problems with masquerading default rules
Hi,
I have ipmasq installed in my Debian potato GNU/Linux , Pentium III with
kernel 2.2.13.
I use this box as a ip masquerader, and ipmasq created all the rules for
me.
Things work fine (i.e. hosts in the inside can see the internet), but
for the fact that there are a lot of messages in /var/log/syslog like
these:
Packet log: input DENY eth1 PROTO=6 192.168.2.13:1020 0.0.0.0:0 L=40
S=0x00 I=35560 F=0x4000 T=1 (#9)
Packet log: input DENY eth1 PROTO=6 192.168.2.13:1020 0.0.0.0:0 L=40
S=0x00 I=35561 F=0x4000 T=1 (#9)
Packet log: input DENY eth1 PROTO=6 192.168.2.13:1020 0.0.0.0:0 L=40
S=0x00 I=35562 F=0x4000 T=1 (#9)
Packet log: input DENY eth1 PROTO=17 192.168.2.9:137 192.168.2.255:137
L=78 S=0x00 I=11975 F=0x0000 T=128 (#9)
I need help on what is wrong... is it a bug in ipmasq that creates
inadequate rules? Is it my computer's network setting?
$ dpkg -l ipmasq
ii ipmasq 3.4.3 Securely initializes
IP Masquerade forwarding/firewalling
# ipchains -L
Chain input (policy DENY):
target prot opt source destination
ports
ACCEPT all ------ anywhere anywhere n/a
DENY all ----l- 127.0.0.0/8 anywhere n/a
ACCEPT all ------ localnet/24 anywhere n/a
ACCEPT all ------ 192.168.2.0/24 anywhere n/a
ACCEPT all ------ anywhere myfw.myhost.com n/a
ACCEPT all ------ anywhere my.network.address
n/a
DENY all ----l- localnet/24 anywhere n/a
DENY all ----l- 192.168.2.0/24 anywhere n/a
DENY all ----l- anywhere anywhere n/a
Chain forward (policy DENY):
target prot opt source destination
ports
ACCEPT all ------ 192.168.2.0/24 localnet/24 n/a
ACCEPT all ------ localnet/24 192.168.2.0/24 n/a
MASQ all ------ localnet/24 anywhere n/a
MASQ all ------ 192.168.2.0/24 anywhere n/a
DENY all ----l- anywhere anywhere n/a
Chain output (policy DENY):
target prot opt source destination
ports
ACCEPT all ------ anywhere anywhere n/a
ACCEPT all ------ anywhere localnet/24 n/a
ACCEPT !tcp ------ anywhere BASE-ADDRESS.MCAST.NET/4
any -> any
ACCEPT all ------ anywhere 192.168.2.0/24 n/a
ACCEPT !tcp ------ anywhere BASE-ADDRESS.MCAST.NET/4
any -> any
ACCEPT all ------ myfw.myhost.com anywhere n/a
ACCEPT all ------ my.network.address anywhere
n/a
DENY all ----l- anywhere localnet/24 n/a
DENY all ----l- anywhere 192.168.2.0/24 n/a
DENY all ----l- anywhere anywhere n/a
Where myfw.myhost.com is the firewall and my.network.address is the
broadcast of the network that goes to the internet, and ends in ".135".
# ifconfig
eth0 Link encap:Ethernet HWaddr 00:90:27:D3:90:C7
inet addr:myfw.ip.address Bcast:my.network.address
Mask:255.255.255.248
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:218531 errors:0 dropped:0 overruns:0 frame:0
TX packets:204701 errors:0 dropped:0 overruns:0 carrier:0
collisions:7507 txqueuelen:100
Interrupt:14 Base address:0xdcc0
eth1 Link encap:Ethernet HWaddr 00:50:04:D2:32:5D
inet addr:192.10.10.1 Bcast:192.10.10.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:3798083 errors:0 dropped:0 overruns:0 frame:0
TX packets:3764264 errors:0 dropped:0 overruns:0 carrier:0
collisions:2303 txqueuelen:100
Interrupt:11 Base address:0xdc00
eth2 Link encap:Ethernet HWaddr 00:50:04:84:F7:3C
inet addr:192.168.2.1 Bcast:192.162.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6585628 errors:60 dropped:0 overruns:0 frame:60
TX packets:6552711 errors:0 dropped:0 overruns:0 carrier:0
collisions:23427 txqueuelen:100
Interrupt:10 Base address:0xd880
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:287836 errors:0 dropped:0 overruns:0 frame:0
TX packets:287836 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
Any help is appreciated. Thanks,
--
Luiz Otavio L. Zorzella
Phone: +1 (408) 255 9700 x 21
Fax: +1 (408) 255 9795
Reply to: