[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

RE: Potato, DHCP and IPMASQ



Greetings,
	Sounds like the ipmasq .deb package is killing DNS queries, but it may be
killing more.  I also use dhcpcd, but I made the assumption that I really
wouldn't know what the ipmasq .deb package was really doing, unless I
configured the firewall myself.  (I was afraid of getting into your
situation).
	My suggestion: install iptraf, and monitor the type of traffic that you are
getting to the box, and then build your rules based on what you see (i.e.
traffic that you know MUST come through).  In my situation (road runner
cable modem), I have to allow some messages on broadcast and non-routable
addresses in order to maintain a proper connection.
	Another suggestion: set up rules that deny and log everything, attempt
normal traffic (e.g. ping a name), then check your syslog and/or kernel.log
to find out what kind of stuff is trying to get through, and then build your
rules.

Have fun,

Brooks

> -----Original Message-----
> From: mray@mailfw.niccx.com [mailto:mray@mailfw.niccx.com]On Behalf Of
> Matthew H. Ray
> Sent: Tuesday, August 22, 2000 5:54 PM
> To: debian-firewall@lists.debian.org
> Subject: Potato, DHCP and IPMASQ
>
>
> I've got a K6-200 box that has been running Potato since January that I
> recently tried to switch to an ipmasqing machine.  When I first
> installed I was using DHCP on the Netgear (tulip) 100mbit (eth1), but I
> switched over to the 10mbit 3Com 3c900 (eth0).  Both cards worked just
> fine.  To setup the ipmasqing, I grabbed the 2.2.16 kernel source, the
> .config from a working firewall here at work and reconfigured for the
> appropriate hardware.  Everything worked just fine after installing the
> new kernel.  I'm using the dhcpcd .deb (latest version) which works just
> fine.  The problem is that when I install the ipmasq .deb, I can't get a
> network connection again.  Pinging www.yahoo.com returns
>
> ping: unknown host www.yahoo.com
>
> and pinging the local dhcp server returns
>
> ping: sendto: Operation not permitted
> ping: wrote 10.1.1.11 64 chars, ret=-1
> ...100% packet loss
>
> If I remove the ipmasq .deb and restart the box, dhcp works again.  I've
> tried wiping and reinstalling dhcpcd and ipmasq several times, but I
> can't get past this error.
>
> Any suggestions?
> Thanks,
> Matthew H. Ray
> Programmer, Coral Technologies, Inc.
> mray@coral-tech.com
>
>
> --
> To UNSUBSCRIBE, email to debian-firewall-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
>



Reply to: