Re: ipmasq

To: Robert Voigt <f1k@gmx.de>
Cc: <debian-user@lists.debian.org>
Subject: Re: ipmasq
From: Steve Witt <sawitt@electra.rsc.raytheon.com>
Date: Mon, 23 Apr 2001 16:57:40 -0700 (PDT)
Message-id: <[🔎] Pine.LNX.4.32.0104231640550.12829-100000@zeus>
In-reply-to: <[🔎] 01042321575900.00442@robdesk>

On Mon, 23 Apr 2001, Robert Voigt wrote:

> I compiled a 2.2.19 kernel because I want to use ipchains and do IP
> masquerading.
> The ipmasq package description on the debian website says one should enalbe
>  CONFIG_FIREWALL, CONFIG_IP_FIREWALL, CONFIG_IP_FORWARD, and
> CONFIG_IP_MASQUERADE.
>
> I couldn't find CONFIG_IP_FORWARD in the kernel compile options. I assumed it
> was obsolete and went on.
>
> After installing the kernel and rebooting I installed the ipmasq package from
> potato. It printed the following error several times:
>
> Should I start IP Masquerading? [Y/n] y
> Initializing IP Masquerading.../sbin/ipchains: invalid mask `' specified
> Try `/sbin/ipchains -h' or '/sbin/ipchains --help' for more information.
>
> In between these errors it said IP forwarding is not enabled and I should do
> echo 1 /proc/sys/net/ipv4/ip_forward
>
> The file /proc/sys/net/ipv4/ip_forward already contains a "1".
>
> Now I don't know what to do.
>
> I cannot connect to the internet from the other box. It says unknown host.
> The internal network runs fine otherwise, and /etc/network/interfaces looks
> good. The internet connection on this box that I want to use as gatewaw also
> works.
>
> Help would be great.
>

Have you read the IP Masquerade HOWTO? I've set up IP Masquerade several
times and each time I followed this HOWTO pretty much to the letter and
got it working without much trouble. The biggest problem that I had was to
figure out what initialization script to use to load the IP Masquerade
modules, set up IP Chains, and IP Forwarding. If I remember correctly
there has been no standard Debian way of doing this in past releases, so
one had to write an init script (not that it was a big deal). I try to
stay with the Debian spirit of these things, if I can figure out what that
is. Anyway, I'm at work right now, and unfortunately don't remember
exactly how I have it set up at home.

>From what you say, it sounds as though Debian has an init script for IP
Masq in /etc/init.d and there are errors in the firewall rules you have
set up. Look in the HOWTO and see if your rules are correct. There are
just a couple of rules necessary to get Masquerade working. Then, if you
want, you can beef up the firewall rules to provide protection to your
masquerading machine and internal network -- but this is another subject.

Hope this helps a little.

Reply to:

Follow-Ups:
- Re: ipmasq
  - From: Robert Voigt <f1k@gmx.de>

References:
- ipmasq
  - From: Robert Voigt <f1k@gmx.de>

Prev by Date: Re: removing inetd--thx.
Next by Date: Re: Upgrading
Previous by thread: ipmasq
Next by thread: Re: ipmasq
Index(es):
- Date
- Thread