Masquerading problems
Craig White
craigwhite@azapple.com
Sat, 9 Dec 2000 13:57:34 -0700
> -----Original Message-----
> From: plug-discuss-admin@lists.plug.phoenix.az.us
> [mailto:plug-discuss-admin@lists.plug.phoenix.az.us]On Behalf Of Eric
> Thelin
> Sent: Saturday, December 09, 2000 1:44 PM
> To: plug-discuss@lists.plug.phoenix.az.us
> Subject: Masquerading problems
>
>
>
> I trying to use ip masquerading and getting very strange results. I
> have created an ipchains config script that should work and sort of
> does. It works fine to both addresses on the gateway machine. Then I
> try to ping remote addresses. The first ping and a few following pings
> usually works and then most of the rest are lost. About 1 in 250 pings
> are returned. I have actually rebuild the machine from scratch and it
> still does the same thing. I had it working about 6 months ago and have
> know idea what is different. My ipchanis config consists of:
>
> /sbin/depmod -a
> /sbin/modprobe ip_masq_ftp
> echo "1" > /proc/sys/net/ipv4/ip_forward
> echo "1" > /proc/sys/net/ipv4/ip_always_defrag
> /sbin/ipchains -M -S 7200 10 160
> /sbin/ipchains -F
> /sbin/ipchains -P forward DENY
> /sbin/ipchains -A forward -s 192.168.0.0/16 -j MASQ
>
> Any ideas? What could even cause this? Could it be something related
> to the fact that the connection I am trying to share is a cable modem?
>
----
Assuming that you can ping repeatedly without packet loss...
I would definitely change the last rule to...
/sbin/ipchains -A forward -i eth0 -s 192.168.0.0/16 -d ! 192.168.0.0/16 -j
MASQ
the difference being...
add the specific interface being masqueraded...the internal network adaptor
the destination address being masquerade anything NOT destined for the
internal lan
obviously, this is a simple rule set and nowhere near adequate for securing
a network.
and lastly....
sometimes the cable modems are goofy and insistent about being powered off
before switching to another network adaptor on another computer.
Craig