On Sat, Mar 25, 2000 at 01:11:23AM -0500, Jeff Gordon wrote > On Fri, Mar 24, 2000 at 02:31:32PM -0500, Andrew Sullivan wrote: > > > No trouble. The other fellow's responses about ipchains &c. may also be > > true. I don't know whether the stock kernel comes with masquerading turned > > on. Your remarks about what responds to modprobe, though, suggest that you > > do need to use ipchains. > > > > You'll need to remove the ipfwadm module first. Also, get rid of it in > > modules.conf; you'll need to have a look at the docs for modutils. Once > > you've taken that out of the kernel (and prevented it from auto-loading), > > you can use ipchains. > > Hmm; looks like -nothing's- in the kernel (and no mention of any of these > in modules.conf): > > www2:~# modprobe ipchains > modprobe: Can't locate module ipchains > www2:~# modprobe ipfwadm > modprobe: Can't locate module ipfwadm > www2:~# modprobe ipmasq > modprobe: Can't locate module ipmasq > www2:~# ipmasq > IP Masquerade has not been enabled in the kernel. > > Eh..?
Um.. in spite of what Andrew said, they're not modules. ipfwadm is an IP packet firewall/masquerading setup utility that works with kernel 2.0.x; ipchains is similar, but for kernel 2.2.x. To see what masquerading-related modules you have, look in /lib/modules/<kernel version>/ipv4; with stock kernels, which have IP firewalling & masquerading built-in, you should see a bunch of modules for specific protocols, like ip_masq_ftp.o. If you're using a stock Debian kernel you shouldn't need to do anything fancy to use masquerading; try starting with just # ipfwadm -I -l for kernel 2.0.x, or # ipchains -L input for kernel 2.2.x. This should list the default policy and rules for accepting incoming packets, if your kernel supports IP firewalling (which is required for IP masquerading). John P. -- [EMAIL PROTECTED] [EMAIL PROTECTED] "Oh - I - you know - my job is to fear everything." - Bill Gates in Denmark
