Re: IPMasqing Act 2 Scene 42
On Tue, Jun 19, 2001 at 10:21:10AM -0700, Stephen Handley wrote:
>
> OK,
>
> Here's the latest. Managed to get my server to see domain names etc. However
> now my masqued machine can't see anything. The most I can do is PING the
> external IP number of the linux box (63.105.28.151). As far as I can tell I
> have everything set up correctly. I've attached (typed out) the output of
> IPMASQ -v ... can someone take a look and let me know what I'm missing.
> Output of ipmasq -v:
>
> #: interfaces found
> #: eth0 63.105.28.151/255.255.255.0
> #: eth1 192.168.0.1/255.255.255.0
>
> echo "0" > /proc/sys/net/ipv4/ip_forward
> echo "0" > /proc/sys/net/ipv4/ip_always_defrag
>
> /sbin/ipchains -P input DENY
> /sbin/ipchains -P output DENY
> /sbin/ipchains -no warnings -P forward DENY
> /sbin/ipchains -F input
> /sbin/ipchains -F output
> /sbin/ipchains -no warnings -F forward
> /sbin/ipchains -A input -J ACCEPT -i lo
> /sbin/ipchains -A input -J DENY -i lo -s 127.0.0.1/255.0.0.0 -l
> /sbin/ipchains -A input -J ACCEPT -i eth1 -d 255.255.255.255/32
> /sbin/ipchains -A input -J ACCEPT -i eth1 -s 192.168.0.1/255.255.255.0
> /sbin/ipchains -A input -J ACCEPT -i eth1 -d 224.0.0.0/4 -p | tcp
> /sbin/ipchains -A input -J DENY -i eth0 -d 255.255.255.255/32
> /sbin/ipchains -A input -J DENY -i eth0 -d 63.105.28.151/32
> /sbin/ipchains -A input -J DENY -i eth0 -d 63.105.28.255/32
> /sbin/ipchains -no warnings -A forward -j MASQ -i eth0 -s
> 192.168.0.1/255.255.255.0
>
> /sbin/ipchains -A output -J ACCEPT -i lo
> /sbin/ipchains -A output -J ACCEPT -i eth1 -d 192.168.0.1/255.255.255.0
> /sbin/ipchains -A output -J ACCEPT -i eth1 -d 224.0.0.0/4 -p | tcp
> /sbin/ipchains -A output -J DENY -i eth0 -d 192.168.0.1/255.255.255.0 -l
> /sbin/ipchains -A output -J ACCEPT -i eth0 -d 63.105.28.151/32
> /sbin/ipchains -A output -J ACCEPT -i eth0 -d 63.105.28.255/32
>
> echo "1" > /proc/sys/net/ipv4/ip_forward
> echo "1" > /proc/sys/net/ipv4/ip_always_defrag
here's my ipmasq ('apt-cache show ipmasq' says v3.4.4) output--
Interfaces found:
eth1 208.33.90.85/255.255.255.0
eth0 192.168.1.1/255.255.0.0
/sbin/ipchains -P input DENY
/sbin/ipchains -P output DENY
/sbin/ipchains -P forward DENY
/sbin/ipchains -F input
/sbin/ipchains -F output
/sbin/ipchains -F forward
/sbin/ipchains -A input -j ACCEPT -i lo
/sbin/ipchains -A input -j DENY -i !lo -s 127.0.0.1/255.0.0.0 -l
/sbin/ipchains -A input -j ACCEPT -i eth0 -s 192.168.1.1/255.255.0.0
/sbin/ipchains -A input -j DENY -i eth1 -s 192.168.1.1/255.255.0.0 -l
/sbin/ipchains -A input -j ACCEPT -i eth1 -d 208.33.90.85/32
/sbin/ipchains -A input -j ACCEPT -i eth1 -d 208.33.90.255/32
/sbin/ipchains -A forward -j MASQ -i eth1 -s 192.168.1.1/255.255.0.0
/sbin/ipchains -A output -j ACCEPT -i lo
/sbin/ipchains -A output -j ACCEPT -i eth0 -d 192.168.1.1/255.255.0.0
/sbin/ipchains -A output -j ACCEPT -i eth0 -d 224.0.0.0/240.0.0.0 -p ! tcp
/sbin/ipchains -A output -j DENY -i eth1 -d 192.168.1.1/255.255.0.0 -l
/sbin/ipchains -A output -j ACCEPT -i eth1 -s 208.33.90.85/32
/sbin/ipchains -A output -j ACCEPT -i eth1 -s 208.33.90.255/32
echo "1" > /proc/sys/net/ipv4/ip_forward
/sbin/ipchains -M -S 7200 10 160
/sbin/ipchains -A input -j DENY -s 0.0.0.0/0 -d 0.0.0.0/0 -l
/sbin/ipchains -A output -j DENY -s 0.0.0.0/0 -d 0.0.0.0/0 -l
/sbin/ipchains -A forward -j DENY -s 0.0.0.0/0 -d 0.0.0.0/0 -l
i'm on 2.2/potato.
--
DEBIAN NEWBIE TIP #5 from Will Trillich <will@serensoft.com>
:
What's a "MANPAGE"? It's the documentation you get when you enter
"man <something>" such as "man sources.list" or "man interfaces"
or "man bash".
Also see http://newbieDoc.sourceForge.net/ ...
Reply to: