Re: kmod and NAT broken in 2.4.1? SOLVED

To: Phil Brutsche <pbrutsch@tux.creighton.edu>
Cc: Ross Boylan <RossBoylan@stanfordalumni.org>, Debian User <debian-user@lists.debian.org>
Subject: Re: kmod and NAT broken in 2.4.1? SOLVED
From: Ross Boylan <RossBoylan@stanfordalumni.org>
Date: Sun, 18 Mar 2001 16:11:57 -0800
Message-id: <[🔎] 20010318161157.A2042@wheat.boylan.org>
Mail-followup-to: Phil Brutsche <pbrutsch@tux.creighton.edu>, Ross Boylan <RossBoylan@stanfordalumni.org>, Debian User <debian-user@lists.debian.org>
In-reply-to: <[🔎] Pine.LNX.4.32.0103151221160.14401-100000@tux.creighton.edu>; from pbrutsch@tux.creighton.edu on Thu, Mar 15, 2001 at 12:32:24PM -0600
References: <[🔎] 5.0.2.1.0.20010315095835.0385e648@mail.dslnorthwest.net> <[🔎] Pine.LNX.4.32.0103151221160.14401-100000@tux.creighton.edu>

NAT

The NAT problem had a simple cause: I entered the wrong IP address in
the forward field.  So, naturally, the packets never came back.  NAT
is *not* broken.  I used 2.4.1 and 2.4.2 custom built kernels.

My options file is
ip_forward=yes
spoofprotect=yes
syncookies=no

So I was able to leave spoofprotect in place.


KMOD

On kmod, I'm still not sure what the deal is.  I think it is now
working, and it may be related to my adding "auto" to /etc/modules.  I
found it in some documentation for the old scheme, and it seems a
little odd I need to say anything--kmod is compiled in the kernel.

However, just because it's in the kernel doesn't mean you want to use
it.  So maybe this on/off switch (i.e., "auto") is still available.

Phil, thanks again for your help--sorry it was such a silly problem.

On Thu, Mar 15, 2001 at 12:32:24PM -0600, Phil Brutsche wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> A long time ago, in a galaxy far, far way, someone said...
> 
> > I don't think I was trying to contact the external interface, but we may be
> > using that word differently.
> >
> > My router has a card eth1 with address x.y.z.q, used both by me and the
> > outside world (my "external interface").  I am trying to pick x.y.z.1 on
> > the DSL provider's network.  The packets do go out eth1 and back in, but
> > they don't make the final return trip to eth0.
> 
> Ah...
> 
> Do this as root and try again:
> 
> 	sysctl -w net.ipv4.ip_forward=1
> 
> In /etc/network/options there is the line
> 
> 	ip_forward=no
> 
> Changing that to
> 
> 	ip_forward=yes
> 
> will cause Debian perform the "sysctl ..." line above at boot.
> 
> If it still doesn't work, there's still another possibility:
> /etc/network/options has the line
> 
> 	spoofprotect=yes
> 
> You may need to change that to
> 
> 	spoofprotect=no
> 
> and reboot (or
> 
> for VAR in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 > $VAR; done
> 
> as root if you don't want to reboot).  Turning off rp_filter is important
> if you're doing policy routing with Linux (it doesn't look like you are).
> 
> - -- 
> - ----------------------------------------------------------------------
> Phil Brutsche				    pbrutsch@tux.creighton.edu
> 
> GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D  7E5E FD94 D264 50DE 1CFC
> GPG key id: 50DE1CFC
> GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.0.4 (GNU/Linux)
> Comment: For info see http://www.gnupg.org
> 
> iD8DBQE6sQq8/ZTSZFDeHPwRAocRAKDcO0evKYx02kesJgoi/imWwYoGTwCgjWmr
> Tey467YJXlKNLqoRHWGzHjE=
> =OJCu
> -----END PGP SIGNATURE-----
>

Reply to:

References:
- Re: kmod and NAT broken in 2.4.1?
  - From: Ross Boylan <RossBoylan@stanfordalumni.org>
- Re: kmod and NAT broken in 2.4.1?
  - From: Phil Brutsche <pbrutsch@tux.creighton.edu>

Prev by Date: Re: deb for AT&T ksh ?
Next by Date: Re: <no subject>
Previous by thread: Re: kmod and NAT broken in 2.4.1?
Next by thread: Serial port weirdness
Index(es):
- Date
- Thread