Anyone here on the Debian-L know the secrets of using the ipfwadm utility to set up masquerading? I've built a kernel with the proper options but I'm concerned about whether I'm really masquerading, or just forwarding packets. How do I prove it? There was a recent LJ article on using masquerading, but it was primarily based on the software prior to the recent advances. In particular, the method used to establish the masquerading ruleset, and verifying just what has been set is my concern. There is no longer a ipfw, but now the management utility is ipfwadm. The concern comes from the setting of the masquerade rule.
The ipfwadm has an option (-M) for masquerading, but, this is NOT used for setting the rule, and the only valid option is -l, for listing of the masquerading rules. The only way I can get a rule set is to use the following command (does this really result in masquerading or not is the question): #ipfwadm -F -i masquerade -P all -S 192.168.210.0/0 -D 0.0.0.0/0 The reason for the question is this; the ipfwadm -M -l shows no masquerade rule set. And, I got on the net using this last nite, and sure enough was able to get out to the net from my laptop, and using Lynx, got out to the Web. I discovered that several links on various pages were not accessible from the LT, but they were if I ran a browser directly on wb2oyc (my Deb1.1 box). This got me wondering if perhaps my reserved net address was getting thru my ISP to the net, and thats why I wasn't able to get to some of the links. So, I ran tcpdump on wb2oyc while doing this. Sure enough, there I see packets sent from the Web host directly to the address of the laptop (!) which is assigned the address in the 192.168 reserved space and shouldn't ever get thru my ISP's router! In other words, I was not masquerading for its address; I don't think. Bummer! Worse, my ISP is not stopping those packets. Paul
