IP masquerading, Qwest
Gontran
plug-discuss@lists.PLUG.phoenix.az.us
Mon, 24 Sep 2001 23:10:11 -0700
* Vaughn Treude (tv6@qwest.net) wrote:
>
> Yes, I have two NIC's. The NIC on the internal LAN is eth0; the one that
> connects to the Cisco is eth1.
This makes it more likely to work as you expect.
> By "aliasing", are you referring to the use of the names "eth0" and "eth1"
> instead of the actual board names?
By 'aliasing' I meant adding an alias, eg eth0:0 to say eth0, by specifying
a new IP and junk for that eth0:0 interface using ifconfig.
>
>
> > % /sbin/ifconfig -a
> > % netstat -rn
> >
>
> I've inserted the results of those commands here:
...
>
> eth0 Link encap:Ethernet HWaddr 00:40:05:5F:21:F2
> inet addr:192.168.1.101 Bcast:192.168.1.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:7770 errors:0 dropped:0 overruns:0 frame:0
> TX packets:1272 errors:0 dropped:0 overruns:0 carrier:0
> collisions:1 txqueuelen:100
> Interrupt:10 Base address:0xff80
>
> eth1 Link encap:Ethernet HWaddr 00:D0:B7:6C:8E:61
> inet addr:10.0.0.3 Bcast:10.0.0.255 Mask:255.255.255.0
> UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> RX packets:95976 errors:0 dropped:0 overruns:0 frame:0
> TX packets:7128 errors:0 dropped:0 overruns:0 carrier:0
> collisions:0 txqueuelen:100
> Interrupt:11 Base address:0x2000
...
>
>
> Kernel IP routing table
> Destination Gateway Genmask Flags MSS Window irtt Iface
> 192.168.1.101 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
> 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
> 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
> 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
> 0.0.0.0 10.0.0.1 0.0.0.0 UG 0 0 0 eth1
>
These look OK.
> >
> > Are your other boxes pointing to one of your interfaces as _their_ gateway?
> >
>
> Haven't gotten around to that yet. I got the impression that if I couldn't
> ping the Cisco from one of the internal systems, it wouldn't work. Or maybe
> I missed this step somewhere.
>
Doh. Unless you've set up dhcpd on your masquerading box -- which
could let the end points know where their gateway is, you'll need to
set this up manually. You know the drill, start menu, ... ;) The endpoints
need to know where to direct their requests, after all.
> I think the author of the how-to even admits it's not very good. :-) I'll
> check that other one out.
Seawall is very easy to set up and an excellent solution, but until which
time that you get that or any other firewall script(s) set up, something
like
% ipchains ... -j MASQ ...
right out of the howto should do the trick. Assuming you compiled your
kernel to specification -- which is my assumption based on your earlier
statement.
Good Luck!~
Gontran
--
I'm just making this stuff up.