[H-GEN] Re: IP masquerade problems

Anthony Towns aj at humbug.org.au
Tue Jul 22 00:13:09 EDT 1997 

-----BEGIN PGP SIGNED MESSAGE-----

(moved to the general list)

On Tue, 22 Jul 1997, Thomas Garai wrote:

> Thanks for helping me out with my sendmail problem. Now I have a
> different problem I was hoping I could get some advice on from you
> unix gurus out there.   

(urk! can you please set your line lengths to ~75 characters? Pine has
problems otherwise)

> This one is relating to IP masquerading.
> My machine is running linux 2.0.18 redhat, and I have another two
> machines networked to it, theyre running windows95  
> Im using TCP/IP. Im communicating with the linux server from the
> windows machines. Telnet to the linux server on all ports (WWW IRC
> SMTP POP) works fine.   
> I can connect to my ISP via the linux server, but the packets are
> not routed to and from the win95 machines on my network.    
> My small network has the address 192.168.100.0, netmask 255.255.255.0
> The windows95 machines are set to use the IP address of my machine
> as a gateway (192.168.100.1). 
> I've tried ipfwadm -F -a access
>            ipfwadm -F -a blah blah .....

You're _probably_ using the ordinary forwarding facility, rather than
masquerading. (you don't use "accept" for masquerading, you use
"masquerade" (shortened to "masq", or just "m"))

My /etc/init.d/network (Debian networking startup file, as near as I
can guess) has 
	ifconfig [as appropriate]

	ipfwadm -F -a masq -S 192.168.105.0/24 -D 0/0

You'd change the above to "192.168.100.0/24", I believe. "24" is a
shorthand for the netmask, btw.

My default policy for forwarding is "accept":
	ipfwadm -F -p accept

However, the sensible thing to set this to is
	ipfwadm -F -p deny
if you'd like your Lose95 machines protected by some semblance of a
firewall.

It might be interesting to try setting your default policy to
"masquerade", in which case you may not need specific rules for each
network you've got connected. (ObScure:) Of course, you also might no
longer need to run sendmail just in case you lock yourself out of your
computer.

Cheers,
aj

- --
Anthony Towns <aj at humbug.org.au> <http://student.uq.edu.au/~s343676/>
I don't speak for anyone save myself. PGP encrypted mail preferred.

``Like the ski resort of girls looking for husbands and husbands looking
  for girls, the situation is not as symmetrical as it might seem.''

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: ascii
Comment: Key available at http://student.uq.edu.au/~s343676/aj_key.asc

iQCVAwUBM9QzW+RRvX9xctrtAQFxOgQAsXSQpKjgVaf4TQBOhl4nKEbxGTSaKYUS
pQX6RjN/NwQ4IJ7zWDBOpYDJ4HGUfUxYgq7Y0HY5dMVd7qYJKWBVZhE6ihRe1bNu
O1FBXaojKJ8O2PYLhdGR3IEaK2dknhx4ZMF69HYwz4e9e2JE4rbxBZPvaPrduNkP
ljtqa1NXelE=
=5K6p
-----END PGP SIGNATURE-----

----------------------- HUMBUG General List --------------------------------
echo "unsubscribe general" | mail majordomo at humbug.org.au # To Unsubscribe

More information about the General mailing list