On Sat, 23 May 1998 16:25:17 +0530, Bruce Jackson wrote:
>Steve Lamb wrote:
>> On Sat, 23 May 1998 12:44:16 +0530, Bruce Jackson wrote:
>> As I said, ping, FTP, ICQ chat/file requests, DCC all require
Jeezus, talk about open mouth insert foot. :(
ping and traceroute should work, I just verified it with one of my
IPMasq'd machines.
----
[EMAIL PROTECTED]:/mnt/hdc1/home/morpheus}ping web1.calweb.com
PING web1.calweb.com (208.131.56.51): 56 data bytes
64 bytes from 208.131.56.51: icmp_seq=0 ttl=245 time=241.4 ms
--- web1.calweb.com ping statistics ---
2 packets transmitted, 1 packets received, 50% packet loss
round-trip min/avg/max = 241.4/241.4/241.4 ms
[EMAIL PROTECTED]:/mnt/hdc1/home/morpheus}traceroute web1
traceroute to web1.calweb.com (208.131.56.51), 30 hops max, 40 byte packets
1 teleute.dyn.ml.org (192.168.0.1) 1.425 ms 1.162 ms 1.156 ms
2 oakm480207.jps.net (209.142.28.3) 151.098 ms 188.255 ms 149.58 ms
----
>> ipfwadm -F -p deny
>> ipfwadm -F -a m -S 192.168.0.0/24 -D 0.0.0.0/0
>> I copied them almost verbatium out of the IPMasqing HOWTO.
>I have used these exact same rules as well as using info I found on the
>Internet using Dejanews and I have tried the dotfile maker. All with
>now success. If we follow the How-to it says that you should try to
>connect to the Internet and browse using the ip address 152.2.254.81.
[EMAIL PROTECTED];0.08:/s1/morpheus}nslookup 152.2.254.81
Server: localhost
Address: 127.0.0.1
Name: fddisunsite.oit.unc.edu
Address: 152.2.254.81
Well, it is valid.
>Can`t seem to find this address. This tells me that the firewall is
>blocking everything. I have not seen any modules for ping, or
>traceroute. I have seen modules for quake, raudio, etc. Maybe I am
>missing something, but basic services like ping and traceroute should
>not be denied. These are excellent diagnostic services. Without them,
>it becomes difficult to diagnose.
Yeah, that was my bad. For some stupid reason I was misremembering that
ping didn't work through an IPMasq. Don't ask me where that came from. It
works, though, so ignore me on that.
What are the ipfwadm rules you are putting on the masqing machine? IIRC
you said you can ping IPMasing machine from the others, just not the outside
world, right?
--
Steve C. Lamb | Opinions expressed by me are not my
http://www.calweb.com/~morpheus | employer's. They hired me for my
ICQ: 5107343 | skills and labor, not my opinions!
---------------------------------------+-------------------------------------
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
