Re: masquerading for internet access
On Sat, 2001-11-17 at 08:36, Eric Smith wrote:
> According to Michel Loos on Fri, Nov 16, 2001 at 09:54:53PM -0200:
> > > I thought this would just work out of the box :(
> >
> > It works out of the box if eth0 is external and eth1 is local.
> > In your case you have to modify the 00Interfaces(?sp I use iptables now)
> > file in order to switch external and internal ethernet cards.
>
> that did not work for me - but this entry in modules.conf did:
>
> ### update-modules: start processing /etc/modutils/ethernet
> alias eth0 rtl8139
> alias eth1 3c59x
>
the file I talked of was not /etc/network/interfaces, but the
ipmasq/rules/<something interfaces>
> Now I have the eth0 pointing to the cable modem and eth1 to the lan as suggested.
>
> But I still get this kernel pollution from ipmasq:
>
> Packet log: input DENY eth0 PROTO=2 62.108.30.1:65535 224.0.0.1:65535 L=28 S=0xC0 I=33568 F=0x0000 T=1 (#9)
> Packet log: input DENY eth0 PROTO=2 62.108.30.1:65535 224.0.0.1:65535 L=28 S=0xC0 I=34426 F=0x0000 T=1 (#9)
>
>
> whats up?
>
IPmasq does also, out of the box, some elementary firewall work.
>From your examples I suppose 62.108.30.1 is your own machine, which
tries to access 224.0.0.1 passing through eth0 on input which is
(correctly) refused since only the access from world to your own IP and
loopback are authorized.
Did you define your loopback as 224.0.0.1 instead of 127.0.0.1 ?
that rule is somewhere in *spoof* file in /etc/ipmasq/rules
MIchel.
Reply to: