Re: ipmasq problem

[Rick Pasotto <rick@niof.net>]

On Sat, Feb 16, 2002 at 03:05:14PM -0500, Wayne wrote:
> On Sat, Feb 16, 2002 at 02:29:05PM -0500, Rick Pasotto wrote:
> > I'm running a 2.4.16 kernel and the default ipmasq from woody. The
> > primary machine 192.168.0.1 (with 2 nics) talks to the internet just
> > fine. The secondary machine 192.168.0.5 (running windows 98) can access
> > the primary machine but cannot access the internet. I have samba set up
> > and the Network Neighborhood on the windows box works. My limited
> > understanding of iptables tells me that ipmasq *should* be allowing me
> > to access the internet from the windows box.
> > 
> > What could I have set up wrong?
> > 
> Do you have 192.168.0.1 as the windows box's gateway?

Yes.

> How about DNS servers? 

The primary box runs DNS. If I try to ping eg. slashdot.org from the
windows box the response shows the correct ip address. If I type the
ip address into the browser on the windows box it does not connect.
However it does connect to the apache running on the linux box.

Running 'iptables -L -v' gives:

Chain FORWARD (policy DROP 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source        destination
  300 14448 ACCEPT     all  --  eth1   eth0    localnet/24   anywhere
    0     0 ACCEPT     all  --  eth0   eth1    anywhere      localnet/24

So packets are going out but not returning.
 
Could portsentry be blocking the return packets? Both portsentry.ignore
and portsentry.ignore.static have 192.168.0.1/32 (eth1, the internal
interface) and the ip for eth0 (the external interface) in them.

-- 
"If a thousand men were not to pay their tax bills, that would not be so
 violent and bloody a measure as it would be to pay them and enable the
 state to commit violence and shed innocent blood." - Henry David Thoreau
    Rick Pasotto    rickp@telocity.com    http://www.niof.net