Re: ipmasq problem SOLVED

The ipmasq rules files assume a ppp connection. I have a static ip so I
need to use SNAT instead of MASQUERADE.

On Sat, Feb 16, 2002 at 03:27:38PM -0500, Rick Pasotto wrote:
> On Sat, Feb 16, 2002 at 03:05:14PM -0500, Wayne wrote:
> > On Sat, Feb 16, 2002 at 02:29:05PM -0500, Rick Pasotto wrote:
> > > I'm running a 2.4.16 kernel and the default ipmasq from woody. The
> > > primary machine (with 2 nics) talks to the internet just
> > > fine. The secondary machine (running windows 98) can access
> > > the primary machine but cannot access the internet. I have samba set up
> > > and the Network Neighborhood on the windows box works. My limited
> > > understanding of iptables tells me that ipmasq *should* be allowing me
> > > to access the internet from the windows box.
> > > 
> > > What could I have set up wrong?
> > > 
> > Do you have as the windows box's gateway?
> Yes.
> > How about DNS servers? 
> The primary box runs DNS. If I try to ping eg. slashdot.org from the
> windows box the response shows the correct ip address. If I type the
> ip address into the browser on the windows box it does not connect.
> However it does connect to the apache running on the linux box.
> Running 'iptables -L -v' gives:
> Chain FORWARD (policy DROP 0 packets, 0 bytes)
>  pkts bytes target     prot opt in     out     source        destination
>   300 14448 ACCEPT     all  --  eth1   eth0    localnet/24   anywhere
>     0     0 ACCEPT     all  --  eth0   eth1    anywhere      localnet/24
> So packets are going out but not returning.
> Could portsentry be blocking the return packets? Both portsentry.ignore
> and portsentry.ignore.static have (eth1, the internal
> interface) and the ip for eth0 (the external interface) in them.
