Bug 5858 - ip forwarding does not work
Summary: ip forwarding does not work
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: ipchains
Version: 6.1
Hardware: i386
OS: Linux
Target Milestone: ---
Assignee: Michael K. Johnson
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 1999-10-12 02:40 UTC by titurregui
Modified: 2008-05-01 15:37 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2000-02-10 23:27:25 UTC

Attachments (Terms of Use)

Description titurregui 1999-10-12 02:40:37 UTC
I just don't know what is
going on with it. I installed all the modules, set up my
firewall as I
have done dozens of times and it just does not work. Ipv4
starts ok and
the netstat outputs what should be the right values. You
might wanna
take a look at these problems,

Comment 1 hughj 1999-12-01 00:58:59 UTC
I also have been unable to get ip masquerading to work, despite many long days
of effort.  I tried even tried ipmasqadm portfw as recommended at the masquerade
web site.  I very carefully followed the instructions of the latest HOWTO.  I
was able to successfully ping from a win98se PC on the LAN to the masq server.
I also was able to successfully ping from the masq server to the win98se PC on
the LAN.  In addition, I was able to ping the ISP name servers as well as other
sites on the internet from the masq server.  Unfortunately, I was unable to ping
any IP address outside on the internet from the win98se PC inside on the LAN.

Comment 2 hughj 1999-12-05 22:32:59 UTC
I was able to get ping to work from a win98se pc on the private
network on the inside on the ethernet LAN.  I was able to ping from a win98se pc
on the inside on the LAN to both the masq server as well as external internet
sights over the PPP dial up connection to the ISP.  I was successful in enabling
ping by adding "-i ppp0" to the /sbin/ipchains -A forward -s -j
MASQ command.

However, I still am unable to telnet or http browse from the internal win98se pc
to the external internet, although my caching DNS server appears to be working
properly.  When I use Netscape Navigator, the symbolic name gets translated to
the ip address on the status bar but the web page never is presented.

It is as though tcp or http protocols are being blocked somehow.  Any advise?

Please send advise to hughj@ma.ultranet.com

== Hugh

Comment 3 hughj 1999-12-25 04:18:59 UTC
I finally figured out what was wrong with my system configuration.  If you have
been using MS Proxy Client on a Win 98 machine, you must deinstall it in order
for masquerade ipchains to work with Red Hat Linux 6.1.  After removing the MS
Proxy Client from the Win 98 machine, I was able to use MS IE to browse the web
through the Red Hat Linux 6.1 box, which is running as the masquerade server.
It is using the ppp0 interface via a modem to interact with the internet.

Comment 4 joe 2000-01-06 18:22:59 UTC
I have the ethernet/ppp masq combo setup on 6.1. Request via telnet/ftp/www
start ok (DNS works) but then fail after around 6-10 packets. Do I have to
downgrade to 6.0 to get this to work????

Is there a patch for this yet??? Is anyone working on it??

Can anyone help me ???? please email joe@xni.com

Comment 5 joe 2000-01-07 04:02:59 UTC
Found fix for blocking IPCHAINS/MASQ with PPP with RH6.x!

This problem causes certain protocols to hang when using the MASQ
function of IPCHAINS with a PPP link. DNS works, Ping works, but
WWW and FTP and some other traffic  from hosts behind the firewall
fail shortly after starting.

The IPCHAINS machine that is running PPP always works fine, but and NAT
hosts behind the firewal exhibit the problem.

I noticed that it only occurs when packets over 500 bytes are tranmitted
that the problem occurs. After 2 days of cursing and reloading os's and
cables and lots of other crap. I finally fixed it by setting the PPP
comms variables MTU and MRU to 552 bytes in the netcfg->PPP tool

The jumbo packets seem to cause the PPP/IPCHAINS server to hang on that demand.

Hope you find this info useful .. Joe Elliott - joe@xni.com

Comment 6 gmattie 2000-02-08 18:08:59 UTC
I would like to add that I recently set up a succesful IP Masquerade scenario
with RedHat 6.0 on my Gateway 133 (including a dial on demand setup with pppd
to an ISDN line) - then performed the install upgrade to 6.1 and made sure my
config files were the same as before.  When it didn't work, I tried the work-
around suggested in your "Install gotchas" section, but still would not work
(ip_masq_defrag - if I remember correctly).  I can ping the gateway computer
and it is connecting to the internet just fine.  I noticed that the ipchains
were upgraded in 6.1.  After downgrading to 6.0, everything worked just fine
again.  Are there any patches in the works - or another workaround I don't know

Comment 7 Narayanan Iyer 2000-02-10 23:16:59 UTC
I work for a company where we do and spend a lot of money on
compatibility testing. I cannot understand how this gets by
Redhat and why it has NOT been fixed for so long. For nearly
2 years I have used Redhat and we use it at work regularly, but
enough is enough -- I just bought SUSE 6.3. A message for all you
folks at Redhat -- "Your market cap is BS remember that when
your customer is asking for a fix for over 5 months!!!"

Comment 8 Bill Nottingham 2001-01-18 16:35:00 UTC
IP forwarding appears to work fine with masquerading, and has worked
in testing here for many releases.

Note You need to log in before you can comment on or make changes to this bug.