IP masquerading, Qwest
Vaughn Treude
plug-discuss@lists.PLUG.phoenix.az.us
Mon, 24 Sep 2001 22:28:19 -0700
Thanks for your speedy reply! I've been procrastinating getting this masquerading working for some time now. Ended up rebuilding my kernel,
which I'd never done before, but that's another story.
Gontran wrote:
> * Vaughn Treude (tv6@qwest.net) wrote:
> > in the ubiquitous 192.168.x.x field. The Cisco modem that Qwest reports that its address as 10.0.0.1. DHCP seems to be running fine for
> > me, and I can access the Web, email, and news on the Mandrake box. But the other machines can't see the Cisco modem.
>
> You'll probably get a lot of help with this.
> Do you have a two ethernet card (bastion) setup? Are you using aliasing?
> What's your routing table look like?
>
Yes, I have two NIC's. The NIC on the internal LAN is eth0; the one that connects to the Cisco is eth1.
By "aliasing", are you referring to the use of the names "eth0" and "eth1" instead of the actual board names?
> % /sbin/ifconfig -a
> % netstat -rn
>
I've inserted the results of those commands here:
dummy Link encap:Ethernet HWaddr 00:00:00:00:00:00
BROADCAST NOARP MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
eth0 Link encap:Ethernet HWaddr 00:40:05:5F:21:F2
inet addr:192.168.1.101 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7770 errors:0 dropped:0 overruns:0 frame:0
TX packets:1272 errors:0 dropped:0 overruns:0 carrier:0
collisions:1 txqueuelen:100
Interrupt:10 Base address:0xff80
eth1 Link encap:Ethernet HWaddr 00:D0:B7:6C:8E:61
inet addr:10.0.0.3 Bcast:10.0.0.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:95976 errors:0 dropped:0 overruns:0 frame:0
TX packets:7128 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:11 Base address:0x2000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:3924 Metric:1
RX packets:40 errors:0 dropped:0 overruns:0 frame:0
TX packets:40 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.1.101 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 eth1
>
> Are your other boxes pointing to one of your interfaces as _their_ gateway?
>
Haven't gotten around to that yet. I got the impression that if I couldn't ping the Cisco from one of the internal systems, it wouldn't
work. Or maybe I missed this step somewhere.
>
> > The masquerading how-to suggests that I try to ping the dynamic IP address from one of the internal machines. In this case, I know
> > nothing to try but 10.0.0.1. It doesn't surprise me that the other machines can't reach the modem at this address. Is this an inherent
> > problem with it being assigned one of those "local" IP addresses, or is it more likely that my IP masquerading setup isn't correct?
> >
> > Could these be indicative of the problem? If so, what do they mean? I'm using the "sample" rc.firewall script from the
> > IP masquerading "howto"; not too secure, I know, but I've got to start somewhere.
>
> That script blows. For 2.2 kernels try something like seawall.
> http://seawall.sourceforge.net
>
I think the author of the how-to even admits it's not very good. :-) I'll check that other one out.
>
> Gontran
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list - PLUG-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss