Masquerading Made Simple HOWTO | ||
---|---|---|
Prev |
How do I list the rules I've got so far?
- Try
$> iptables -L $> iptables -t nat -L |
It won't resolve IP's! I'm typing 'www.microsoft.com' in and it says it can't find it!
- Make sure you add the dns server ip to all the clients.
It don't work! It doesn't like iptables / NAT / SNAT / MASQ
- Go get the latest kernel, and compile with iptables and full NAT support.
It don't work! The masquerading doesn't work at all! Die scum!
- Try echo 1 > /proc/sys/net/ipv4/ip_forward
It don't work! I can't use the network at all and I hate you!
- Try
$> iptables -F $> iptables -t nat -F $> iptables -t mangle -F |
(all rules went bye-bye) then rerun the other iptables rules.
- Try iptables -P FORWARD ACCEPT
It still don't work!
- Hmm, does "dmesg | tail" give any errors? or "cat /var/log/messages | tail" ? Like I care tho...
I don't get, it just ain't working!
- I dunno.. but you should be able to:
1) From the gateway machine, ping the outside 2) From the gateway ping your internal machines 3) From the internal machines ping the gateway |
And this is before you play with masq'ing
Where do I put this stuff?
- In the /etc/network/interfaces file, or firewall.rc. If you put it in the interfaces file, then put it as a pre-up to the external interface, and have "iptables -t nat -F" as the post-down.
How do I get it to only bring the ppp up on demand?
- Assuming your ISP gateway IP is say 23.43.12.43 for arguments sake, then append a line like this:
:23.43.12.43
to /etc/ppp/peers/provider at the end. (this is for dynamic IP - static IP would be my.external.ip.number:23.43.12.43 )
Then at the end of that file add on a newline:
demand
Pppd will remain in the background to redial the connection on demand if it's dropped until you do an "ifdown ppp0" or a "poff", unless you add a "nopersist" option, in which case pppd will exit after the connection is up. You can also add on a new line "idle 600" to disconnect after 10 mins of idleness.
The connection keeps dropping!
- First, do you have demand dialing? Is it just doing what it is supposed to? Check /etc/ppp/peers/provider, and make sure your dial up works fine before attempting masq'ing.
- Secondly, if not, then perhaps, like me, something is going weird, and you need to fall back to Linux 2.4.3 and see if that works instead.. dunno why.
I hate doing this myself! I want a pre-made script and GUI and stuff.
- Sure: http://shorewall.sourceforge.net/
Eat your heart out!
Do I count Cable modems as static or dynamic IP's?
- Good question.. might as well make it dynamic.
Do I count DHCP network cards as static or dynamic IP's?
- They are dynamic.
How do I handle incomming services?
- Try forwarding or redirecting the IP ports - again make sure you firewall this if needed.
From the clients, I can ping the linux gateway's external IP address, but can't access the internet.
- Okay, try doing "rmmod iptable_filter" - more info on this as I get it.
- Make sure your not running routed or gated - to check run "ps aux | grep -e routed -e gated".
- Look at http://ipmasq.cjb.net
How can I view the connections establish? Something like netstat..
- Try cat /proc/net/ip_conntrack
I need more squid info and routing and stuff!
- Try the Advanced Routing HOWTO http://www.linuxdoc.org/HOWTO/Adv-Routing-HOWTO.html
This howto is crap! How do I yell at the guys who wrote this?
- Go to #debian on irc.opensource.net and find and locate JohnFlux. - Mail me (JohnFlux) at [email protected]
This howto is crap! How can I see better versions?
- Try http://ipmasq.cjb.net
- Consult the LDP Masq-HOWTO.
What else are you working on?
Currently I'm writing a guide on linux on anti-missile-missiles-made-simple. There's no good guides on protecting your system from nuclear attacks for newbies. People seem to think its rocket science or something..