IP masquerading, Qwest

[Vaughn Treude]

All right!
It worked!
I'm not sure what it was I did that made it work, but for the benefit of others who may be struggling, this is waht I did:
1. I added those /sbin/ipchains input and output lines listed below to my rc.firewall script, and re-ran it.
2. On Windows, I noticed the DNS addresses had disappeared from my network setup (Windows must have kindly done that for me when I deleted the dialup
connections.)  So I put them back, but under the TCP/IP settings for the ethernet card instead of the modem.
3. On Windows, I re-ran the Internet Connection Setup wizard, choosing the "connect using a LAN" selections.   I also checked the box for "automatic discovery of
proxy server settings" (even though I'm not using one), did not set up my mail client (it was already configured) and selected the box to connect immediately.
It worked!  (both Outlook and Exploder.)

BTW, on the Mandrake 8 box which is also on my LAN, I ran Konqueror and it connected instantly without any of the hassles I had with Windows ME.  (I still needed
the Windows connection ability, because I have to be able to run Net Meeting on my Win2K box, and because my wife's box is Windows 98.)

Thanks one and all for your patience!
Vaughn Treude

Patrick Fleming wrote:

> On Tue, 25 Sep 2001, Vaughn Treude wrote:
>
> In ipchains all packets traverse all 3 chains input, output and forward.
> Your first line has you jumping before reaching the end of all the input
> options.
> Here are my 3 lines for my lan:
> /sbin/ipchains -A input -s 192.168.1.0/24 -i eth0 -j ACCEPT
> /sbin/ipchains -A output -s 192.168.1.0/24  -i eth0 -j ACCEPT
> /sbin/ipchains -A forward -s 192.168.1.0/24  -j MASQ
>
> do a cat /proc/sys/net/ipv4/ip_forward
> if you don't get a single "1" without the quotes then enable forwarding by
> cat "1" /proc/sys/net/ipv4/ip_forward
>
> Maybe I missed it.. how many other machines can ping outside the gateway?
> HTH
> Patrick
>
> > Another thought:
> > Are these firewall lines correct?
> >
> > Should the  network spec on this line be the one connected to the Cisco (eth1) or the internal LAN?  (I've tried both!)
> > /sbin/ipchains -A input -j ACCEPT -i eth0 -s 0/0 67 -d 0/0 68 -p udp
> >
> > And these are at the end:
> > /sbin/ipchains -P forward DENY
> > /sbin/ipchains -A forward -i eth1 -s 192.168.1.0/24 -j MASQ
> >
> > Yes, my network is set up with a "1" in the third quad.
> > Thanks again,
> > VAughn
> >
> > Vaughn Treude wrote:
> >
> > > Yep.  I already had the same DNS addresses entered on both machines, since the ME notebook was working with the dialup connection.
> > > BTW, I've been revisiting the "test" section of the "IP Masquerade" HOWTO.  I was able to find the REAL IP address by telnetting to the Cisco, and I could
> > > ping that from the Windows box.  But I could NOT telnet to the sample fixed IP addresses they gave (like the one for www.linux.org.)  Perhaps these have
> > > changed, or they are more security conscious now and rejected me without the prompt.  In any case, my forwarding seems to be failing independent of the
> > > DNS lookup function.
> > > Also, it's been suggested that I need to run DHCPD on the firewall box, but the IP-Masq howto doesn't mention this at all.   It was my understanding that
> > > Qwest was doing this for me.  I currently haven't tried running DHCPD; haven't figured out the setup yet.
> > >
> > > Thanks,
> > > Vaughn
> > >
> > > Kevin Brown wrote:
> > >
> > > > and you have DNS configured right?
> > > >
> > > > Vaughn Treude wrote:
>
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list  -  PLUG-discuss@lists.PLUG.phoenix.az.us
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss