RE: ipmasq doesn't see nics correctly

To: "joe golden" <jg1024@hotmail.com>, <debian-firewall@lists.debian.org>
Subject: RE: ipmasq doesn't see nics correctly
From: "Dale W Hodge" <dwh@neuralmatrix.org>
Date: Sat, 1 Mar 2003 14:13:31 -0600
Message-id: <[🔎] 000b01c2e02f$07a16e60$0100a8c0@neuralmatrix.org>
In-reply-to: <F103ablOsAzzAaAhBhX0002a5f8@hotmail.com>

> -----Original Message-----
> From: joe golden [mailto:jg1024@hotmail.com]
> Sent: Thursday, February 27, 2003 4:41 PM
> To: debian-firewall@lists.debian.org
> Subject: ipmasq doesn't see nics correctly
>
>
> Been having a problem setting up ipmasq with a 2.4.19 kernel.  I have solved
> the problem with a hack in the ipmasq rulesets.  I would like to figure out
> a cleaner way to solve this problem.  I think your firewall is the last
> place you want a hack!
>
> ipmasq -V  >>  3.5.11
> iptables -V  >>  iptables v1.2.7a
> uname -a  >>  Linux ssp2 2.4.19 #4 SMP Mon Feb 24 01:04:18 EST 2003 i686
> Pentium III (Katmai) GenuineIntel GNU/Linux
>
> I found that in ruleset /etc/ipmasq/rules/M70masq.def ipmasq didn't know
> which were internal and which were external interfaces:  It showed INTERNAL
> as an empty string and EXTERNAL_OUT as 'eth0 eth1'.  I have my system
> accessing dsl on eth0 (external) and our internal network on eth1
> (internal).
>
> I modified the rule script and substituted my own M70masq.rul (as
> recommended) and straightened things out in this script to get masquerading
> and forwarding set up correctly.  All I did was temporarily substitute etho
> for EXTERNAL_OUT and eth1 for INTERNAL.
>
> Has anyone come accross this problem?  Is it a problem in the script or in
> my configuration?

Most of the time the script detects automatically, but when it doesn't you may
need to set up an overrides (example ip's):

/etc/ipmasq/rules$ less A01interfaces.rul
EXTERNAL="eth1"
INTERNAL="eth0"

/etc/ipmasq/rules$ less A01precompute.rul
IPOFIF_eth0=192.168.0.4
NMOFIF_eth0=255.255.255.0

IPOFIF_eth1=192.168.1.1
NMOFIF_eth1=255.255.255.0

>From the documentation:

3. Dealing with Oddball Networks
--------------------------------

     An odball network is a network which fails to meet the assumptions
     `ipmasq' makes (please see Section 2.3, `Assumptions' for more
     information).

     Should `ipmasq' incorrectly identify interfaces or misclassify them
     (with respect to being internal or external), create a file
     `/etc/ipmasq/rules/A01interfaces.rul' that defines the variables
     `EXTERNAL' to contain the name of all your external interfaces (i.e.
     `EXTERNAL="eth0 eth0:0"') and `INTERNAL' containing the names of all
     interfaces connected to networks you wish to masquerade.  Make sure
     that the loopback interface (`lo') appears in neither `EXTERNAL' or
     `INTERNAL'.

     Should `ipmasq' incorrectly determine the IP address, netmask, or peer
     IP address of an interface, create a file
     `/etc/ipmasq/rules/A01precompute.rul' that defines, for all interfaces
     in `EXTERNAL' and `INTERNAL', the IP address, netmask, peer IP
     address, and broadcast address.  (If you override the `.def' to change
     one value, you _must_ specify all values.) The following shows how to
     define an interface `foo0':

          IPOFIF_foo0=10.1.2.3
          NMOFIF_foo0=255.252.0.0
          PEEROFIF_foo0=192.168.1.1

     Aliased interfaces (i.e.  `foo0:0') are mangled before being made into
     variable names.  The colon in the interface name is transformed into
     an underscore.


I hope this helps.

--dwh

---
Dale W Hodge - dwh@neuralmatrix.org
Vice Chairman & Secretary - info@aclug.org
Air Capital Linux User's Group  (ACLUG)
---

Reply to:

Next by Date: bandwidth monitoring
Next by thread: ipmasq doesn't see nics correctly
Index(es):
- Date
- Thread