Re: simple firewall for masquerade

To: Adam C Powell IV <hazelsct@mit.edu>
Cc: debian-alpha@lists.debian.org
Subject: Re: simple firewall for masquerade
From: Joakim Roubert <jokke@df.lth.se>
Date: Tue, 25 Feb 2003 17:43:48 +0100 (CET)
Message-id: <[🔎] Pine.LNX.4.44.0302251732090.462-100000@octavia>
In-reply-to: <[🔎] 3E5B95A1.60000@mit.edu>

On Tue, 25 Feb 2003, Adam C Powell IV wrote:

> I'm sorry to hear that.  I've been running successfully on PPC and ARM,
> potato and woody... are you using sid?

I'm using Woody.

> Is the normal /etc/ipmasq/rules/A01interfaces.def not working for you?

I now installed the unstable version of ipmasq, and now it installed all
the standard config files in /etc/ipmasq.

I also removed my own stuff and tried just with the out of the box files.

> That is, does it not auto-detect the EXTERNAL and INTERNAL interfaces
> correctly?

It seems that it gets eth0 (my external) as EXTERNAL and then eth1 (my
internal) as INTERNAL, but I'm not sure. How can I confirm this?

> >/usr/sbin/ipmasq: ipnm_cache: command not found
> "grep cache /usr/sbin/ipmasq" gives nothing, so I don't see where it's
> calling that.

I found it in the stable package example files, but now with the unstable
it doesn't show up.

> Which version of ipmasq are you using?  Woody has 3.5.10, can't help you
> with anything higher.  (And I don't really know much about the version
> in woody -- except that it works for me.)

Now I use ipmasq 3.5.11. It seems to start up properly and so on, and the
computer attached has the same settings as when I hade my firewall running
under RedHat (so I reckon that config is alright). Then I started checking
once more if there really wasn't something I had forgotten to put into the
kernel. The documentation says:

        * `CONFIG_NETFILTER'
        * `CONFIG_IP_NF_TABLES'
        * `CONFIG_IP_NF_CONNTRACK'
        * `CONFIG_IP_NF_NAT'
        * `CONFIG_IP_NF_TARGET_MASQUERADE'

And here I find a strange thing; I don't have the option
CONFIG_IP_NF_TABLES in my 2.4.20 config file. Instead, there is a
CONFIG_IP_NF_IPTABLES (could that be the same?), which I have compiled in
the kernel. Thus, I have the following in the current kernel:

CONFIG_IP_NF_IPTABLES=y
CONFIG_NETFILTER=y
CONFIG_IP_NF_CONNTRACK=y
CONFIG_IP_NF_NAT=y
CONFIG_IP_NF_TARGET_MASQUERADE=y

It still doesn't work, though... :(
I haven't found a way of doing verbose debugging, so I haven't really seen
exactly where the packages go and exacly where they are rejected --
network traffic between the two computers runs just fine, but when the
attached computer wants to access the outside world, I have less success.

Thanks,

/Joakim
-- 
 http://www.efd.lth.se/~d97jro/

Reply to:

Follow-Ups:
- Re: simple firewall for masquerade
  - From: Adam C Powell IV <hazelsct@mit.edu>
- Re: simple firewall for masquerade
  - From: Juhan Ernits <juhan@cc.ioc.ee>

References:
- Re: simple firewall for masquerade
  - From: Adam C Powell IV <hazelsct@mit.edu>

Prev by Date: Re: simple firewall for masquerade
Next by Date: kernel boot failure..
Previous by thread: Re: simple firewall for masquerade
Next by thread: Re: simple firewall for masquerade
Index(es):
- Date
- Thread