Re: Setting up Masquerading on Debian machines.
Rob Browning writes: Is there any reason that msquerading wouldn't work right using the current (unstable) debian packages? No! I've set up a firewall with it and it works fine. I set up the host (the one actually connected to the internet via ppp) with the following network related commands (in addition to a ppp defaultroute): ... ipfwadm -F -p deny ipfwadm -F -a accept -m -S 192.168.1.0/24 -D 0.0.0.0/0 -W eth0 I think you have to use the external device here. Please try with the check option of ipfwadm. ifconfig eth0 192.168.1.2 netmask 255.255.255.0 broadcast 192.168.1.255 route add -net 192.168.1.0 netmask 255.255.255.0 route add default gw 192.168.1.1 metric 1 This doesn't work. I can ping the host from the client, and the host can reach the internet via it's pppd defaultroute, but the client cannot reach the internet, so the host is not forwarding the masqueraded packets. You could add a command after the above ones on the host to make it log the denied packages: ipfwadm -F -a deny -S 0.0.0.0/0 -D 0.0.0.0/0 -o Michael -- Michael Meskes, Projekt-Manager | [EMAIL PROTECTED], [EMAIL PROTECTED] topsystem Systemhaus GmbH| Tel: (+49) 2405/4670-44 Europark A2, Adenauerstr. 20 | Fax: (+49) 2405/4670-10 52146 Wuerselen | Go SF 49ers! Use Debian GNU/Linux! -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]
Re: Setting up Masquerading on Debian machines.
At 12:16 PM 12/30/96 -0600, Rob Browning wrote: [Previously (accidentally) posted to debian-devel] Is there any reason that msquerading wouldn't work right using the current (unstable) debian packages? I tried to set up a simple net, following the instructions in the IP-Masquerade mini-HOWTO, and have had no success. Here's some info if it's helpful: I tried kernels 2.0.27 and 2.1.17. I compiled all the features into the kernels that the HOWTO suggests (I think). I set up the host (the one actually connected to the internet via ppp) with the following network related commands (in addition to a ppp defaultroute): ifconfig lo 127.0.0.1 route -add net 127.0.0.0 dev lo ifconfig eth0 192.168.1.1 netmask 255.255.255.0 route -add net 192.168.1.0 dev eth0 ipfwadm -F -p deny ipfwadm -F -a accept -m -S 192.168.1.0/24 -D 0.0.0.0/0 -W eth0 And I set up the client machine (connected via ethernet to the host) with the following commands: ifconfig lo 127.0.0.1 route -add net 127.0.0.0 dev lo ifconfig eth0 192.168.1.2 netmask 255.255.255.0 broadcast 192.168.1.255 route add -net 192.168.1.0 netmask 255.255.255.0 route add default gw 192.168.1.1 metric 1 This doesn't work. I can ping the host from the client, and the host can reach the internet via it's pppd defaultroute, but the client cannot reach the internet, so the host is not forwarding the masqueraded packets. Is there some way to see what the host is doing with the packets? Thanks for any help. -- Maybe I don't get it right, but to me, it seems you're masquerading USING your eth0-interface, instead of your ppp0-interface.. am I right? // Remco van de Meent // email: [EMAIL PROTECTED] // www: http://cam053212.student.utwente.nl // -- Never make any mistaeks -- -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]
Re: Setting up Masquerading on Debian machines.
Remco van de Meent [EMAIL PROTECTED] writes: Maybe I don't get it right, but to me, it seems you're masquerading USING your eth0-interface, instead of your ppp0-interface.. am I right? That's right. I have a ppp connection from the host to the internet, and a ethernet connection from the client to the host, so I'm masquerading across the ethernet connection so that the client can reach the internet. -- Rob -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]
Re: Setting up Masquerading on Debian machines.
At 01:00 PM 12/30/96 -0600, Rob Browning wrote: Remco van de Meent [EMAIL PROTECTED] writes: Maybe I don't get it right, but to me, it seems you're masquerading USING your eth0-interface, instead of your ppp0-interface.. am I right? That's right. I have a ppp connection from the host to the internet, and a ethernet connection from the client to the host, so I'm masquerading across the ethernet connection so that the client can reach the internet. Yes, but what you want is masquerading the eth-iface using the ppp0-iface... So what I suggest is the following: ipfwadm -F -a masquerade -S 192.168.1.1 -D 0.0.0.0/0 -W ppp0 // Remco van de Meent // email: [EMAIL PROTECTED] // www: http://cam053212.student.utwente.nl // -- Never make any mistaeks -- -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED] From miss Received: from mongo.pixar.com (138.72.50.60) by master.debian.org with SMTP; 30 Dec 1996 19:24:55 - Received: (qmail 13416 invoked from network); 30 Dec 1996 19:24:06 - Received: from primer.i-connect.net (HELO master.debian.org) ([EMAIL PROTECTED]) by mongo.pixar.com with SMTP; 30 Dec 1996 19:24:06 - Date: Mon, 30 Dec 1996 13:22:54 -0600 (CST) Sender: Roy C Bixler [EMAIL PROTECTED] From: Roy C Bixler [EMAIL PROTECTED] To: Remco van de Meent [EMAIL PROTECTED] cc: Adriano Nagelschmidt Rodrigues [EMAIL PROTECTED], debian mailing list debian-user@lists.debian.org Subject: Re: qmail, was RE: mta suggestions? In-Reply-To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Resent-Message-ID: D-ygH3.0.Ns3.IR1oo@master.debian.org Resent-From: debian-user@lists.debian.org Resent-Reply-To: debian-user@lists.debian.org X-Mailing-List: debian-user@lists.debian.org archive/latest/2134 X-Loop: debian-user@lists.debian.org Precedence: list Priority: non-urgent Importance: low Resent-Sender: [EMAIL PROTECTED] On Mon, 30 Dec 1996, Remco van de Meent wrote: Maybe zmailer is another option? Seems to be very fast also... Yes, this works well, but unfortunately there is no Debian package available for it. Is anyone working on such a thing? Roy [EMAIL PROTECTED] -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]
Re: Setting up Masquerading on Debian machines.
Remco van de Meent said: Yes, but what you want is masquerading the eth-iface using the ppp0-iface... So what I suggest is the following: ipfwadm -F -a masquerade -S 192.168.1.1 -D 0.0.0.0/0 -W ppp0 I believe the -W option should only be used for -I and -O rules. Forwarding by definition occurs across (at least) two interfaces, so limiting it to one interface using -W doesn't make sense. Also, don't forget that 'ping' won't work :) (use traceroute or telnet). -- Scott Barker Linux Consultant [EMAIL PROTECTED] http://www.cuug.ab.ca:8001/~barkers/ (under construction) [ I try to reply to all e-mail within 3 days. If you don't ] [ get a response by then, I probably didn't get your e-mail. ] [ Unsolicited commercial and junk e-mail will be proof-read for US$100 ] Benson, you are so free of the ravages of intelligence - Time Bandits -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word unsubscribe to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]