Re: IP Masquerading: no connection to external network
On Saturday 23 June 2001 01:11, Joost Kooij wrote:
> On Sat, Jun 23, 2001 at 12:45:18AM +0200, Brendon wrote:
> > 'fraid it had no affect. the syslogs on both machines show nothing out of
> > the ordinary either....
>
> How did you setup masquerading, did you install ipmasq.deb or did
> you try everything by hand?
I used the mini howto on www.linuxnewbie.org next to the Masquerading HOWTO.
the iptables rules were setup by gShield. when i found that did not work i
used the rc.firewall script given by the HOWTO.
rc.firewall (several comments removed to keep the size down. btw, the gateway
and other machines use static ip#s):
--------------
#!/bin/sh
#
# Load all required IP MASQ modules
#
# NOTE: Only load the IP MASQ modules you need. All current IP MASQ
# modules are shown below but are commented out from loading.
echo -e "\n\nIPMASQ *TEST* rc.firewall ruleset - v0.50\n"
# The location of the 'iptables' program
#IPTABLES=/sbin/iptables
IPTABLES=/sbin/iptables
# Need to verify that all modules have all required dependencies
#
echo " - Verifying that all kernel modules are ok"
/sbin/depmod -a
#Loads the OUTGOING FTP NAT functionality into the core IPTABLES code
#
# Disabled by default -- remove the "#" on the next line to activate
#/sbin/insmod ip_nat_ftp
#Load the INCOMING FTP tracking mechanism for the connection tracking
#code
#
# Disabled by default -- remove the "#" on the next line to activate
#/sbin/insmod ip_conntrack_ftp
#CRITICAL: Enable IP forwarding since it is disabled by default since
echo " - Enabling packet forwarding in the kernel"
echo "1" > /proc/sys/net/ipv4/ip_forward
# Dynamic IP users:
#
# echo " - Enabling dynamic addressing measures"
# echo "1" > /proc/sys/net/ipv4/ip_dynaddr
# Enable simple IP forwarding and Masquerading
#
# NOTE: In IPTABLES speak, IP Masquerading is a form of SourceNAT or SNAT.
#
# NOTE #2: The following is an example for an internal LAN address in the
# 192.168.0.x network with a 255.255.255.0 or a "24" bit subnet
mask
# connecting to the Internet on external interface "eth0". This
# example will MASQ internal traffic out to the Internet not not
# allow non-initiated traffic into your internal network.
#
# ** Please change the above network numbers, subnet mask, and your
# *** Internet connection interface name to match your setup
#
echo " - Setting the default FORWARD policy to 'DROP'"
echo " - Enabling SNAT (IPMASQ) functionality on eth0"
$IPTABLES -P FORWARD DROP
$IPTABLES -t nat -A POSTROUTING -o eth0 -j MASQUERADE
echo -e "\nDone.\n"
--------------
output when run:
IPMASQ *TEST* rc.firewall ruleset - v0.50
- Verifying that all kernel modules are ok
depmod: *** Unresolved symbols in
/lib/modules/2.4.5/kernel/net/bridge/bridge.o
- Enabling packet forwarding in the kernel
- Setting the default FORWARD policy to 'DROP'
- Enabling SNAT (IPMASQ) functionality on eth0
Done.
Reply to: