Hide Forgot
I just don't know what is going on with it. I installed all the modules, set up my firewall as I have done dozens of times and it just does not work. Ipv4 starts ok and the netstat outputs what should be the right values. You might wanna take a look at these problems,
I also have been unable to get ip masquerading to work, despite many long days of effort. I tried even tried ipmasqadm portfw as recommended at the masquerade web site. I very carefully followed the instructions of the latest HOWTO. I was able to successfully ping from a win98se PC on the LAN to the masq server. I also was able to successfully ping from the masq server to the win98se PC on the LAN. In addition, I was able to ping the ISP name servers as well as other sites on the internet from the masq server. Unfortunately, I was unable to ping any IP address outside on the internet from the win98se PC inside on the LAN.
I was able to get ping to work from a win98se pc on the private 192.168.0.0 network on the inside on the ethernet LAN. I was able to ping from a win98se pc on the inside on the LAN to both the masq server as well as external internet sights over the PPP dial up connection to the ISP. I was successful in enabling ping by adding "-i ppp0" to the /sbin/ipchains -A forward -s 192.168.0.0/24 -j MASQ command. However, I still am unable to telnet or http browse from the internal win98se pc to the external internet, although my caching DNS server appears to be working properly. When I use Netscape Navigator, the symbolic name gets translated to the ip address on the status bar but the web page never is presented. It is as though tcp or http protocols are being blocked somehow. Any advise? Please send advise to hughj@ma.ultranet.com == Hugh
I finally figured out what was wrong with my system configuration. If you have been using MS Proxy Client on a Win 98 machine, you must deinstall it in order for masquerade ipchains to work with Red Hat Linux 6.1. After removing the MS Proxy Client from the Win 98 machine, I was able to use MS IE to browse the web through the Red Hat Linux 6.1 box, which is running as the masquerade server. It is using the ppp0 interface via a modem to interact with the internet.
I have the ethernet/ppp masq combo setup on 6.1. Request via telnet/ftp/www start ok (DNS works) but then fail after around 6-10 packets. Do I have to downgrade to 6.0 to get this to work???? Is there a patch for this yet??? Is anyone working on it?? Can anyone help me ???? please email joe@xni.com
Found fix for blocking IPCHAINS/MASQ with PPP with RH6.x! This problem causes certain protocols to hang when using the MASQ function of IPCHAINS with a PPP link. DNS works, Ping works, but WWW and FTP and some other traffic from hosts behind the firewall fail shortly after starting. The IPCHAINS machine that is running PPP always works fine, but and NAT hosts behind the firewal exhibit the problem. I noticed that it only occurs when packets over 500 bytes are tranmitted that the problem occurs. After 2 days of cursing and reloading os's and cables and lots of other crap. I finally fixed it by setting the PPP comms variables MTU and MRU to 552 bytes in the netcfg->PPP tool The jumbo packets seem to cause the PPP/IPCHAINS server to hang on that demand. Hope you find this info useful .. Joe Elliott - joe@xni.com
I would like to add that I recently set up a succesful IP Masquerade scenario with RedHat 6.0 on my Gateway 133 (including a dial on demand setup with pppd to an ISDN line) - then performed the install upgrade to 6.1 and made sure my config files were the same as before. When it didn't work, I tried the work- around suggested in your "Install gotchas" section, but still would not work (ip_masq_defrag - if I remember correctly). I can ping the gateway computer and it is connecting to the internet just fine. I noticed that the ipchains were upgraded in 6.1. After downgrading to 6.0, everything worked just fine again. Are there any patches in the works - or another workaround I don't know about?
I work for a company where we do and spend a lot of money on compatibility testing. I cannot understand how this gets by Redhat and why it has NOT been fixed for so long. For nearly 2 years I have used Redhat and we use it at work regularly, but enough is enough -- I just bought SUSE 6.3. A message for all you folks at Redhat -- "Your market cap is BS remember that when your customer is asking for a fix for over 5 months!!!"
IP forwarding appears to work fine with masquerading, and has worked in testing here for many releases.