[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: IP-masquerading & rplayd



On Mon, 22 Feb 1999, Schlomo Schapiro wrote:

>Hi Peter,
>
>always a delight to hear from you !
>
>But how do I DEBUG those things ? MS has no debugging, OK. But Linux ??

Debug what ? Scripts ? Any script can contain `echo "scream your head off"
>> /var/log/script.log`. This includes /sbin/request_route.

To debug a firewall you need something that allows you to throw custom
packets at it. Such as a cracker tool. Don't believe that what you issue
as command is indeed executed until you check it otherwise.

>>Peter L. Peres wrote:
>> 
>> On Sun, 21 Feb 1999, Schlomo Schapiro wrote:
>> 
>> That all ? ;)
>
>Yup, the guy is very please with Linux (except for stuff not working)
>
>> >How can I debug this, e.g. see where the packets get lost.
>
>What about the debugging stuff ?
>
>> 
>> I have never used diald because it has more than 1 page of docs ;) afaik
>> diald uses a slip device to monitor outgoing requests which are then
>> redirected. This is a shot in the dark, but I DON'T think that this will
>> work with a firewall as is.
>
>Peter, I know exactly how diald works (I read all its docs). The problem
>is not related to diald, but topackets not beeing transferred from eth0
>to sl0 (or ppp0 for that it matters), even though I have a defaultroute
>set to the device (sl0,ppp0). 
>
>Can this be a kernel thingy not to route stuff from private networks ?

Yes. Drop source routed frames and ip forwarding afaik.

>>> >Also, isthere any alternative to diald yet ?
>> 
>> It is called ipfwadm+/sbin/request_route+crond . crond runs two 
>
>Yeah, tried once to set it up, never go the script to be run (I did all
>the howtos etc). Then i ditched it again.

afaik certain kernels have the request_route disabled. You have to check
the docs.

Peter