[H-GEN] Re: IP masquerade problems
Anthony Towns
aj at humbug.org.au
Tue Jul 22 00:13:09 EDT 1997
-----BEGIN PGP SIGNED MESSAGE-----
(moved to the general list)
On Tue, 22 Jul 1997, Thomas Garai wrote:
> Thanks for helping me out with my sendmail problem. Now I have a
> different problem I was hoping I could get some advice on from you
> unix gurus out there.
(urk! can you please set your line lengths to ~75 characters? Pine has
problems otherwise)
> This one is relating to IP masquerading.
> My machine is running linux 2.0.18 redhat, and I have another two
> machines networked to it, theyre running windows95
> Im using TCP/IP. Im communicating with the linux server from the
> windows machines. Telnet to the linux server on all ports (WWW IRC
> SMTP POP) works fine.
> I can connect to my ISP via the linux server, but the packets are
> not routed to and from the win95 machines on my network.
> My small network has the address 192.168.100.0, netmask 255.255.255.0
> The windows95 machines are set to use the IP address of my machine
> as a gateway (192.168.100.1).
> I've tried ipfwadm -F -a access
> ipfwadm -F -a blah blah .....
You're _probably_ using the ordinary forwarding facility, rather than
masquerading. (you don't use "accept" for masquerading, you use
"masquerade" (shortened to "masq", or just "m"))
My /etc/init.d/network (Debian networking startup file, as near as I
can guess) has
ifconfig [as appropriate]
ipfwadm -F -a masq -S 192.168.105.0/24 -D 0/0
You'd change the above to "192.168.100.0/24", I believe. "24" is a
shorthand for the netmask, btw.
My default policy for forwarding is "accept":
ipfwadm -F -p accept
However, the sensible thing to set this to is
ipfwadm -F -p deny
if you'd like your Lose95 machines protected by some semblance of a
firewall.
It might be interesting to try setting your default policy to
"masquerade", in which case you may not need specific rules for each
network you've got connected. (ObScure:) Of course, you also might no
longer need to run sendmail just in case you lock yourself out of your
computer.
Cheers,
aj
- --
Anthony Towns <aj at humbug.org.au> <http://student.uq.edu.au/~s343676/>
I don't speak for anyone save myself. PGP encrypted mail preferred.
``Like the ski resort of girls looking for husbands and husbands looking
for girls, the situation is not as symmetrical as it might seem.''
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3ia
Charset: ascii
Comment: Key available at http://student.uq.edu.au/~s343676/aj_key.asc
iQCVAwUBM9QzW+RRvX9xctrtAQFxOgQAsXSQpKjgVaf4TQBOhl4nKEbxGTSaKYUS
pQX6RjN/NwQ4IJ7zWDBOpYDJ4HGUfUxYgq7Y0HY5dMVd7qYJKWBVZhE6ihRe1bNu
O1FBXaojKJ8O2PYLhdGR3IEaK2dknhx4ZMF69HYwz4e9e2JE4rbxBZPvaPrduNkP
ljtqa1NXelE=
=5K6p
-----END PGP SIGNATURE-----
----------------------- HUMBUG General List --------------------------------
echo "unsubscribe general" | mail majordomo at humbug.org.au # To Unsubscribe
More information about the General
mailing list