IP masquerading, Qwest

Gontran plug-discuss@lists.PLUG.phoenix.az.us
Mon, 24 Sep 2001 23:10:11 -0700 

* Vaughn Treude (tv6@qwest.net) wrote:
> 
> Yes, I have two NIC's.  The NIC on the internal LAN is eth0; the one that
> connects to the Cisco is eth1.

This makes it more likely to work as you expect.

> By "aliasing", are you referring to the use of the names "eth0" and "eth1"
> instead of the actual board names?
By 'aliasing' I meant adding an alias, eg eth0:0 to say eth0, by specifying
a new IP and junk for that eth0:0 interface using ifconfig.

> 
> 
> > % /sbin/ifconfig -a
> > % netstat -rn
> >
> 
> I've inserted the results of those commands here:
...
> 
> eth0      Link encap:Ethernet  HWaddr 00:40:05:5F:21:F2
>           inet addr:192.168.1.101  Bcast:192.168.1.255  Mask:255.255.255.0
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:7770 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:1272 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:1 txqueuelen:100
>           Interrupt:10 Base address:0xff80
> 
> eth1      Link encap:Ethernet  HWaddr 00:D0:B7:6C:8E:61
>           inet addr:10.0.0.3  Bcast:10.0.0.255  Mask:255.255.255.0
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:95976 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:7128 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:100
>           Interrupt:11 Base address:0x2000
...
> 
> 
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
> 192.168.1.101   0.0.0.0         255.255.255.255 UH        0 0          0 eth0
> 10.0.0.0        0.0.0.0         255.255.255.0   U         0 0          0 eth1
> 192.168.1.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
> 127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
> 0.0.0.0         10.0.0.1        0.0.0.0         UG        0 0          0 eth1
> 
These look OK.

> >
> > Are your other boxes pointing to one of your interfaces as _their_ gateway?
> >
> 
> Haven't gotten around to that yet.  I got the impression that if I couldn't
> ping the Cisco from one of the internal systems, it wouldn't work.   Or maybe
> I missed this step somewhere.
> 
Doh.  Unless you've set up dhcpd on your masquerading box -- which 
could let the end points know where their gateway is, you'll need to
set this up manually.  You know the drill, start menu, ... ;) The endpoints
need to know where to direct their requests, after all.

> I think the author of the how-to even admits it's not very good.  :-) I'll
> check that other one out.

Seawall is very easy to set up and an excellent solution, but until which
time that you get that or any other firewall script(s) set up, something 
like 
	% ipchains ... -j MASQ ... 

right out of the howto should do the trick. Assuming you compiled your 
kernel to specification -- which is my assumption based on your earlier 
statement.

Good Luck!~ 
Gontran
--
I'm just making this stuff up.