Re: ...no Masquerade...?
On Sat, Mar 25, 2000 at 01:11:23AM -0500, Jeff Gordon wrote
> On Fri, Mar 24, 2000 at 02:31:32PM -0500, Andrew Sullivan wrote:
>
> > No trouble. The other fellow's responses about ipchains &c. may also be
> > true. I don't know whether the stock kernel comes with masquerading turned
> > on. Your remarks about what responds to modprobe, though, suggest that you
> > do need to use ipchains.
> >
> > You'll need to remove the ipfwadm module first. Also, get rid of it in
> > modules.conf; you'll need to have a look at the docs for modutils. Once
> > you've taken that out of the kernel (and prevented it from auto-loading),
> > you can use ipchains.
>
> Hmm; looks like -nothing's- in the kernel (and no mention of any of these
> in modules.conf):
>
> www2:~# modprobe ipchains
> modprobe: Can't locate module ipchains
> www2:~# modprobe ipfwadm
> modprobe: Can't locate module ipfwadm
> www2:~# modprobe ipmasq
> modprobe: Can't locate module ipmasq
> www2:~# ipmasq
> IP Masquerade has not been enabled in the kernel.
>
> Eh..?
Um.. in spite of what Andrew said, they're not modules.
ipfwadm is an IP packet firewall/masquerading setup
utility that works with kernel 2.0.x; ipchains is similar,
but for kernel 2.2.x.
To see what masquerading-related modules you have, look
in /lib/modules/<kernel version>/ipv4; with stock kernels,
which have IP firewalling & masquerading built-in, you should
see a bunch of modules for specific protocols, like ip_masq_ftp.o.
If you're using a stock Debian kernel you shouldn't need
to do anything fancy to use masquerading; try starting with
just
# ipfwadm -I -l
for kernel 2.0.x, or
# ipchains -L input
for kernel 2.2.x.
This should list the default policy and rules for accepting
incoming packets, if your kernel supports IP firewalling (which
is required for IP masquerading).
John P.
--
huiac@camtech.net.au
john@huiac.apana.org.au
"Oh - I - you know - my job is to fear everything." - Bill Gates in Denmark
Reply to: