[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ADSL Masuerading with 2.4.7-10 and ipchains Q
- To: linux-il(at-nospam)linux.org.il
- Subject: Re: ADSL Masuerading with 2.4.7-10 and ipchains Q
- From: "Stiven Andre" <stiven_a(at-nospam)hotmail.com>
- Date: Wed, 31 Oct 2001 12:38:18 +0200
- Delivered-To: linux.org.il-linux-il@linux.org.il
- Sender: linux-il-bounce(at-nospam)cs.huji.ac.il
Hi Dani.
Thanx for your help I finaly got it up when I changed that Line :-).
After some minutes everything start working like a dream.
I am not sure what was that line but it is from IP tables example that
everybody use, maybe you should add there a note about this line. So other
people will not have a problems.
Thanx again.
Sincerely yours, X-Kent.
>From: Dani Arbel <darbel@techunix.technion.ac.il>
>To: Stiven Andre <stiven_a@hotmail.com>
>Subject: Re: ADSL Masuerading with 2.4.7-10 and ipchains Q
>Date: Tue, 30 Oct 2001 08:56:42 +0200 (IST)
>
>opps.... took another look and noticed that you have few machines on
>192.168.1.0
>
>change the line in the rc.firewall from
>HOST1_IP="192.168.1.2/32"
>to:
>HOST1_IP="192.168.1.0/24"
>
>This will make all ips on 192.168.1.0 trusted hosts.
>
>currently the line in the FORWARD table:
>
>A FORWARD -s 192.168.1.2 -m state --state NEW -j ACCEPT
>will apply to host 192.168.1.2 only. that means a new ping from
>192.168.1.10 to the outside will be dropped in the begining of the FORWARD
>table and never reach the POSTROUTING masquarade rule.
>
>Dani
>
>On Tue, 30 Oct 2001, Stiven Andre wrote:
>
> >
> > Hi Dani.
> >
> > This message is sent only to you becouse it is big and I don't want to
>flood
> > the list.
> >
> > I think there is everyithing you asked me to send and in addition I sent
>you
> > my curret rc.firewall.
> >
> > You also asked to write about prblems but I can't say anything useful
> > becouse the only thing I can say that masquerade doesn't work.
> >
> > My distribution is RH7.2 and machine is 133hmz 32RAM (linux server)
> >
> > I can ping from internal machine (192.168.1.10) to 192.168.1.1 (Linux
> > server) and
> > 192.116.192.101 (Linux external Ip "ppp0") but I can't get any other
>things
> > up with iptables.
> >
> > When I tryed with ipchains it worked but without dns and without any
>special
> > modules like ip_masq_irc... when I tryed to inster thoose modules it
> > replayed no
> > module with that name.
> >
> > Can you please check what's wrong.
> > I am not sure that all modules are loaded.
> > all debugs there are after exuting rc.firewall and with adsl connection
>up.
> >
> > Thanx.
> >
> > Stiven.
> >
> > >From: Dani Arbel <darbel@techunix.technion.ac.il>
> > >To: Stiven Andre <stiven_a@hotmail.com>
> > >CC: <linux-il@linux.org.il>
> > >Subject: Re: ADSL Masuerading with 2.4.7-10 and ipchains Q
> > >Date: Mon, 29 Oct 2001 20:51:05 +0200 (IST)
> > >
> > >Steven,
> > >send the output of the command iptables-save to me along with your
> > >ifconfig -a and list of problems. also lsmod output would be helpful.
> > >The iptables i put as an example allows outbound pinging and blocks
> > >inbound pinging.
> > >Dani
> > >
> > >On Mon, 29 Oct 2001, Stiven Andre wrote:
> > >
> > > > Hi List.
> > > >
> > > > Sorry that I haven't mentioned about Dani when I was talking about
>how
> > >to. I
> > > > just
> > > > forgot it, realy sorry.
> > > >
> > > > The thing I have asked it is for a small rc.firewall script that
>will
> > >accept
> > > > every
> > > > traffic and masquerade 192.168.1.x. I need it in order to check that
>all
> > > > modules are loaded successefuly becouse when I am using the
>rc.firewall
> > >from
> > > > exaples in how-tos (masquerade how-to/adsl-how-to) I can't get the
> > >things
> > > > up. And it seems
> > > > that rc.firewall with iptables from adsl-how-to does not allows
>event
> > >ping.
> > > > After using all thoose examples I couldn't get masquerade up at all.
> > > > And by now I just need a simple masquerade after I get it up I will
> > >tight
> > > > the
> > > > security.
> > > >
> > > > I repeat my network is:
> > > >
> > > >
> > > > |
> > > > /|
> > > > Linux box---eth0--HUB | My 192.168.1.x network
> > > > | \|
> > > > eth1 |
> > > > |
> > > > ADSL modem
> > > >
> > > >
> > > > It seems that some people thought that I use option with 1NIC on
>linux
> > >box
> > > > but I use 2 NICs becouse I don't want to have additional security
>holes
> > >and
> > > > I
> > > > don't want to change My network structure to 10.x.x.x
> > > >
> > > > _________________________________________________________________
> > > > Get your FREE download of MSN Explorer at
> > >http://explorer.msn.com/intl.asp
> > > >
> > > >
> > > > =================================================================
> > > > To unsubscribe, send mail to linux-il-request@linux.org.il with
> > > > the word "unsubscribe" in the message body, e.g., run the command
> > > > echo unsubscribe | mail linux-il-request@linux.org.il
> > > >
> > >
> > >
> > >=================================================================
> > >To unsubscribe, send mail to linux-il-request@linux.org.il with
> > >the word "unsubscribe" in the message body, e.g., run the command
> > >echo unsubscribe | mail linux-il-request@linux.org.il
> > >
> >
> >
> > _________________________________________________________________
> > Get your FREE download of MSN Explorer at
>http://explorer.msn.com/intl.asp
> >
>
_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp
=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il