Re: ...no Masquerade...?
On Sun, Mar 26, 2000 at 12:12:42AM +1030, John Pearson wrote:
> Are you using a "stock" Debian kernel, or one which you built
> yourself? The stock kernels usually include masquerading
> support.
Yes--stock 'potato' 2.2.14 is the one telling me "IP Masquerading is not
enabled in the kernel."
> If you're using a "Stock" 2.2.x kernel you should see
> masquerading modules (ip_masq_*.o) under
> /lib/modules/2.2.14/ipv4 (assuming kernel version 2.2.14);
Strange to say, I know I had those earlier (perhaps under 'slink'?)
but I'm aware they went missing at some point, possibly with the first
install of 'potato'.
> ...if you do then your kernel already has masquerading support
> built in
(No, apparently not. You've got me wondering now whether I went through
an initial config process with the upgrade that I don't remember, and
in which I turned off -something- that was required for Masquerading.)
> (if it *is* a stock kernel then you should also have a file like
> /boot/config-2.2.14 that shows you the kernel configuration used).
(Yes, that file is present.)
> If you're compiling your own, you need to include support for
> (assuming kernel 2.2.x) Network Firewalls, IP Firewalls and IP
> Masquerading. You also need /proc filesystem support and sysctl
> support (under "General Options").
I've now done that, and included the options you mention (though I
never came upon the 'sysctl' option during the 'menuconfig' selection
process -- I looked for it 2 or 3 times, and finally trusted that it
might've been turned 'on' for me along the way; we'll find out. :-)
> If you are using a 2.2.x kernel, also bear in mind that IP
> forwarding has to be enabled for IP masquerading to work; you
> can enable forwarding with
> # echo "1" > /proc/sys/net/ipv4/ip_forward
>
> and see if it is enabled with
> # cat /proc/sys/net/ipv4/ip_forward
Okay.
> This step is not relevant to 2.0.x kernels; if they have
> forwarding enabled at compile time then it is enabled.
>
> Finally, here are the ipchains rules that perform
> masquerading on my machine, running kernel 2.2.14:
[snip]
> I use the ipmasq package to do this for me; I'm using version
> 3.2.5, which seems to work here. The only extra tweaking I've
> done (AFAICR) is to add the line
> modprobe ip_masq_ftp
>
> to the end of /etc/ppp/ip-up.d/00ipmasq; you may want to load
> the modules (if any) for the protocols you require there, also.
>
> Good luck,
Your generousness of spirit is appreciated, John; thanks kindly.
--
-- Jeff -- <http://www.wellnow.com>
"There's nothing left in the world to prove. All that's worth doing
is to love one another, using whatever means are available to serve."
Reply to: