----- Forwarded message from cmasters <[EMAIL PROTECTED]> ----- Date: Thu, 6 Dec 2001 18:52:37 -0400 From: cmasters <[EMAIL PROTECTED]> To: debuser Subject: Difficulties w/ ipmasq Reply-To: [EMAIL PROTECTED] User-Agent: Mutt/1.2.5i
Greetings, I hope that someone cah help me with this. A couple of days ago, in a knee jerk response to recent security advisories, I decided that my system wasn't secure enough and installed 'ipmasq' through apt-get. After installing (although no configuration was offered), I visited a number of firewall and firewall-testing sites to determine the baseline security of my home system. The tests (and further research) led me to believe that I have little need of ipmasq or similar programs -- ipchains, etc. as my ip address is a Class A (static) that is changed dynamically outside my ISP's private net. This was good news, so I removed (again through apt-get) the ipmasq program. This difficulty is this: I also run w98 through vmware. It uses a 'virtual' network card and has been set up to use Class c -- 192.168.46.0/24 addresses to allow communication between the host and virtual machines. Since installing ipmasq, my syslogs are filled with 'reject' and 'deny' notices to the 192 subnet. I need to remove and/or reverse actions on that net as I need to be able to communicate between host and virtual machines. I've also attempted to search the relevent man pages, but it would appear that the ipmasq page was removed when i removed the package (big surprise there). Also I understand that the location of ip rules is slightly different on a Debian system. I figure that possible solutions are: 1. Locate and alter the scipts/rules that are controlling denials to 192.x.x.x -- this would be my first choice. 2. Re-install ipmasq and write appropriate rules that will allow me to use my 'virtual' net. I've renamed the ipmasq directory to OLD.ipmasq, explicitly stopped /etc/init.d/ipmasq and even stopped portmap in the hopes that this would do. No such luck. Could someone help me out with locating and removing/altering the specific rules? Much thanks, C. Masters ----- End forwarded message -----
