Re: problems with IPMASQ

To: debian-user@lists.debian.org
Cc: dtutty@porchlight.ca
Subject: Re: problems with IPMASQ
From: Carlos Enrique Carleos Artime <carleos@uniovi.es>
Date: Tue, 22 Jan 2008 23:52:58 +0100
Message-id: <[🔎] 877ii1jwvp.fsf@fisher.ciencias.uniovi.es>

[
For a reason I don't understand, the first message had been sent with subject
"Problemas" and did not appear in http://lists.debian.org/debian-user/2008/01/
but randomly I found it in
http://linux.derkeiler.com/Mailing-Lists/Debian/2008-01/msg02090.html
with a kind answer in 
http://linux.derkeiler.com/Mailing-Lists/Debian/2008-01/msg02116.html
]


> On Debian, you shouldn't have to do the rout add thing. ipmasq will
> likly just work on its own, and you may just confuse it.

I added it because without it, it does not work either.

I will remove it, anyway.

(Note that IPMASQ works fine for my 192.168.0.0 net, but does not
for the 192.168.2.0 one.)

> Give us your /etc/network/interfaces file on machine A.

Here it is:

knoppix@A:~$ cat /etc/network/interfaces
# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)

# The loopback interface
# automatically added when upgrading
auto lo eth0 eth1
iface lo inet loopback

iface eth0 inet dhcp

iface eth1 inet static
        address 192.168.0.2
        netmask 255.255.255.0
        network 192.168.0.0
        broadcast 192.168.0.255

knoppix@A:~$ 

> >    I tried examples in /usr/share/doc/ipmasq/basic but failed.

I must write instead: /usr/share/doc/ipmasq/examples/basics

> The ipmasq package sets up a basic masquerading firewall based on the
> 'net' being in the direction of the default route. If you want more
> control of the firewall, install the shorewall-doc package, read it,
> then remove ipmasq and install shorewall. While some people write raw
> iptables firewalls themselves, most on this list (last I saw a poll) use
> shorewall. If you know PF on BSD, yoúll feel comfortable with
> shorewall.

Ok, I'll give it a try to shorewall.  But before I wanted to check
whether ipmasq had a default setup allowing all of several chained/sequential
internal networks to access the internet.  Till now I failed.

> You'll also need to turn on IP forwarding in /etc/sysctl.conf

I think it is already on:

knoppix@A:~$ /sbin/sysctl net.ipv4.conf.default.forwarding
net.ipv4.conf.default.forwarding = 1
knoppix@A:~$

> In your example lines, I saw the word KNOPPIX. I thought that was a
> live CD thingy. If you are using that, then my reply may not make sense
> since KNOPPIX will set things up differently from Debian and you should
> ask on a KNOPPIX list.

The computer A was installed from a Knoppix, choosing the "Debian system"
option.  I think it was in the "woody" era.  Since then, every Knoppix
package has been removed or replaced during upgrades.  I think there is
nothing Knoppix-related in this issue, but I left the default user name
"knoppix" just in case someone could suggest the opposite.

I suppose in few days I will try shorewall.

Thank you very much, Doug.

__________________________________________________________________________

   Departemento pri Statistiko kaj Plejbonigo, kaj Matematika Didaktiko   
   Universitato Oviedo - EUITIndus 33203 Hispanio - 2:341/14.79@fidonet

Reply to:

Follow-Ups:
- Re: problems with IPMASQ
  - From: "Douglas A. Tutty" <dtutty@porchlight.ca>

Prev by Date: Re: telepítés
Next by Date: Re: Changing Ethernet Drivers [Solved]
Previous by thread: Re: Firefox error - SSL_ImplementedCiphers
Next by thread: Re: problems with IPMASQ
Index(es):
- Date
- Thread