Re: Masquerading -- Am I missing something?

To: debian-user@lists.debian.org
Subject: Re: Masquerading -- Am I missing something?
From: "David Z. Maze" <dmaze@MIT.EDU>
Date: 09 Nov 2000 13:16:14 -0500
Message-id: <[🔎] y68snp1roy9.fsf@x15-cruise-basselope.mit.edu>
In-reply-to: "Michael Patterson"'s message of "Thu, 9 Nov 2000 10:51:19 -0700"
References: <[🔎] NEBBKJPLMLAPKAFHEHLMIEDOCCAA.mpatterson@agilent.com>

Michael Patterson <mpatterson@agilent.com> writes:
MP> Ok, I recently got a Maxtor 80Gb HD, so I figured I'd start with a fresh
MP> install of Potato on my system. My problem is that I can't seem to get a
MP> kernel that gives me both IP Masquerading and support for the drive.
MP> 
MP> Now, on the kernels that the Masquerading fails on, it isn't a
MP> total failure.  Basic masquerading works fine, but when I try to
MP> use, say, "Asheron's Call" or "MusicMatch station selector" on one
MP> of the machines on my subnet, it fails (I can, however, do simple
MP> functions like read Debian's webpage).

This is probably a consequence of the way IP masquerading works.
Let's say I'm trying to read a Web page, so I open a connection from
192.168.1.2, port 23456 to 198.186.203.20 port 80.  I send the packet
to my gateway machine, 192.168.1.1.  The gateway decides to masquerade 
the packet, so it forwards on the same packet, but coming from a
different port on the gateway's external IP address.  When return
packets appear, they're forwarded back on to the original port of the
original machine.  So:

  +---------+ 192.168.1.2:23456     192.168.1.1:3456
  | desktop |-------------------------------v
  +---------+                          +---------+
                                       | gateway |
  +---------+                          +---------+
  | server  |<------------------------------|
  +---------+ 198.186.203.20:80     18.19.20.21:12345

The problem here is with protocols that include IP addresses in the
packet bodies themselves.  If I send a packet that says, "hi there,
please talk to me at 192.168.1.2", the protocol will fail because that 
address doesn't actually exist.  For certain protocols (like FTP),
there are kernel modules to do the rewriting, but there's not a good
general solution to this.

Short answer: something Just Don't Work with IP masquerading.

MP> This was a symptom I was seeing when using 2.0.* kernels, so I assumed that
MP> the current kernel I was working with was a bad version. Here's a history
MP> of my attempts after making that assumption:
MP> 
MP> 2.2.12: Masquerading works fine, Drive gives strange errors
MP> 2.2.15: Masquerading doesn't work, Drive works fine
MP> 2.2.17: Same as .15
MP> 2.4.0-test5: Won't boot. "Out of Memory" error while decompressing.

Is this using the stock Debian kernel-image?  You might try compiling
your own kernel to have the set of options you need.

-- 
David Maze             dmaze@mit.edu          http://www.mit.edu/~dmaze/
"Theoretical politics is interesting.  Politicking should be illegal."
	-- Abra Mitchell

Reply to:

Follow-Ups:
- RE: Masquerading -- Am I missing something?
  - From: "Michael Patterson" <mpatterson@agilent.com>

References:
- Masquerading -- Am I missing something?
  - From: "Michael Patterson" <mpatterson@agilent.com>

Prev by Date: Re: Q: Sound in/Alsaconf done: Linux 1 Human 0
Next by Date: [no subject]
Previous by thread: Masquerading -- Am I missing something?
Next by thread: RE: Masquerading -- Am I missing something?
Index(es):
- Date
- Thread