Re: 2 network cards

To: john@huiac.apana.org.au (John Pearson)
Cc: dror@zyan.com, debian-user@lists.debian.org
Subject: Re: 2 network cards
From: Oz Dror <dror@zyan.com>
Date: Tue, 11 May 1999 22:44:30 -0700 (PDT)
Message-id: <[🔎] 199905120544.WAA00452@MORIEL.DROR>
In-reply-to: <[🔎] 19990512112624.A1743@huiac.localnet> from John Pearson at "May 12, 1999 11:26:24 am"

I fixed the problem by purging the ipmasq package
and instead writing my own ipchain commands in a local file at
/etc/init.d

-Oz
> On %M 0, Oz Dror wrote
> > I have a similar problem, But instead of having 2 network cards I have
> > one card using IP aliasing ( two subnets on the same card/network, one for DSL and the
> > second local 192.168.0.x).
> > 
> > as soon as I start ipmasq I cannot  ping beyond the local subnet of each
> > card, thus I cannot access the DNS server, thus I cannot ping or surf
> > out side the to subnets.
> > 
> > I tried to start ipmasq after after the two network are initialized,
> > but as soon as ipmasq start I loose the DNS server and access beyond the
> > local net.
> > 
> > I have the latest potato system using kernel 2.2.7
> > I have the latest potato version of ipmask.
> > 
> > Does any one have any idea how to solve/debug this problem?
> > Is this problem occurring because ipmasq make the second non local net
> > a firewall? If that is the case how can I have ipmasq apply only to the subnet
> > 192.168.0.x and not to the DSL subnet.?
> > how can I have ipmasq apply to eth0 ( 192.168.0.x) and not to the subnet
> > of eth0:0 (DSL subnet)
> > 
> > What does ipmasq do? I have a second linux computer running kernel 2.2.1
> > (hybrid system of sling hamm and potato). I do not use ipmasq. I have
> > ipalias working correctly with masquerading (apply the firewall only to the local
> > subnet). I use ipchain to apply the rules.
> > 
> 
> Unless you need ip masquerading, you should uninstall ipmasq. Ipmasq checks
> which interface your default route points to, and sets up packet filter
> rules so that packets being forwarded via your default interface from your
> *other* interfaces are masqueraded as coming from the default interface.  If
> you have a 'private' subnet on your second NIC and a 'public' connection via
> your default route this is likely to be useful, but if you don't then you
> won't be able to access machines connected via your second NIC from machines
> connected via your default NIC.  
> 
> If you need masquerading then ipmasq seems to be the best solution, if you
> can get it to meet your requirements.  I haven't used the 'potato' version,
> but the 'slink' version has bugs when dealing with aliased interfaces: look
> in the bug tracking system for patches if you need masquerading and that is
> your problem.
> 
> After you uninstall ipmasq you are likely to still have your existing packet
> filter rules in place; under kernel 2.0.x, you can remove them by going
>   ipfwadm -I -p accept
>   ipfwadm -I -f
>   ipfwadm -O -p accept
>   ipfwadm -O -f
>   ipfwadm -F -p accept
>   ipfwadm -F -f
> but you should be aware that /etc/init.d/netbase normally installs 'spoof
> protection' rules to drop bogus packets, so you may also want to do
>   /etc/init.d/netbase start
> as well.
> 
> 
> John P.
> -- 
> huiac@camtech.net.au
> john@huiac.apana.org.au
> "Oh - I - you know - my job is to fear everything." - Bill Gates in Denmark
> 
> 


-- 
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
NAME   Oz Dror, Los Angeles, California   
EMAIL  dror@zyan.com                          <<Linux  since 8/15/94>>
PHONE  Fax (310) 474-3126
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Reply to:

References:
- Re: 2 network cards
  - From: John Pearson <john@huiac.apana.org.au>

Prev by Date: Re: Stability
Next by Date: Re: Stability
Previous by thread: Re: 2 network cards
Next by thread: make-kpkg and an error message
Index(es):
- Date
- Thread