ipfwadm?
Anyone here on the Debian-L know the secrets of using the ipfwadm
utility to set up masquerading? I've built a kernel with the proper
options but I'm concerned about whether I'm really masquerading, or
just forwarding packets. How do I prove it? There was a recent LJ
article on using masquerading, but it was primarily based on the
software prior to the recent advances. In particular, the method
used to establish the masquerading ruleset, and verifying just what
has been set is my concern. There is no longer a ipfw, but now the
management utility is ipfwadm. The concern comes from the setting of
the masquerade rule.
The ipfwadm has an option (-M) for masquerading, but, this is NOT used
for setting the rule, and the only valid option is -l, for listing of
the masquerading rules. The only way I can get a rule set is to use the
following command (does this really result in masquerading or not is the
question):
#ipfwadm -F -i masquerade -P all -S 192.168.210.0/0 -D 0.0.0.0/0
The reason for the question is this; the ipfwadm -M -l shows no masquerade
rule set. And, I got on the net using this last nite, and sure enough was
able to get out to the net from my laptop, and using Lynx, got out to the
Web. I discovered that several links on various pages were not accessible
from the LT, but they were if I ran a browser directly on wb2oyc (my
Deb1.1 box). This got me wondering if perhaps my reserved net address was
getting thru my ISP to the net, and thats why I wasn't able to get to some
of the links.
So, I ran tcpdump on wb2oyc while doing this. Sure enough, there I see
packets sent from the Web host directly to the address of the laptop (!)
which is assigned the address in the 192.168 reserved space and shouldn't
ever get thru my ISP's router! In other words, I was not masquerading for
its address; I don't think. Bummer! Worse, my ISP is not stopping those
packets.
Paul
Reply to: