Re: IP-Chains, etc.
Ok I had forgotten the dns setting (Sigh).
Now I get a lot of "udp port domain unreachable" messages in my tcpdump.
Cheers,
Corey Popelier
http://members.dingoblue.net.au/~pancreas
Work Email: copo@commerce.wa.gov.au
On Wed, 31 May 2000 ron@wep.tudelft.nl wrote:
> Why are you using a proxy, just go to your win network option, to the
> tcp/ip properties and set the gateway to the lin box, as well as the
> dns...
>
> Ron
>
> By the way, did you try adding that masq ipchains rule?
>
> On Wed, 31 May 2000, Corey Popelier wrote:
>
> > Some additional information I can give, is that a ping from the Windows
> > box behaves as follows:
> >
> > (win) ping 203.24.100.1
> >
> > (tcpdump from linux box)
> >
> > 10.0.0.2 > dialup-gw.aceonline.com.au: icmp: echo request
> > (above line times 4).
> >
> > Now this would indicate to me that IP forwarding is occurring. But no
> > reply is coming back (possibly due to ICMP Masq not compiled in kernel).
> >
> > Now I have told the Win box to use a gateway of 10.0.0.1 (Lin box). If I
> > set the proxy to use to in IE to 10.0.0.1, a tcpdump says:
> >
> > 10.0.0.1.wwww > 10.0.0.2.1033 ...etcetc
> > 10.0.0.2.1033 > 10.0.0.1.www ...etcetc
> > arp who-has 10.0.0.2 tell 10.0.0.1
> > arp reply 10.0.0.2 is-at 0:a0:24:96:43:bc
> >
> > What I am trying to establish is if whether I am missing kernel options,
> > or whether I've just got a configuration problem.
> >
> > Thanks Ron btw.
> >
> > Cheers,
> > Corey Popelier
> > http://members.dingoblue.net.au/~pancreas
> > Work Email: copo@commerce.wa.gov.au
> >
> > On Tue, 30 May 2000, Ron Rademaker wrote:
> >
> > > I'm not a telepath, I can't see from here if you got the right things in
> > > your kernel ;) But you ipchains misses something, the masquerading, you
> > > should do:
> > >
> > > ipchains -A forward -j MASQ -s <you lan network>/24 -d 0/0
> > >
> > > I can tell you what you should have in your kernel: IP Masquerading, if
> > > you want to masquerade ping, you should also have ICMP Masqerading.
> > >
> > > Ron Rademaker
> > >
> > > On Tue, 30 May 2000, Corey Popelier wrote:
> > >
> > > > Ok I now have my Debian and Windows boxes networked, and I tried to set up
> > > > IP Chains as follows:
> > > >
> > > > ipchains -P forward DENY
> > > > ipchains -A forward -i ppp0 -j ACCEPT
> > > >
> > > > Now whenever I traceroute something from the Win box I get:
> > > >
> > > > 1 1ms <10ms <10ms (Linux box).
> > > > 2 * * *
> > > >
> > > > etc.
> > > > Now I realise ICMP packets are handled by a different kernel option. Can I
> > > > get this working without building a new kernel?
> > > >
> > > > Secondly, I have set the Win box with a gateway of the Lin box, and web
> > > > pages still won't load. Now I've heard this is the case if the IP Masq
> > > > stuff wasn't included in the kernel (2.2.15pre19-1 btw, and Win98), and
> > > > the only hint I've seen in HOWTO's is to check for a file:
> > > >
> > > > /proc/net/ipfw_chains
> > > >
> > > > I get a file listed when I ls -al this (its 0 bytes tho).
> > > >
> > > > Now have I just simply missed kernel options and thus need to build a new
> > > > one, and if so which, or what is going on that causes me to not be able to
> > > > access the web from the Windows box, using the Linux box as the gateway?
> > > >
> > > >
> > > > Cheers,
> > > > Corey Popelier
> > > > http://members.dingoblue.net.au/~pancreas
> > > > Work Email: copo@commerce.wa.gov.au
> > > >
> > > >
> > > > --
> > > > Unsubscribe? mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
> > > >
> > >
> >
>
>
> --
> Unsubscribe? mail -s unsubscribe debian-user-request@lists.debian.org < /dev/null
>
Reply to: