Re: ...no Masquerade...?

To: debian-user@lists.debian.org
Subject: Re: ...no Masquerade...?
From: Jeff Gordon <jeff.gordon@wellnow.com>
Date: Sat, 25 Mar 2000 10:46:42 -0500
Message-id: <[🔎] 20000325104642.A626@www2.wellnow.com>
In-reply-to: <no.id>; from huiac@camtech.net.au on Sun, Mar 26, 2000 at 12:12:42AM +1030

On Sun, Mar 26, 2000 at 12:12:42AM +1030, John Pearson wrote:

> Are you using a "stock" Debian kernel, or one which you built
> yourself? The stock kernels usually include masquerading
> support.

Yes--stock 'potato' 2.2.14 is the one telling me "IP Masquerading is not
enabled in the kernel."

> If you're using a "Stock" 2.2.x kernel you should see
> masquerading modules (ip_masq_*.o) under
> /lib/modules/2.2.14/ipv4 (assuming kernel version 2.2.14); 

Strange to say, I know I had those earlier (perhaps under 'slink'?)
but I'm aware they went missing at some point, possibly with the first
install of 'potato'.

> ...if you do then your kernel already has masquerading support 
> built in 

(No, apparently not. You've got me wondering now whether I went through
an initial config process with the upgrade that I don't remember, and
in which I turned off -something- that was required for Masquerading.)

> (if it *is* a stock kernel then you should also have a file like 
> /boot/config-2.2.14 that shows you the kernel configuration used).

(Yes, that file is present.)

> If you're compiling your own, you need to include support for
> (assuming kernel 2.2.x) Network Firewalls, IP Firewalls and IP
> Masquerading.  You also need /proc filesystem support and sysctl
> support (under "General Options").

I've now done that, and included the options you mention (though I
never came upon the 'sysctl' option during the 'menuconfig' selection
process -- I looked for it 2 or 3 times, and finally trusted that it
might've been turned 'on' for me along the way; we'll find out. :-)

> If you are using a 2.2.x kernel, also bear in mind that IP
> forwarding has to be enabled for IP masquerading to work; you
> can enable forwarding with
> # echo "1" > /proc/sys/net/ipv4/ip_forward
> 
> and see if it is enabled with 
> # cat /proc/sys/net/ipv4/ip_forward

Okay.

> This step is not relevant to 2.0.x kernels; if they have
> forwarding enabled at compile time then it is enabled.
> 
> Finally, here are the ipchains rules that perform
> masquerading on my machine, running kernel 2.2.14:

[snip]

> I use the ipmasq package to do this for me; I'm using version
> 3.2.5, which seems to work here.  The only extra tweaking I've
> done (AFAICR) is to add the line
> modprobe ip_masq_ftp
> 
> to the end of /etc/ppp/ip-up.d/00ipmasq; you may want to load 
> the modules (if any) for the protocols you require there, also.
> 
> Good luck,

Your generousness of spirit is appreciated, John; thanks kindly.

-- 

 -- Jeff --   <http://www.wellnow.com>

 "There's nothing left in the world to prove.  All that's worth doing
  is to love one another, using whatever means are available to serve."

Reply to:

Prev by Date: Re: ...no Masquerade...?
Next by Date: Re: Lying to dpkg?
Previous by thread: Re: ...no Masquerade...?
Next by thread: Re: ...no Masquerade...?
Index(es):
- Date
- Thread