IP masquerading, Qwest

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MVaughn Treude at <-
MNigel Sollars at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Patrick Fleming
Date:  
Subject: IP masquerading, Qwest
On Tue, 25 Sep 2001, Vaughn Treude wrote:

In ipchains all packets traverse all 3 chains input, output and forward.
Your first line has you jumping before reaching the end of all the input
options.
Here are my 3 lines for my lan:
/sbin/ipchains -A input -s 192.168.1.0/24 -i eth0 -j ACCEPT
/sbin/ipchains -A output -s 192.168.1.0/24 -i eth0 -j ACCEPT
/sbin/ipchains -A forward -s 192.168.1.0/24 -j MASQ

do a cat /proc/sys/net/ipv4/ip_forward
if you don't get a single "1" without the quotes then enable forwarding by
cat "1" /proc/sys/net/ipv4/ip_forward

Maybe I missed it.. how many other machines can ping outside the gateway?
HTH
Patrick

> Another thought:
> Are these firewall lines correct?
>
> Should the network spec on this line be the one connected to the Cisco (eth1) or the internal LAN? (I've tried both!)
> /sbin/ipchains -A input -j ACCEPT -i eth0 -s 0/0 67 -d 0/0 68 -p udp
>
> And these are at the end:
> /sbin/ipchains -P forward DENY
> /sbin/ipchains -A forward -i eth1 -s 192.168.1.0/24 -j MASQ
>
> Yes, my network is set up with a "1" in the third quad.
> Thanks again,
> VAughn
>
> Vaughn Treude wrote:
>
> > Yep. I already had the same DNS addresses entered on both machines, since the ME notebook was working with the dialup connection.
> > BTW, I've been revisiting the "test" section of the "IP Masquerade" HOWTO. I was able to find the REAL IP address by telnetting to the Cisco, and I could
> > ping that from the Windows box. But I could NOT telnet to the sample fixed IP addresses they gave (like the one for www.linux.org.) Perhaps these have
> > changed, or they are more security conscious now and rejected me without the prompt. In any case, my forwarding seems to be failing independent of the
> > DNS lookup function.
> > Also, it's been suggested that I need to run DHCPD on the firewall box, but the IP-Masq howto doesn't mention this at all. It was my understanding that
> > Qwest was doing this for me. I currently haven't tried running DHCPD; haven't figured out the setup yet.
> >
> > Thanks,
> > Vaughn
> >
> > Kevin Brown wrote:
> >
> > > and you have DNS configured right?
> > >
> > > Vaughn Treude wrote:


This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-info regarding CCNA at GCCIP masquerading, Qwest->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)