On Saturday 23 June 2001 01:11, Joost Kooij wrote: > On Sat, Jun 23, 2001 at 12:45:18AM +0200, Brendon wrote: > > 'fraid it had no affect. the syslogs on both machines show nothing out of > > the ordinary either.... > > How did you setup masquerading, did you install ipmasq.deb or did > you try everything by hand?
I used the mini howto on www.linuxnewbie.org next to the Masquerading HOWTO. the iptables rules were setup by gShield. when i found that did not work i used the rc.firewall script given by the HOWTO. rc.firewall (several comments removed to keep the size down. btw, the gateway and other machines use static ip#s): -------------- #!/bin/sh # # Load all required IP MASQ modules # # NOTE: Only load the IP MASQ modules you need. All current IP MASQ # modules are shown below but are commented out from loading. echo -e "\n\nIPMASQ *TEST* rc.firewall ruleset - v0.50\n" # The location of the 'iptables' program #IPTABLES=/sbin/iptables IPTABLES=/sbin/iptables # Need to verify that all modules have all required dependencies # echo " - Verifying that all kernel modules are ok" /sbin/depmod -a #Loads the OUTGOING FTP NAT functionality into the core IPTABLES code # # Disabled by default -- remove the "#" on the next line to activate #/sbin/insmod ip_nat_ftp #Load the INCOMING FTP tracking mechanism for the connection tracking #code # # Disabled by default -- remove the "#" on the next line to activate #/sbin/insmod ip_conntrack_ftp #CRITICAL: Enable IP forwarding since it is disabled by default since echo " - Enabling packet forwarding in the kernel" echo "1" > /proc/sys/net/ipv4/ip_forward # Dynamic IP users: # # echo " - Enabling dynamic addressing measures" # echo "1" > /proc/sys/net/ipv4/ip_dynaddr # Enable simple IP forwarding and Masquerading # # NOTE: In IPTABLES speak, IP Masquerading is a form of SourceNAT or SNAT. # # NOTE #2: The following is an example for an internal LAN address in the # 192.168.0.x network with a 255.255.255.0 or a "24" bit subnet mask # connecting to the Internet on external interface "eth0". This # example will MASQ internal traffic out to the Internet not not # allow non-initiated traffic into your internal network. # # ** Please change the above network numbers, subnet mask, and your # *** Internet connection interface name to match your setup # echo " - Setting the default FORWARD policy to 'DROP'" echo " - Enabling SNAT (IPMASQ) functionality on eth0" $IPTABLES -P FORWARD DROP $IPTABLES -t nat -A POSTROUTING -o eth0 -j MASQUERADE echo -e "\nDone.\n" -------------- output when run: IPMASQ *TEST* rc.firewall ruleset - v0.50 - Verifying that all kernel modules are ok depmod: *** Unresolved symbols in /lib/modules/2.4.5/kernel/net/bridge/bridge.o - Enabling packet forwarding in the kernel - Setting the default FORWARD policy to 'DROP' - Enabling SNAT (IPMASQ) functionality on eth0 Done.
