On Sun, Mar 26, 2000 at 12:12:42AM +1030, John Pearson wrote: > Are you using a "stock" Debian kernel, or one which you built > yourself? The stock kernels usually include masquerading > support.
Yes--stock 'potato' 2.2.14 is the one telling me "IP Masquerading is not enabled in the kernel." > If you're using a "Stock" 2.2.x kernel you should see > masquerading modules (ip_masq_*.o) under > /lib/modules/2.2.14/ipv4 (assuming kernel version 2.2.14); Strange to say, I know I had those earlier (perhaps under 'slink'?) but I'm aware they went missing at some point, possibly with the first install of 'potato'. > ...if you do then your kernel already has masquerading support > built in (No, apparently not. You've got me wondering now whether I went through an initial config process with the upgrade that I don't remember, and in which I turned off -something- that was required for Masquerading.) > (if it *is* a stock kernel then you should also have a file like > /boot/config-2.2.14 that shows you the kernel configuration used). (Yes, that file is present.) > If you're compiling your own, you need to include support for > (assuming kernel 2.2.x) Network Firewalls, IP Firewalls and IP > Masquerading. You also need /proc filesystem support and sysctl > support (under "General Options"). I've now done that, and included the options you mention (though I never came upon the 'sysctl' option during the 'menuconfig' selection process -- I looked for it 2 or 3 times, and finally trusted that it might've been turned 'on' for me along the way; we'll find out. :-) > If you are using a 2.2.x kernel, also bear in mind that IP > forwarding has to be enabled for IP masquerading to work; you > can enable forwarding with > # echo "1" > /proc/sys/net/ipv4/ip_forward > > and see if it is enabled with > # cat /proc/sys/net/ipv4/ip_forward Okay. > This step is not relevant to 2.0.x kernels; if they have > forwarding enabled at compile time then it is enabled. > > Finally, here are the ipchains rules that perform > masquerading on my machine, running kernel 2.2.14: [snip] > I use the ipmasq package to do this for me; I'm using version > 3.2.5, which seems to work here. The only extra tweaking I've > done (AFAICR) is to add the line > modprobe ip_masq_ftp > > to the end of /etc/ppp/ip-up.d/00ipmasq; you may want to load > the modules (if any) for the protocols you require there, also. > > Good luck, Your generousness of spirit is appreciated, John; thanks kindly. -- -- Jeff -- <http://www.wellnow.com> "There's nothing left in the world to prove. All that's worth doing is to love one another, using whatever means are available to serve."
