Re: 2 network cards

To: Oz Dror <dror@zyan.com>, debian-user@lists.debian.org
Subject: Re: 2 network cards
From: John Pearson <john@huiac.apana.org.au>
Date: Wed, 12 May 1999 11:26:24 +0930
Message-id: <[🔎] 19990512112624.A1743@huiac.localnet>
Mail-followup-to: Oz Dror <dror@zyan.com>, debian-user@lists.debian.org
In-reply-to: <[🔎] 3737C55A.B0BA1DED@zyan.com>; from Oz Dror on Mon, May 10, 1999 at 10:51:23PM -0700
References: <[🔎] 4.1.19990509103733.0097d9d0@mail21.pair.com> <[🔎] 19990511113232.A25651@huiac.localnet> <[🔎] 3737C55A.B0BA1DED@zyan.com>

On %M 0, Oz Dror wrote
> I have a similar problem, But instead of having 2 network cards I have
> one card using IP aliasing ( two subnets on the same card/network, one for DSL and the
> second local 192.168.0.x).
> 
> as soon as I start ipmasq I cannot  ping beyond the local subnet of each
> card, thus I cannot access the DNS server, thus I cannot ping or surf
> out side the to subnets.
> 
> I tried to start ipmasq after after the two network are initialized,
> but as soon as ipmasq start I loose the DNS server and access beyond the
> local net.
> 
> I have the latest potato system using kernel 2.2.7
> I have the latest potato version of ipmask.
> 
> Does any one have any idea how to solve/debug this problem?
> Is this problem occurring because ipmasq make the second non local net
> a firewall? If that is the case how can I have ipmasq apply only to the subnet
> 192.168.0.x and not to the DSL subnet.?
> how can I have ipmasq apply to eth0 ( 192.168.0.x) and not to the subnet
> of eth0:0 (DSL subnet)
> 
> What does ipmasq do? I have a second linux computer running kernel 2.2.1
> (hybrid system of sling hamm and potato). I do not use ipmasq. I have
> ipalias working correctly with masquerading (apply the firewall only to the local
> subnet). I use ipchain to apply the rules.
> 

Unless you need ip masquerading, you should uninstall ipmasq. Ipmasq checks
which interface your default route points to, and sets up packet filter
rules so that packets being forwarded via your default interface from your
*other* interfaces are masqueraded as coming from the default interface.  If
you have a 'private' subnet on your second NIC and a 'public' connection via
your default route this is likely to be useful, but if you don't then you
won't be able to access machines connected via your second NIC from machines
connected via your default NIC.  

If you need masquerading then ipmasq seems to be the best solution, if you
can get it to meet your requirements.  I haven't used the 'potato' version,
but the 'slink' version has bugs when dealing with aliased interfaces: look
in the bug tracking system for patches if you need masquerading and that is
your problem.

After you uninstall ipmasq you are likely to still have your existing packet
filter rules in place; under kernel 2.0.x, you can remove them by going
  ipfwadm -I -p accept
  ipfwadm -I -f
  ipfwadm -O -p accept
  ipfwadm -O -f
  ipfwadm -F -p accept
  ipfwadm -F -f
but you should be aware that /etc/init.d/netbase normally installs 'spoof
protection' rules to drop bogus packets, so you may also want to do
  /etc/init.d/netbase start
as well.


John P.
-- 
huiac@camtech.net.au
john@huiac.apana.org.au
"Oh - I - you know - my job is to fear everything." - Bill Gates in Denmark

Reply to:

Follow-Ups:
- Re: 2 network cards
  - From: Oz Dror <dror@zyan.com>

References:
- Re: 2 network cards
  - From: MR <matt@ccdweb.com>
- Re: 2 network cards
  - From: John Pearson <john@huiac.apana.org.au>
- Re: 2 network cards
  - From: Oz Dror <dror@zyan.com>

Prev by Date: wordperfect
Next by Date: Re: transparent proxy with Squid?
Previous by thread: Re: 2 network cards
Next by thread: Re: 2 network cards
Index(es):
- Date
- Thread