masquerading & firewalling
Has anyone been able to use masquerading & firewalling scripts that appeared on suse 6.2 (6.1??). I've configure MSQ_* variables on yast and then issued /etc/rc.d/masquerade the script runs, but NO masquerading is active. (for example /etc/rc.d/masquerade status shows empty masquerading rules). I don't want start learning ipchains now, since it will be once again discontinueted (SP?) on kernel 2.4 :-) Thanks. -- Tiago Pascoal (l41484@alfa.ist.utl.pt) FAX : +351-1-7273394 Politicamente incorrecto, e membro (nao muito) proeminente da geracao rasca. Recem empossado (engajado) cidadao da republica das bananas. Stewart's Law of Retroaction: It is easier to get forgiveness than permission.
* l41484@alfa.ist.utl.pt writes:
Has anyone been able to use masquerading & firewalling scripts that appeared on suse 6.2 (6.1??).
Yes. It worked after I added the "echo..." line in the "start section" of "/sbin/init.d/masquerade": # enable IP forwarding echo 1 > /proc/sys/net/ipv4/ip_forward # check if IP forwarding is enabled To me this seems ridiculous, since the next thing the script does is to check if IP forwarding is enabled: if test `cat /proc/sys/net/ipv4/ip_forward` -eq 1 ; then But it works! And who else would enable it, if not the masquerade script? BTW: "/usr/doc/packages/ipchains/ipchains-HOWTOs-1.0.7/HOWTO.txt": 6.2. Masquerading/Forwarding Doesn't Work! Make sure that packet forwarding is enabled (in recent kernels it is disabled by default, meaning that packets never even try to traverse the `forward' chain). You can override this (as root) by typing # echo 1 > /proc/sys/net/ipv4/ip_forward # If this works for you, you can put this somewhere in your bootup scripts so it is enabled every time; you'll want to set up your firewalling before this command runs though, otherwise there's an opportunity for packets to slip through. HTH -- Mark Lutz Accept German and English
Mark Lutz wrote:
* l41484@alfa.ist.utl.pt writes:
Has anyone been able to use masquerading & firewalling scripts that appeared on suse 6.2 (6.1??).
Yes. It worked after I added the "echo..." line in the "start section" of "/sbin/init.d/masquerade":
# enable IP forwarding echo 1 > /proc/sys/net/ipv4/ip_forward
# check if IP forwarding is enabled
To me this seems ridiculous, since the next thing the script does is to check if IP forwarding is enabled:
if test `cat /proc/sys/net/ipv4/ip_forward` -eq 1 ; then
But it works! And who else would enable it, if not the masquerade script?
Well aehmmm.... if you look into /sbin/init.d/boot : ...[much stuff I don't understand] # # Enable IP forwarding ? # if test -e /proc/sys/net/ipv4/ip_forward -a -n "$IP_FORWARD" ; then ECHO_RETURN=$rc_done case $IP_FORWARD in yes) echo -n "Enabling IP forwarding" echo "1" > /proc/sys/net/ipv4/ip_forward || ECHO_RETURN=$rc_failed ;; *) echo -n "Disabling IP forwarding" echo "0" > /proc/sys/net/ipv4/ip_forward || ECHO_RETURN=$rc_failed ;; esac echo -e "$ECHO_RETURN" fi ...[more stuff I don't understand] They thought of it, in the end. Make sure, to have the setting for masquerade in rc.config! Juergen -- ========================================== __ _ Juergen Braukmann mail: brauki@cityweb.de| -o)/ / (_)__ __ ____ __ Tel: 0201-743648 dk4jb@db0qs.#nrw.deu.eu| /\\ /__/ / _ \/ // /\ \/ / ==========================================_\_v __/_/_//_/\_,_/ /_/\_\
Hello! Am Sam, 25 Sep 1999 schrieben Sie:
Has anyone been able to use masquerading & firewalling scripts that appeared on suse 6.2 (6.1??). I've configure MSQ_* variables on yast and then issued /etc/rc.d/masquerade the script runs, but NO masquerading is active. (for example /etc/rc.d/masquerade status shows empty masquerading rules).
You could check: 1. that masquerading is compiled into the kernel 2. that in /etc/rc.config the variable IP_FORWARD is set to "yes" 3. (this was not clear for me so... ) MSQ_DEV has to be the device you want to forward packages to. For example "ippp0" if you have a lan and want to use linux-box as gateway bye, Daniel Sadilek
participants (4)
-
Daniel Sadilek -
Juergen Braukmann -
l41484@alfa.ist.utl.pt -
Mark Lutz