[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

IPMasq questions ... not clear in docs


I didn't receive a response to yesterday's query about ~killing~ ipmasq.
However, I imagine that my post was lost in the ruch of repeat messages sent
via the list today.

To sum up my previous post ...

I installed apt-get install'd 'ipmasq' in a knee jerk response to all the
recent security violations advisories.

I, leter, discovered through on-line testing of my ports and research that
as my ~static~ ip is in the 10.x.x.x subnet, I am in essence behind my ISP's
firewall. Any outside traffic is routed through a dynamically assigned IP

What I didn't realize was that the installation of ipmasq configured a
generic ruleset that denies traffic on the 192.x.x.x subnet. This is a
problem as I use vmware to run w98 virtually; I have this set to use
192.x.x.x as a ~virtual~ subnet through a ~virtual~ network card that is
provided through vmware.

The following snippet is an entry that has appeared in my syslogs for the
past three or four days. The port-check happens at five minute intervals ....

/begin snippet

Dec  7 16:00:11 ip010169239186 kernel: Packet log: output DENY vmnet1 PROTO=17 L=78 S=0x00 I=9815 F=0x0000 T=64 (#4)

/end snippet

In an effort to stop this denial of communication on my ~virtual~ network, I
have done the following:

apt-get removed 'ipmasq'
explicitedly stopped /etc/init.d/ipmasq and /etc/init.d/ipmasq-kmod
renamed the ipmasq folder to OLD.ipmasq

Yet still this rule is being acted on. Questions are:

1. Where are the rules that ipmasq installed located on a ~stable~
unenhanced 2.2.r4 sytem located and how to I alter and/or remove them.

2. Why are these rules being activated on a ~virtual~ subnet that uses
completely ~virtual hardware~ (the logged 'vmnet1'). Although I have the virtual hardware running
from init.d, no traffic should be registering unless I actually use vmware.
Am I wrong in this?

3. Seeing as my ip is in the 10.x.x.x subnet, should I concern myself with
using the capabilities of ipmasq to secure my system in the remote
possibility of an instrusion?

Please advise. I have checked the man pages (surprise, man ipmasq no longer
exists :-( ) as I removed the program. I have also researched ipmasq
websites through found through google. They have been little help, as they
assume a "standard" redhat application. I know that a debian system handles
calls and assignments differently for these applications.

Any directions to an appropriate man page and or useful website are greatly

Many thanks,
C. Masters

Reply to: