Re: problems with IPMASQ

To: debian-user@lists.debian.org
Subject: Re: problems with IPMASQ
From: "Douglas A. Tutty" <dtutty@porchlight.ca>
Date: Tue, 22 Jan 2008 21:19:23 -0500
Message-id: <[🔎] 20080123021923.GC7434@titan.hooton>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 877ii1jwvp.fsf@fisher.ciencias.uniovi.es>
References: <[🔎] 877ii1jwvp.fsf@fisher.ciencias.uniovi.es>

On Tue, Jan 22, 2008 at 11:52:58PM +0100, Carlos Enrique Carleos Artime wrote:
 
> > On Debian, you shouldn't have to do the rout add thing. ipmasq will
> > likly just work on its own, and you may just confuse it.
> 
> I added it because without it, it does not work either.

That's because you need a gateway line in /etc/network/interfaces which
sets the default route.

> 
> I will remove it, anyway.
> 
> (Note that IPMASQ works fine for my 192.168.0.0 net, but does not
> for the 192.168.2.0 one.)
> 
> > Give us your /etc/network/interfaces file on machine A.
> 
> Here it is:
> 
> knoppix@A:~$ cat /etc/network/interfaces
> # /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)
> 
> # The loopback interface
> # automatically added when upgrading
> auto lo eth0 eth1
> iface lo inet loopback
> 
> iface eth0 inet dhcp
> 
> iface eth1 inet static
>         address 192.168.0.2
>         netmask 255.255.255.0
>         network 192.168.0.0
>         broadcast 192.168.0.255
> 
Need gateway here.

> knoppix@A:~$ 
> 
> > >    I tried examples in /usr/share/doc/ipmasq/basic but failed.
> 
> I must write instead: /usr/share/doc/ipmasq/examples/basics
> 
> > The ipmasq package sets up a basic masquerading firewall based on the
> > 'net' being in the direction of the default route. If you want more
> > control of the firewall, install the shorewall-doc package, read it,
> > then remove ipmasq and install shorewall. While some people write raw
> > iptables firewalls themselves, most on this list (last I saw a poll) use
> > shorewall. If you know PF on BSD, yo?ll feel comfortable with
> > shorewall.
> 
> Ok, I'll give it a try to shorewall.  But before I wanted to check
> whether ipmasq had a default setup allowing all of several chained/sequential
> internal networks to access the internet.  Till now I failed.

It relies on a default route to know what interface to masq.

> 
> > You'll also need to turn on IP forwarding in /etc/sysctl.conf
> 
> I think it is already on:
> 
> knoppix@A:~$ /sbin/sysctl net.ipv4.conf.default.forwarding
> net.ipv4.conf.default.forwarding = 1
> knoppix@A:~$
> 
> > In your example lines, I saw the word KNOPPIX. I thought that was a
> > live CD thingy. If you are using that, then my reply may not make sense
> > since KNOPPIX will set things up differently from Debian and you should
> > ask on a KNOPPIX list.
> 
> The computer A was installed from a Knoppix, choosing the "Debian system"
> option.  I think it was in the "woody" era.  Since then, every Knoppix
> package has been removed or replaced during upgrades.  I think there is
> nothing Knoppix-related in this issue, but I left the default user name
> "knoppix" just in case someone could suggest the opposite.
> 
> I suppose in few days I will try shorewall.

Good luck.

Doug.

Reply to:

References:
- Re: problems with IPMASQ
  - From: Carlos Enrique Carleos Artime <carleos@uniovi.es>

Prev by Date: Re: OT: How to detect a keypress, and in which language?
Next by Date: Re: How to use Mutt?
Previous by thread: Re: problems with IPMASQ
Next by thread: lightnight, extension for icedove, screwed up
Index(es):
- Date
- Thread