Thanks everyone for their contribution, I was really fed up with this problem but after you all answered, I regained a sense of hope. Pete & John Christ, thank you, you both were right, all I needed was the first line of my script, everything else was extra that was not needed. It seemed that the problem was that 1) I didn't need a fancy script 2 ) the settings on my PC had to be correct. When I had first setup the IP Masq box, I basically did not change the settings on the PC for the news client, thinking everything would just pass thru. After all, the news client was still accessing the server "news" as referenced in my mail reader. But that is what went wrong. I discovered the problem when I tried to " ping news" from the command line with IP Masq but could not find the server. I then pinged from the server and "news" answered with a reply and a certain address. My suspicions really arose at that point. I then bypassed IP Masq box and hooked PC directly up to cable modem as setup originally. I then pinged "news" server. As it turns out, the server it was reaching was a completely different address. I then put IP Masq box back in line and changed the IP address of my news client and presto!!!! It worked. My lesson here was that don't trust DNS translations when hooked up to a cable modem. Regards, Brandon Yu -----Original Message----- From: Pete <[EMAIL PROTECTED]> To: Brandon Yu <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED] <[EMAIL PROTECTED]> Date: Saturday, August 29, 1998 11:45 AM Subject: Re: [masq] HELP, Can't get NEWS thru IP Masquerade > >I see at least a couple of things wrong with the script: > >> /sbin/ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0 > >first of all, this line will (imho) masquerade *anything* coming in from >192.168.1.* - anything after this will usually only reject specific >services. correct me if i am wrong =) but afaik you should need nothing >after this for "standard" services like www and news. at least that's the >way it worked for me :) > >> # Forward DNS traffic >> /sbin/ipfwadm -F -a masquerate -b -P udp -S 0.0.0.0/0 53 -D 192.168.1.0/24 > ^ >typo.. plus, i don't understand this line. it should be unnecessary. > >> # Forward News >> /sbin/ipfwadm -F -a accept -b -P tcp -S 192.168.1.0/24 1024:65535 -D >> 0.0.0.0/0 119 >> /sbin/ipfwadm -F -a accept -b -P tcp -S 0.0.0.0/0 119 -D 192.168.1.0/0 > ^ >> 1024:65535 > >A netmask of 0 ( = 0.0.0.0 ) will match everything, this is therefore >identical to 0.0.0.0/0 - you probably want /24 there, but i still dont see >why this is necessary. Especially not on all ports >1023. > >Seriously, I don't think you need any of these lines, except the first >one. > >Oh yeah, and the news server should be your isp's, not your masq box. > >Regards, >Pete > > Brandon Yu wrote: > >> I am new to Linux and IP Masquerade, please bear with me, your help is >>greatly appreciated. My problem is that I can't connect to my news server >> but can surf web, download/sendmail and ftp. I read over man pages and HOW >> TO's on how to modify firewall and have tried numerous things but nothing >> seems to work. If you could look over this setup, I welcome your pointers. >> Also, what setting should I have on my client PC for pointing to the correct >> news server, the internal linux box or the external news server?. >> >> Here is my current script for firewall. If you have a script that works, I >> would welcome email as well. >> >> Thanks for your help on this. >> Brandon Yu > > > > /sbin/ipfwadm -F -p deny >> > > # 3 following commands flush system > > /sbin/ipfwadm -F -f > > /sbin/ipfwadm -I -f > > /sbin/ipfwadm -O -f > > > > # forward internal traffic >> /sbin/ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0 >> > > # Forward DNS traffic >> /sbin/ipfwadm -F -a masquerate -b -P udp -S 0.0.0.0/0 53 -D 192.168.1.0/24 >> >> # Forward News >> /sbin/ipfwadm -F -a accept -b -P tcp -S 192.168.1.0/24 1024:65535 -D >> 0.0.0.0/0 119 >> /sbin/ipfwadm -F -a accept -b -P tcp -S 0.0.0.0/0 119 -D 192.168.1.0/0 >> 1024:65535 >> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] For daily digest info, email [EMAIL PROTECTED]
