking
> works fine: the linux box talks to everything with no problem, and the
> home PCs talk to the linux box with no problem. All my past experience
> is with one network card + dial-up ppp.
>
> - The kernel should be fine, since with RedHat the default kernel
> usually works. IP forwarding is on (and I verified it by looking at
> /proc/sys/net/ipv4/ip_forwarding).
>
> - I tried to use the "simple" configuration to no use:
> ipchains -P forward DENY
> ipchains -A forward -s 192.168.1.0/255.255.255.0 -j MASQ
>
> - I then suspected that the problem might be a need to specify the
> proper network card, so I tried the following also to no use:
> ipchains -P forward DENY
> ipchains -A forward -s 192.168.1.0/255.255.255.0 -i eth0 -j MASQ
>
> I suspect that my problem is with how I am specifying the ipchains
> rules. Any ideas as to what I am doing wrong? Or is it even possible
> that my new ISP is doing something that actually manages to block
> masquerading?
>
> bruno
>
>
> [demime 0.91c removed an attachment of type text/x-vcard which had a name
of bruno.vcf]
>
_______________________________________________
Masq maillist - [EMAIL PROTECTED]
Admin requests can be handled at http://www.indyramp.com/masq-list/
or email to [EMAIL PROTECTED]
PLEASE read the HOWTO and search the archives before posting.
You can start your search at http://www.indyramp.com/masq/
Please keep general linux/unix/pc/internet questions off the list.
