Re: ipchains diagnostics

2000-01-25 Thread Dänzer 


--- Patrick Kirk <[EMAIL PROTECTED]> wrote:
> 
> Would you mind explaining when to use 10.0.0.0/8 10.0.0.0/24 and
> 10.0.0.0/32

With 10.0.0.0/24, the masquerading code will only forward from/to IPs
10.0.0.x, whereas with 10.0.0.0/8 10.x.x.x , which is probably what you want
(although it escapes me why anyone would need such a big private network? :)

> as I never understand and don't know if using the wrong one will break
> anything.

If it's wrong, your packets probably won't get routed.


Michel


=
"Software is like sex; it's better when it's free"
 -- Linus Torvalds

"If you continue running Windows, your system may become unstable."
 -- Windows 95 BSOD
__
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com

Re: ipchains diagnostics

2000-01-25 Thread Dänzer 


--- hypnos <[EMAIL PROTECTED]> wrote:
> On Mon, 24 Jan 2000, Michel Dänzer wrote:
> 
> > > /sbin/ipchains -A forward -s 10.0.0.0/24 -j MASQ
> > 
> > The IP address looks funny. Sure it's private?
> 
> That's the private Class A network address.  It does
> look like he is using a Class C network 10.0.0 though.
> If not, it should be 10.0.0.0/8 instead.

That's what I was trying to say :)


Michel


=
"Software is like sex; it's better when it's free"
 -- Linus Torvalds

"If you continue running Windows, your system may become unstable."
 -- Windows 95 BSOD
__
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com

Re: ipchains diagnostics

2000-01-25 Thread Patrick Kirk 

Would you mind explaining when to use 10.0.0.0/8 10.0.0.0/24 and 10.0.0.0/32
as I never understand and don't know if using the wrong one will break
anything.  If its an RTFM situatiion, a pointer at a howto would be
appreciated.

Patrick

> > /sbin/ipchains -A forward -s 10.0.0.0/24 -j MASQ
>
> The IP address looks funny. Sure it's private?

That's the private Class A network address.  It does
look like he is using a Class C network 10.0.0 though.
If not, it should be 10.0.0.0/8 instead.

--
hypnos  



--
Unsubscribe?  mail -s unsubscribe [EMAIL PROTECTED] <
/dev/null

Re: ipchains diagnostics

2000-01-25 Thread hypnos 
On Mon, 24 Jan 2000, Michel D?nzer wrote:

> > /sbin/ipchains -A forward -s 10.0.0.0/24 -j MASQ
> 
> The IP address looks funny. Sure it's private?

That's the private Class A network address.  It does
look like he is using a Class C network 10.0.0 though.
If not, it should be 10.0.0.0/8 instead.

--
hypnos

Re: ipchains diagnostics

2000-01-24 Thread Dänzer 


--- Patrick <[EMAIL PROTECTED]> wrote:
> I can't get ipchains to work and get no error messages when I run
> echo "1" > /proc/sys/net/ipv4/ip_forward
> /sbin/ipchains -P forward DENY
> /sbin/ipchains -A forward -s 10.0.0.0/24 -j MASQ

The IP address looks funny. Sure it's private?


Michel


=
"Software is like sex; it's better when it's free"
 -- Linus Torvalds

"If you continue running Windows, your system may become unstable."
 -- Windows 95 BSOD
__
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com

Re: ipchains diagnostics

2000-01-24 Thread aphro 
i assume your talking about ipmasq ? did u set the gateway of the other
machines to the ip of the linux box? what happens exactly?

make sure your using kernel 2.2 if yer usin ipchains

nate

On Mon, 24 Jan 2000, Patrick wrote:

patric >I can't get ipchains to work and get no error messages when I run
patric >echo "1" > /proc/sys/net/ipv4/ip_forward
patric >/sbin/ipchains -P forward DENY
patric >/sbin/ipchains -A forward -s 10.0.0.0/24 -j MASQ
patric >
patric >How can I tell what's wrong?  I see nothing in logs nor
patric >tail -f /var/log/messages.
patric >
patric >Patrick
patric >
patric >
patric >
patric >
patric >-- 
patric >Unsubscribe?  mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
patric >

[mailto:[EMAIL PROTECTED] ]--
   Vice President Network Operations   http://www.firetrail.com/
  Firetrail Internet Services Limited  http://www.aphroland.org/
   Everett, WA 425-348-7336http://www.linuxpowered.net/
Powered By:http://comedy.aphroland.org/
Debian 2.1 Linux 2.0.36 SMPhttp://yahoo.aphroland.org/
-[mailto:[EMAIL PROTECTED] ]--
6:37am up 157 days, 18:43, 1 user, load average: 1.02, 1.46, 1.39

Re: ipchains diagnostics

2000-01-24 Thread Onno Ebbinge 
At 01:56 PM 1/24/00 +, Patrick wrote:
>ip masq is definately enabled in the kernel but not sure about ip forwarding.
>
>My real question is how can I diagnose the error.  Where can I get a message 
>what setting I've missed as I know this is Operator Error.

If 'ls /proc/sys/net/ipv4' yields a 'ip_forward' then the
kernel supports ip forwarding.

But futher diagnostics is done step bij step: 

(others: please correct me when I'm wrong because 
 I'm doing this 'on the fly')

- check the kernel for support
- check kernel parameters
- check ifconfig
- check route
- check ipchains

Good luck,

Onno

Re: ipchains diagnostics

2000-01-24 Thread Patrick 
ip masq is definately enabled in the kernel but not sure about ip forwarding.

My real question is how can I diagnose the error.  Where can I get a message 
what setting I've missed as I know this is Operator Error.


Patrick

Re: ipchains diagnostics

2000-01-24 Thread Onno Ebbinge 
IP forwarding and IP masq-ing are enabled in the kernel?

Regards,

Onno


At 10:29 AM 1/24/00 +, Patrick wrote:
>I can't get ipchains to work and get no error messages when I run
>echo "1" > /proc/sys/net/ipv4/ip_forward
>/sbin/ipchains -P forward DENY
>/sbin/ipchains -A forward -s 10.0.0.0/24 -j MASQ
>
>How can I tell what's wrong?  I see nothing in logs nor
>tail -f /var/log/messages.
>
>Patrick

ipchains diagnostics

2000-01-24 Thread Patrick 
I can't get ipchains to work and get no error messages when I run
echo "1" > /proc/sys/net/ipv4/ip_forward
/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -s 10.0.0.0/24 -j MASQ

How can I tell what's wrong?  I see nothing in logs nor
tail -f /var/log/messages.

Patrick