[plug] IP Masquerade - HELP!

John Breen jbreen at wn.com.au
Tue Sep 12 10:27:04 WST 2000 

Okay, I admit to being stumped.  Perhaps some of the gurus could
help.  Again.

I've read the Linux IP Masquerading HOWTO, with special attention to
getting it all to go on a 2.2.x kernel (such as I have...)  I've
followed the instructions therein in rebuilding my kernel, set up a
script that's run on startup to configure IP Firewalling with
IPCHAINS and put the right things in the right places in
/proc/sys/net/ipv4.  I've set up my network correctly - TCP/IP works
fine internally and samba runs perfectly over it.  When I connect to
my ISP, I can go to my linux box and do

ping <address of my end of the connection>

and see it work.  I can ping the other end of the connection and it
works.  I can ping the DNS by IP and all goes well.  I set up my
resolv.conf so I pass off DNS requests to their end, and ping a URL
and it goes well.  (ie, the Linux box is happy that it's got a
connection)

I now go to the windows box, set up the default gateway to the IP of
my Linux box, go through the required "You have moved the mouse. 
Your computer must be restarted..." crap, and ping the IP of the
linux box.  It works fine.  I then ping the IP of the my end of the
connection and all goes well.  But, when I ping the other end of the
connection, I get "destination host is unreachable".  Thinking, "Ok,
ICMP doesn't work..." I make a note to take another look at the
kernel configuration and try a ftp connect to a remote site by IP
number, knowing the ftp masq module is built and loaded.  Nothing
doing.  Madly, I go back through the HOWTO again.  Nope, everything
checks OK.

The IPCHAINS rules that are set up according to the HOWTO are 

/sbin/ipchains -P forward DENY
/sbin/ipchains -A forward -s 192.168.0.0/24 -j MASQ

My dialup scripts sets a default route via the PPP connection.  I've
checked my routing table and yes, the default is there.

Also, in /etc/sysconfig/network (? - I'm not at my linux box right
now...), I've put the line to enable IP Masquerading.

What's wrong here?  I spent most of Sunday buggering around trying to
get everything to work.  There's probably something I'm missing, but
I'm buggered if I can see what...

HELP!
|
| John Breen
|
| jbreen at wn.com.au
| john at fairport.com.au
|
| "Do not worry, Arthur Dent.  Be afraid.  Be VERY afraid."
| Agrajag, "Life, the Universe and Everything"
|

More information about the plug mailing list