[masq] [masq] [masq] Masq problems in 2.0.35pre (rumoured) (fwd)

David R. Forrest Tue, 28 Jul 1998 01:39:01 -0400
Matthew wrote:

> No proxy server here. What linux are you running? how did you compile
> your kernel? 

using "make menuconfig"

The items I have checked are :

Network Firewalls
Network Aliasing                << NOPE
TCP/IP forwarding
IP: MultiCasting
IP: SYN Cookie
IP: Firewalling
IP: Masquading
IP: ICMP Masquading
IP: Always Defragment
IP: Optimize as router not host  << NOPE
IP: Aliasing support             << Nope


--------
I'm running 2.0.35 and I'll copy most of my configuration and status stuff
at the end.

Things work fine w/o masquerading (as seen from lynx & telnet ping & such
from my linux box)

>From my internal network I can ping www.linuxhq.com, so ICMP masquerading
is up.

I can 'telnet www.linuxhq.com 80' and type 'GET dfsfdsa' and get the
server's HTML saying there is no page
I cannot 'telnet www.linuxhq.com 80' and type 'GET' (well, I can, but it
hangs)

This is similar to the response out of Netscape Communicator 4.04 on my
Win95 Box.  Some servers will tell me they have no non-existent files, but
will not send real files.  

I am using the dynaddr thing (I used it on an older kerne/machine/setup 2
years back & I very much like the one-shot connection) I tried disabling
it & still have the problem.

I'll try using the aliasing stuff next time I get time to recompile the
kernel.

Setup Stuff Follows...(long)
 .................................................................
 Dave Forrest                                [EMAIL PROTECTED]
 (804)-979-8634               http://watt.seas.virginia.edu/~drf5n

******************************
This is with my diald link up:
******************************
#### cat /etc/rc.d.rc.ipfw
#!/bin/sh
set -x ; # set +x;
# Setup IP firewalling/masquerading
# see http://www.indyramp.com/masq/
INSIDE=192.168.102.0/24
ANYWHERE=0.0.0.0/0
OUTSIDE=${ANYWHERE}
# Flush all commands
/sbin/ipfwadm -F -f
/sbin/ipfwadm -I -f
/sbin/ipfwadm -O -f
#per IP Masquerade Mini-Faq:
#  http://www.indyramp.com/mirrors/ipmasq/ipmasq-HOWTO.html
/sbin/ipfwadm -O -p accept
/sbin/ipfwadm -I -p accept
/sbin/ipfwadm -F -p deny
/sbin/ipfwadm -I -i deny -W sl0 -S ${INSIDE} -D ${ANYWHERE}
/sbin/ipfwadm -F  -a m -S ${INSIDE} -D ${OUTSIDE}
# enable first-packet re-writing per 
# http://www.linuxhq.com/patch/20-p0468.html
echo 1 > /proc/sys/net/ipv4/ip_dynaddr

# handy commands:
# cd /lib/modules/`uname -r`/ipv4 ; ls -a ip_masq* # lists the ipmasq
modules
# grep '' /proc/sys/net/ipv4/*  # shows the ip kernel setups
# ipfwadm -F -l ; ipfwadm -I -l ; ipfwadm -O -l ; ipfwadm -M -l # lists
# ifconfig  #

####  ipfwadm -F -l ; ipfwadm -I -l ; ipfwadm -O -l ; ipfwadm -M -l
IP firewall forward rules, default policy: deny
typ prot source               destination          ports
msq all  localnet/24          anywhere             n/a
IP firewall input rules, default policy: accept
typ prot source               destination          ports
den all  localnet/24          anywhere             n/a
IP firewall output rules, default policy: accept
IP masquerading entries

####  ls -a /lib/modules/`uname -r`/ipv4/ip_masq*
/lib/modules/2.0.35/ipv4/ip_masq_cuseeme.o
/lib/modules/2.0.35/ipv4/ip_masq_ftp.o
/lib/modules/2.0.35/ipv4/ip_masq_irc.o
/lib/modules/2.0.35/ipv4/ip_masq_quake.o
/lib/modules/2.0.35/ipv4/ip_masq_raudio.o
/lib/modules/2.0.35/ipv4/ip_masq_vdolive.o

####  grep '' /proc/sys/net/ipv4/*  # shows the ip kernel setups
/proc/sys/net/ipv4/arp_check_interval:6000
/proc/sys/net/ipv4/arp_confirm_interval:30000
/proc/sys/net/ipv4/arp_confirm_timeout:500
/proc/sys/net/ipv4/arp_dead_res_time:6000
/proc/sys/net/ipv4/arp_max_tries:3
/proc/sys/net/ipv4/arp_res_time:500
/proc/sys/net/ipv4/arp_timeout:6000
/proc/sys/net/ipv4/ip_dynaddr:1
/proc/sys/net/ipv4/ip_forward:1

####  ifconfig  #
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Bcast:127.255.255.255  Mask:255.0.0.0
          UP BROADCAST LOOPBACK RUNNING  MTU:3584  Metric:1
          RX packets:1276 errors:0 dropped:0 overruns:0
          TX packets:1276 errors:0 dropped:0 overruns:0

eth0      Link encap:10Mbps Ethernet  HWaddr 00:40:05:24:34:84
          inet addr:192.168.102.10  Bcast:192.168.102.255
Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1006  Metric:1
          RX packets:74654 errors:0 dropped:0 overruns:0
          TX packets:59105 errors:0 dropped:0 overruns:0
          Interrupt:11 Base address:0x300 

sl0       Link encap:Serial Line IP  
          inet addr:192.168.102.1  P-t-P:192.168.102.2  Mask:255.255.255.0
          UP POINTOPOINT RUNNING  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0
          TX packets:79 errors:0 dropped:0 overruns:0

ppp0      Link encap:Point-Point Protocol  
          inet addr:205.139.233.174  P-t-P:205.197.102.56
Mask:255.255.255.0
          UP POINTOPOINT RUNNING  MTU:1500  Metric:1
          RX packets:14 errors:0 dropped:0 overruns:0
          TX packets:36 errors:0 dropped:0 overruns:0


####  route -n  # list the routing table w/o DNS lookups
Kernel routing table
Destination     Gateway         Genmask         Flags MSS    Window Use
Iface
192.168.102.2   *               255.255.255.255 UH    1500   0        0
sl0
205.197.102.56  *               255.255.255.255 UH    1500   0        0
ppp0
192.168.102.0   *               255.255.255.0   U     1006   0       46
eth0
127.0.0.0       *               255.0.0.0       U     3584   0       30 lo
default         *               *               U     1500   0        1
ppp0
default         *               *               U     1500   0       35
sl0

####  cat /etc/diald.conf
mode ppp
connect "chat -f /etc/chat_script.cstone"
device /dev/cua1
speed 115200
modem
lock
crtscts
local 192.168.102.1
remote 192.168.102.2
dynamic
defaultroute
fifo /var/adm/diald
proxyarp
include /usr/lib/diald/standard.filter

####  cat /etc/rc.d/check.ipfw
#!/bin/sh
#set -x ; # set +x; # Check the IP firewalling setup
# handy commands for checking the firewall:
echo -e '\n#### cat /etc/rc.d.rc.ipfw'
                cat /etc/rc.d/rc.ipfw
echo -e '\n####  ipfwadm -F -l ; ipfwadm -I -l ; ipfwadm -O -l ; ipfwadm
-M -l'
                 ipfwadm -F -l ; ipfwadm -I -l ; ipfwadm -O -l ; ipfwadm
-M -l
echo -e '\n####  ls -a /lib/modules/`uname -r`/ipv4/ip_masq*'
                 ls -a /lib/modules/`uname -r`/ipv4/ip_masq* 
echo -e "\n####  grep '' /proc/sys/net/ipv4/*  # shows the ip kernel
setups"
                 grep '' /proc/sys/net/ipv4/*  # shows the ip kernel
setups
echo -e '\n####  ifconfig  #'
                 ifconfig  #
echo -e '\n####  route -n  # list the routing table w/o DNS lookups'
                 route -n  # list the routing table w/o DNS lookups
echo -e '\n####  cat /etc/diald.conf'
                 cat /etc/diald.conf
echo -e '\n####  cat /etc/rc.d/check.ipfw'
                 cat /etc/rc.d/check.ipfw


***************************************
and with my link down:
**********************
#### cat /etc/rc.d.rc.ipfw
#!/bin/sh
set -x ; # set +x;
# Setup IP firewalling/masquerading
# see http://www.indyramp.com/masq/
INSIDE=192.168.102.0/24
ANYWHERE=0.0.0.0/0
OUTSIDE=${ANYWHERE}
# Flush all commands
/sbin/ipfwadm -F -f
/sbin/ipfwadm -I -f
/sbin/ipfwadm -O -f
#per IP Masquerade Mini-Faq:
#  http://www.indyramp.com/mirrors/ipmasq/ipmasq-HOWTO.html
/sbin/ipfwadm -O -p accept
/sbin/ipfwadm -I -p accept
/sbin/ipfwadm -F -p deny
/sbin/ipfwadm -I -i deny -W sl0 -S ${INSIDE} -D ${ANYWHERE}
/sbin/ipfwadm -F  -a m -S ${INSIDE} -D ${OUTSIDE}
# enable first-packet re-writing per 
# http://www.linuxhq.com/patch/20-p0468.html
echo 1 > /proc/sys/net/ipv4/ip_dynaddr

# handy commands:
# cd /lib/modules/`uname -r`/ipv4 ; ls -a ip_masq* # lists the ipmasq
modules
# grep '' /proc/sys/net/ipv4/*  # shows the ip kernel setups
# ipfwadm -F -l ; ipfwadm -I -l ; ipfwadm -O -l ; ipfwadm -M -l # lists
# ifconfig  #

####  ipfwadm -F -l ; ipfwadm -I -l ; ipfwadm -O -l ; ipfwadm -M -l
IP firewall forward rules, default policy: deny
typ prot source               destination          ports
msq all  localnet/24          anywhere             n/a
IP firewall input rules, default policy: accept
typ prot source               destination          ports
den all  localnet/24          anywhere             n/a
IP firewall output rules, default policy: accept
IP masquerading entries

####  ls -a /lib/modules/`uname -r`/ipv4/ip_masq*
/lib/modules/2.0.35/ipv4/ip_masq_cuseeme.o
/lib/modules/2.0.35/ipv4/ip_masq_ftp.o
/lib/modules/2.0.35/ipv4/ip_masq_irc.o
/lib/modules/2.0.35/ipv4/ip_masq_quake.o
/lib/modules/2.0.35/ipv4/ip_masq_raudio.o
/lib/modules/2.0.35/ipv4/ip_masq_vdolive.o

####  grep '' /proc/sys/net/ipv4/*  # shows the ip kernel setups
/proc/sys/net/ipv4/arp_check_interval:6000
/proc/sys/net/ipv4/arp_confirm_interval:30000
/proc/sys/net/ipv4/arp_confirm_timeout:500
/proc/sys/net/ipv4/arp_dead_res_time:6000
/proc/sys/net/ipv4/arp_max_tries:3
/proc/sys/net/ipv4/arp_res_time:500
/proc/sys/net/ipv4/arp_timeout:6000
/proc/sys/net/ipv4/ip_dynaddr:0
/proc/sys/net/ipv4/ip_forward:1

####  ifconfig  #
lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Bcast:127.255.255.255  Mask:255.0.0.0
          UP BROADCAST LOOPBACK RUNNING  MTU:3584  Metric:1
          RX packets:1284 errors:0 dropped:0 overruns:0
          TX packets:1284 errors:0 dropped:0 overruns:0

eth0      Link encap:10Mbps Ethernet  HWaddr 00:40:05:24:34:84
          inet addr:192.168.102.10  Bcast:192.168.102.255
Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1006  Metric:1
          RX packets:74749 errors:0 dropped:0 overruns:0
          TX packets:59165 errors:0 dropped:0 overruns:0
          Interrupt:11 Base address:0x300 

sl0       Link encap:Serial Line IP  
          inet addr:192.168.102.1  P-t-P:192.168.102.2  Mask:255.255.255.0
          UP POINTOPOINT RUNNING  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0
          TX packets:79 errors:0 dropped:0 overruns:0


####  route -n  # list the routing table w/o DNS lookups
Kernel routing table
Destination     Gateway         Genmask         Flags MSS    Window Use
Iface
192.168.102.2   *               255.255.255.255 UH    1500   0        0
sl0
192.168.102.0   *               255.255.255.0   U     1006   0       47
eth0
127.0.0.0       *               255.0.0.0       U     3584   0       31 lo
default         *               *               U     1500   0       35
sl0

####  cat /etc/diald.conf
mode ppp
connect "chat -f /etc/chat_script.cstone"
device /dev/cua1
speed 115200
modem
lock
crtscts
local 192.168.102.1
remote 192.168.102.2
dynamic
defaultroute
fifo /var/adm/diald
proxyarp
include /usr/lib/diald/standard.filter

####  cat /etc/rc.d/check.ipfw
#!/bin/sh
#set -x ; # set +x; # Check the IP firewalling setup
# handy commands for checking the firewall:
echo -e '\n#### cat /etc/rc.d.rc.ipfw'
                cat /etc/rc.d/rc.ipfw
echo -e '\n####  ipfwadm -F -l ; ipfwadm -I -l ; ipfwadm -O -l ; ipfwadm
-M -l'
                 ipfwadm -F -l ; ipfwadm -I -l ; ipfwadm -O -l ; ipfwadm
-M -l
echo -e '\n####  ls -a /lib/modules/`uname -r`/ipv4/ip_masq*'
                 ls -a /lib/modules/`uname -r`/ipv4/ip_masq* 
echo -e "\n####  grep '' /proc/sys/net/ipv4/*  # shows the ip kernel
setups"
                 grep '' /proc/sys/net/ipv4/*  # shows the ip kernel
setups
echo -e '\n####  ifconfig  #'
                 ifconfig  #
echo -e '\n####  route -n  # list the routing table w/o DNS lookups'
                 route -n  # list the routing table w/o DNS lookups
echo -e '\n####  cat /etc/diald.conf'
                 cat /etc/diald.conf
echo -e '\n####  cat /etc/rc.d/check.ipfw'
                 cat /etc/rc.d/check.ipfw

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
For daily digest info, email [EMAIL PROTECTED]
[masq] [masq] [masq] Masq problems in 2.0.35pre (rumoured) (fwd)

Reply via email to
