[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: IP Masquerading: no connection to external network

On Saturday 23 June 2001 01:11, Joost Kooij wrote:
> On Sat, Jun 23, 2001 at 12:45:18AM +0200, Brendon wrote:
> > 'fraid it had no affect. the syslogs on both machines show nothing out of
> > the ordinary either....
>
> How did you setup masquerading, did you install ipmasq.deb or did
> you try everything by hand?

I used the mini howto on www.linuxnewbie.org next to the Masquerading HOWTO. 
the iptables rules were setup by gShield. when i found that did not work i 
used the rc.firewall script given by the HOWTO.

rc.firewall (several comments removed to keep the size down. btw, the gateway 
and other machines use static ip#s):
--------------
#!/bin/sh
 #
 # Load all required IP MASQ modules
 #
 #   NOTE:  Only load the IP MASQ modules you need.  All current IP MASQ 
 #          modules are shown below but are commented out from loading.

 echo -e "\n\nIPMASQ *TEST* rc.firewall ruleset - v0.50\n"


 # The location of the 'iptables' program
 #IPTABLES=/sbin/iptables
 IPTABLES=/sbin/iptables

 # Need to verify that all modules have all required dependencies
 #
 echo "  - Verifying that all kernel modules are ok"
 /sbin/depmod -a

 #Loads the OUTGOING FTP NAT functionality into the core IPTABLES code
 #
 # Disabled by default -- remove the "#" on the next line to activate
 #/sbin/insmod ip_nat_ftp

 #Load the INCOMING FTP tracking mechanism for the connection tracking
 #code
 #
 # Disabled by default -- remove the "#" on the next line to activate
 #/sbin/insmod ip_conntrack_ftp

 #CRITICAL:  Enable IP forwarding since it is disabled by default since
 echo "  - Enabling packet forwarding in the kernel"
 echo "1" > /proc/sys/net/ipv4/ip_forward


 # Dynamic IP users:
 #
# echo "  - Enabling dynamic addressing measures"
# echo "1" > /proc/sys/net/ipv4/ip_dynaddr


 # Enable simple IP forwarding and Masquerading
 #
 #  NOTE:  In IPTABLES speak, IP Masquerading is a form of SourceNAT or SNAT.
 #
 #  NOTE #2:  The following is an example for an internal LAN address in the
 #            192.168.0.x network with a 255.255.255.0 or a "24" bit subnet 
mask
 #            connecting to the Internet on external interface "eth0".  This
 #            example will MASQ internal traffic out to the Internet not not
 #            allow non-initiated traffic into your internal network.
 #          
 #         ** Please change the above network numbers, subnet mask, and your 
 #         *** Internet connection interface name to match your setup
 #         
 echo "  - Setting the default FORWARD policy to 'DROP'"
 echo "  - Enabling SNAT (IPMASQ) functionality on eth0"
 $IPTABLES -P FORWARD DROP
 $IPTABLES -t nat -A POSTROUTING -o eth0 -j MASQUERADE

 echo -e "\nDone.\n"
--------------

output when run:
IPMASQ *TEST* rc.firewall ruleset - v0.50

  - Verifying that all kernel modules are ok
depmod: *** Unresolved symbols in 
/lib/modules/2.4.5/kernel/net/bridge/bridge.o
  - Enabling packet forwarding in the kernel
  - Setting the default FORWARD policy to 'DROP'
  - Enabling SNAT (IPMASQ) functionality on eth0

Done.
Reply to: