On Mon, 23 Apr 2001, Robert Voigt wrote: > I compiled a 2.2.19 kernel because I want to use ipchains and do IP > masquerading. > The ipmasq package description on the debian website says one should enalbe > CONFIG_FIREWALL, CONFIG_IP_FIREWALL, CONFIG_IP_FORWARD, and > CONFIG_IP_MASQUERADE. > > I couldn't find CONFIG_IP_FORWARD in the kernel compile options. I assumed it > was obsolete and went on. > > After installing the kernel and rebooting I installed the ipmasq package from > potato. It printed the following error several times: > > Should I start IP Masquerading? [Y/n] y > Initializing IP Masquerading.../sbin/ipchains: invalid mask `' specified > Try `/sbin/ipchains -h' or '/sbin/ipchains --help' for more information. > > In between these errors it said IP forwarding is not enabled and I should do > echo 1 /proc/sys/net/ipv4/ip_forward > > The file /proc/sys/net/ipv4/ip_forward already contains a "1". > > Now I don't know what to do. > > I cannot connect to the internet from the other box. It says unknown host. > The internal network runs fine otherwise, and /etc/network/interfaces looks > good. The internet connection on this box that I want to use as gatewaw also > works. > > Help would be great. >
Have you read the IP Masquerade HOWTO? I've set up IP Masquerade several times and each time I followed this HOWTO pretty much to the letter and got it working without much trouble. The biggest problem that I had was to figure out what initialization script to use to load the IP Masquerade modules, set up IP Chains, and IP Forwarding. If I remember correctly there has been no standard Debian way of doing this in past releases, so one had to write an init script (not that it was a big deal). I try to stay with the Debian spirit of these things, if I can figure out what that is. Anyway, I'm at work right now, and unfortunately don't remember exactly how I have it set up at home. >From what you say, it sounds as though Debian has an init script for IP Masq in /etc/init.d and there are errors in the firewall rules you have set up. Look in the HOWTO and see if your rules are correct. There are just a couple of rules necessary to get Masquerade working. Then, if you want, you can beef up the firewall rules to provide protection to your masquerading machine and internal network -- but this is another subject. Hope this helps a little.
