[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ipmasq problem SOLVED



The ipmasq rules files assume a ppp connection. I have a static ip so I
need to use SNAT instead of MASQUERADE.

On Sat, Feb 16, 2002 at 03:27:38PM -0500, Rick Pasotto wrote:
> On Sat, Feb 16, 2002 at 03:05:14PM -0500, Wayne wrote:
> > On Sat, Feb 16, 2002 at 02:29:05PM -0500, Rick Pasotto wrote:
> > > I'm running a 2.4.16 kernel and the default ipmasq from woody. The
> > > primary machine 192.168.0.1 (with 2 nics) talks to the internet just
> > > fine. The secondary machine 192.168.0.5 (running windows 98) can access
> > > the primary machine but cannot access the internet. I have samba set up
> > > and the Network Neighborhood on the windows box works. My limited
> > > understanding of iptables tells me that ipmasq *should* be allowing me
> > > to access the internet from the windows box.
> > > 
> > > What could I have set up wrong?
> > > 
> > Do you have 192.168.0.1 as the windows box's gateway?
> 
> Yes.
> 
> > How about DNS servers? 
> 
> The primary box runs DNS. If I try to ping eg. slashdot.org from the
> windows box the response shows the correct ip address. If I type the
> ip address into the browser on the windows box it does not connect.
> However it does connect to the apache running on the linux box.
> 
> Running 'iptables -L -v' gives:
> 
> Chain FORWARD (policy DROP 0 packets, 0 bytes)
>  pkts bytes target     prot opt in     out     source        destination
>   300 14448 ACCEPT     all  --  eth1   eth0    localnet/24   anywhere
>     0     0 ACCEPT     all  --  eth0   eth1    anywhere      localnet/24
> 
> So packets are going out but not returning.
>  
> Could portsentry be blocking the return packets? Both portsentry.ignore
> and portsentry.ignore.static have 192.168.0.1/32 (eth1, the internal
> interface) and the ip for eth0 (the external interface) in them.
> 
> -- 
> "If a thousand men were not to pay their tax bills, that would not be so
>  violent and bloody a measure as it would be to pay them and enable the
>  state to commit violence and shed innocent blood." - Henry David Thoreau
>     Rick Pasotto    rickp@telocity.com    http://www.niof.net
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 

-- 
...on what basis will the distribution be made? Communism answers:
On the basis of equality. What! Equality without reference to any
difference in the pains taken? We shall all have an equal share,
whether we have worked six hours or twelve, mechanically or
intellectually! But of all possible types of inequality this is
the most shocking; and furthermore, it means the destruction of
all initiative, liberty, dignity, and prudence. You propose to
kill competition, but take care; you are on redirecting it. Under
present conditions we compete to see who works most and best.
Under your regime we shall compete to see who works worst and
least.
	-- Frédéric Bastiat (1801-1850)
    Rick Pasotto    rickp@telocity.com    http://www.niof.net



Reply to: