Hi guys - I'm using Masq and RedHat 5.1 with DSL; and not having any
problems - but, there's a few gotchas.
Here's the deal:
When you connect your Linux box to the DSL "modem", you are in effect
putting that box directly on your ISP's network (and the internet). Now,
> -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Caleb Shay
> Sent: Friday, December 04, 1998 11:11 PM
> To: Masq
> Subject: [masq] Another Masq under DSL
>
>
> Hi,
> I think I'm close, but somebody just has to tell me what I'm doing
> wrong.
> I would try to explain it, but I can't, so here's a picture.
> Here's the setup:
>
> DSL-Modem
> |
> _____________Hub_______
> | |
> Box A Box B
> (eth0 is static (eth0 is
> eth0:0 is 192.168.1.2
> 192.168.1.1) and gateway is
> 192.168.1.1)
>
> I have all the requisite options compiled into my kernel (2.1.131), and
> Box A and Box B can see each other, and Box A can see the outside world,
> but Box B only kind of sees it. What I mean is this:
>
> boxb% traceroute www.yahoo.com
> 1 192.168.1.1
> ---
> --- (doing hops here)
> ---
> 11 www7.yahoo.com [204.71.200.72]
>
> I think to myself "Great, got this working first try!". But, trying to
> browse to any page in a web browser fails. I can telnet to machines
> outside without a problem, I can ping, etc. But web browsing fails.
> Since the only reason for setting this up was so that BoxB could browse
> the web I haven't succeeded yet.
>
> I have the following in my startup scripts:
>
> echo "1" > /proc/sys/net/ipv4/ip_forward
> /sbin/ifconfig eth0:0 192.168.1.1
> /sbin/route add -net 192.168.1.0 dev eth0:0
> (This line returns "SIOCADDRT: Invalid argument", which I'm sure is bad,
> but since this is technically a different network, don't I need this?)
> /sbin/ipchains -F input
> /sbin/ipchains -F output
> /sbin/ipchains -F forward
> /sbin/ipchains -P input ACCEPT
> /sbin/ipchains -P output ACCEPT
> /sbin/ipchains -P forward MASQ
> /sbin/ipchains -A forward -s 192.168.1.0/24 -j MASQ
>
> I know that this provides no security, but I don't see how it's any LESS
> secure than just having one machine hooked to the internet without any
> type of firewall. If I'm horribly wrong here, let me know.
>
> Thank you for your time,
>
> Caleb Shay
>
>
>
>
> --
> I have too much blood in my caffeine system.
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> For daily digest info, email [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
