Before scenario:
Kernel 2.2.20
internal subnet: 10.71.0.0/24 gateway eth1: 10.71.0.1 gateway eth0: 216.x.y.1 external subnet: 216.x.y.0/128
I hook up to eth1 and get IP from DHCP server. I can ping eth1, eth0, etc I can telnet 10.71.0.1 I can ssh 10.71.0.1 I can web browse 10.71.0.1
Everything fine, but I need to enable IP Masquerade so ...
... I upgrade the kernel to 2.4.18 and enable IP Masquerade
Now:
internal subnet: 10.71.0.0/24 gateway eth1: 10.71.0.1 gateway eth0: 216.x.y.1 external subnet: 216.x.y.0/128
I hook up to eth1 and STILL get IP from DHCP server.
BUT ..
I cannot ping eth1, eth0, etc I cannot telnet 10.71.0.1 I cannot ssh 10.71.0.1 I cannot web browse 10.71.0.1
None filtering rules so far
Any idea ?
Some tests from my host:
g4:~ rodrigo$ arp -a ? (10.71.0.1) at (incomplete) on en0 [ethernet] ? (10.71.0.255) at ff:ff:ff:ff:ff:ff on en0 [ethernet]
debian:/home/rodrigo# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
216.x.y.0 * 255.255.255.128 U 0 0 0 eth0
10.71.0.0 * 255.255.255.0 U 0 0 0 eth1
default 216-x-y-1.ip 0.0.0.0 UG 0 0 0 eth0
.config that I used to compile the new kernel ( skipped some parts ):
# Networking options # CONFIG_PACKET=m CONFIG_PACKET_MMAP=y CONFIG_NETLINK_DEV=m CONFIG_NETFILTER=y CONFIG_NETFILTER_DEBUG=y CONFIG_FILTER=y CONFIG_UNIX=y CONFIG_INET=y CONFIG_IP_MULTICAST=y # CONFIG_IP_ADVANCED_ROUTER is not set # CONFIG_IP_PNP is not set CONFIG_NET_IPIP=m # CONFIG_NET_IPGRE is not set # CONFIG_IP_MROUTE is not set # CONFIG_ARPD is not set # CONFIG_INET_ECN is not set CONFIG_SYN_COOKIES=y
# IP: Netfilter Configuration # CONFIG_IP_NF_CONNTRACK=m CONFIG_IP_NF_FTP=m CONFIG_IP_NF_IRC=m CONFIG_IP_NF_QUEUE=m CONFIG_IP_NF_IPTABLES=m CONFIG_IP_NF_MATCH_LIMIT=m CONFIG_IP_NF_MATCH_MAC=m CONFIG_IP_NF_MATCH_MARK=m CONFIG_IP_NF_MATCH_MULTIPORT=m # CONFIG_IP_NF_MATCH_TOS is not set # CONFIG_IP_NF_MATCH_AH_ESP is not set # CONFIG_IP_NF_MATCH_LENGTH is not set # CONFIG_IP_NF_MATCH_TTL is not set CONFIG_IP_NF_MATCH_TCPMSS=m CONFIG_IP_NF_MATCH_STATE=m CONFIG_IP_NF_MATCH_UNCLEAN=m CONFIG_IP_NF_MATCH_OWNER=m CONFIG_IP_NF_FILTER=m CONFIG_IP_NF_TARGET_REJECT=m # CONFIG_IP_NF_TARGET_MIRROR is not set CONFIG_IP_NF_NAT=m CONFIG_IP_NF_NAT_NEEDED=y
CONFIG_IP_NF_TARGET_MASQUERADE=m # CONFIG_IP_NF_TARGET_REDIRECT is not set # CONFIG_IP_NF_NAT_SNMP_BASIC is not set CONFIG_IP_NF_NAT_IRC=m CONFIG_IP_NF_NAT_FTP=m CONFIG_IP_NF_MANGLE=m # CONFIG_IP_NF_TARGET_TOS is not set CONFIG_IP_NF_TARGET_MARK=m CONFIG_IP_NF_TARGET_LOG=m # CONFIG_IP_NF_TARGET_ULOG is not set CONFIG_IP_NF_TARGET_TCPMSS=m CONFIG_IP_NF_COMPAT_IPCHAINS=m CONFIG_IP_NF_NAT_NEEDED=y CONFIG_IP_NF_COMPAT_IPFWADM=m CONFIG_IP_NF_NAT_NEEDED=y # CONFIG_IPV6 is not set # CONFIG_KHTTPD is not set # CONFIG_ATM is not set # CONFIG_VLAN_8021Q is not set # CONFIG_IPX is not set # CONFIG_ATALK is not set # CONFIG_DECNET is not set # CONFIG_BRIDGE is not set # CONFIG_X25 is not set # CONFIG_LAPB is not set # CONFIG_LLC is not set # CONFIG_NET_DIVERT is not set # CONFIG_ECONET is not set # CONFIG_WAN_ROUTER is not set # CONFIG_NET_FASTROUTE is not set # CONFIG_NET_HW_FLOWCONTROL is not set
Rodrigo Otavio Paes de Barros Otaviano
_________________________________________________________________
Take advantage of powerful junk e-mail filters built on patented Microsoft® SmartScreen Technology. http://join.msn.com/?pgmarket=en-ca&page=byoa/prem&xAPID=1994&DI=1034&SU=http://hotmail.com/enca&HL=Market_MSNIS_Taglines Start enjoying all the benefits of MSN® Premium right now and get the first two months FREE*.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
