Re: ipmasq ipchanis; newbie question
Quoting Robert Matijasec <matijar@flashmail.com>:
>
> I am using Debian 2.2 (potato) with ipchains 1.3.9
> attempting to get ip masquerading to work.
>
> I can ping other computers on my network when ipmasq is
> disabled. But when it's on I get a operation not permitted
> message when I try to ping another machine. So as someone
> hinted before, this is probably something wrong with
> my firewall rules.
How do you have your nics setup?
eth0 is usually assigned to your ISP...and
ethx is usually assigned to your subnets......ex
192.168.1.1 eth1
192.168.2.1 eth2
>
>
> First of all do I need to recompile kernel to get masq
> to work w/my version of Debian ?
You shouldn't have to recompile the kernel with Potato on a
basic install....
>
> I followed config file for 2.2.x kernels in the masq
> HOWTO, but I must not be doing something right.
>
to get ipmasq working.....all you need to have is your nics setup properly...
and then run
apt-get install ipmasq
the ipmasq program will automagically configure your ipchains for you....
edit them after if you have special rules....
Its also nice to have a dhcp server assign your workstations
the private IP's ... but that's totally up to you....
> in any case this is what ipchains -L gives me :
> target prot opt source destination ports
> ACCEPT udp ------ anywhere anywhere bootps -> bootpc
> Chain forward (policy DENY):
> target prot opt source destination ports
> MASQ all ------ 192.168.0.0/24 anywhere n/a
> Chain output (policy DENY):
>
> I am connecting to my provider with dhcpcd, and that
> works as well when ipmasq is not engaged.
>
>
>
> I noticed that some docs use 192.168.0.* for class C
> networked machines while the masq pages use
> 192.168.1.* for machines on the network, does this
> matter at all ?
You can use any private ranges from 192.168.x.x
I think 10.0.0.x
is an another available range....
Someone could correct me on this.....:)
Hope this helps a bit....
Mike
Reply to: