Re: simple firewall for masquerade
On Tue, 25 Feb 2003, Adam C Powell IV wrote:
> I'm sorry to hear that. I've been running successfully on PPC and ARM,
> potato and woody... are you using sid?
I'm using Woody.
> Is the normal /etc/ipmasq/rules/A01interfaces.def not working for you?
I now installed the unstable version of ipmasq, and now it installed all
the standard config files in /etc/ipmasq.
I also removed my own stuff and tried just with the out of the box files.
> That is, does it not auto-detect the EXTERNAL and INTERNAL interfaces
> correctly?
It seems that it gets eth0 (my external) as EXTERNAL and then eth1 (my
internal) as INTERNAL, but I'm not sure. How can I confirm this?
> >/usr/sbin/ipmasq: ipnm_cache: command not found
> "grep cache /usr/sbin/ipmasq" gives nothing, so I don't see where it's
> calling that.
I found it in the stable package example files, but now with the unstable
it doesn't show up.
> Which version of ipmasq are you using? Woody has 3.5.10, can't help you
> with anything higher. (And I don't really know much about the version
> in woody -- except that it works for me.)
Now I use ipmasq 3.5.11. It seems to start up properly and so on, and the
computer attached has the same settings as when I hade my firewall running
under RedHat (so I reckon that config is alright). Then I started checking
once more if there really wasn't something I had forgotten to put into the
kernel. The documentation says:
* `CONFIG_NETFILTER'
* `CONFIG_IP_NF_TABLES'
* `CONFIG_IP_NF_CONNTRACK'
* `CONFIG_IP_NF_NAT'
* `CONFIG_IP_NF_TARGET_MASQUERADE'
And here I find a strange thing; I don't have the option
CONFIG_IP_NF_TABLES in my 2.4.20 config file. Instead, there is a
CONFIG_IP_NF_IPTABLES (could that be the same?), which I have compiled in
the kernel. Thus, I have the following in the current kernel:
CONFIG_IP_NF_IPTABLES=y
CONFIG_NETFILTER=y
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_NAT=y
CONFIG_IP_NF_TARGET_MASQUERADE=y
It still doesn't work, though... :(
I haven't found a way of doing verbose debugging, so I haven't really seen
exactly where the packages go and exacly where they are rejected --
network traffic between the two computers runs just fine, but when the
attached computer wants to access the outside world, I have less success.
Thanks,
/Joakim
--
http://www.efd.lth.se/~d97jro/
Reply to: