[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Firewalls and IP Maskerade

On Tue, Jan 16, 2001 at 02:41:43PM -0500, seg wrote:
> Hi,
> 
>  Both my network cards were detected and both seem to be
>  working right. One of them has a local network address which
>  I assigned my self with the following command: ifconfig eth0
>  192.168.0.1. The other was configured as a cable modem upon
>  installation. When I boot it is assigned the address
>  24.200.41.15 and the netmask 255.255.255.0.  

from what i can tell (and based on my setup)
you need the address of the cablemodem...

if your ip is static, the the cablemodem's
probably is, too. if not, you're probably in
need of dhcp expertice, which i don't have. :)

>  My routing tables consists of the following entries (all
>  automaticaly configured, I haven't entered any): 
> 
>      192.168.0.0    *    255.255.255.0    u    0    0    0    eth0
>      24.200.41.0    *    255.255.255.0    u    0    0    0    eth1
>      default    modemcable001.4    0.0.0.0    ug    0    0    0    eth1
> 
> 
>   My hosts file /etc has the following entries.  I added the last 3 entries. 
> 
>      127.0.0.1            Lisa    localhost
>      192.168.0.2         Marge    
>      192.168.0.3         Homer
>      24.200.41.15        LIsa

presuming you're using a healthily-updated potato, (debian 2.2)
your /etc/network/interfaces should resemble

	iface lo inet loopback

	iface eth0 inet static
		address 192.168.0.1
		netmask 255.255.255.0
		network 192.168.0.0
		broadcast 192.168.0.255

	iface eth1 inet static
		address 24.200.41.15
		netmask 255.255.255.0
		network 208.33.90.0
		broadcast 24.200.41.255
		gateway 24.200.41.cableModemIPnumber


then configure all your other networked boxes
to be 192.168.0.<2,3,4...> and have a default/
gateway/router of 192.168.0.1 (being your linux).

>   From my linux box, I can ping addresses on the 192.168.0.0
>   and 24.200.41.0 networks and  I can ping the DNS server
>   (24.200.243.242). I can't ping modemcable001.4 From my
>   win98SE comps I can only ping addresses in the 192.168.0.0
>   network. If I want to ping addresses in the 24.200.41.0 or
>   the DNS server, I need to enter the following commands:
>   ipchains -P forward ACCEPT and ipcahins -A forward -s
>   192.168.0.0/24 -d 0/0 -j MASQ.  Also before I can enter
>   these commands I need to enable ip_forward: echo 1 >
>   ip_forward. .   

aha!

	apt-get install ipmasq

boy will THAT save you some trouble!

>   I cannot access the internet from any on my win98SE comps.
>   And I haven't installed any applications on my linux box, so
>   I can try accessing any http sites from the this comp. The
>   proxy settings are detected but the pages will not load.
>   What has to be done to fix the situation and to allow games
>   and email progs to go through? 

make sure your linux can get to the web; try something
like

	lynx http://www.rootprompt.org

once your 'ipmasq' package is installed and your ipchains
(or ipfwadm for slink users) rules are in place, then any
connect success you have on the linux box ought to be
reproducible on the windo~1 boxes. theoretically.

-- 
See, if you were allowed to keep the money, you wouldn't
create jobs with it. You'd throw it in the bushes or
something.  But the government will spend it, thereby
creating jobs.      -- Dave Barry

will@serensoft.com    ***    http://www.dontUthink.com/

volunteer to document your experience for next week's
newbies -- http://www.eGroups.com/messages/newbieDoc
Reply to: