I also have been unable to get ip masquerading to work, despite many long days
of effort.  I tried even tried ipmasqadm portfw as recommended at the masquerade
web site.  I very carefully followed the instructions of the latest HOWTO.  I
was able to successfully ping from a win98se PC on the LAN to the masq server.
I also was able to successfully ping from the masq server to the win98se PC on
the LAN.  In addition, I was able to ping the ISP name servers as well as other
sites on the internet from the masq server.  Unfortunately, I was unable to ping
any IP address outside on the internet from the win98se PC inside on the LAN.

I was able to get ping to work from a win98se pc on the private 192.168.0.0
network on the inside on the ethernet LAN.  I was able to ping from a win98se pc
on the inside on the LAN to both the masq server as well as external internet
sights over the PPP dial up connection to the ISP.  I was successful in enabling
ping by adding "-i ppp0" to the /sbin/ipchains -A forward -s 192.168.0.0/24 -j
MASQ command.

However, I still am unable to telnet or http browse from the internal win98se pc
to the external internet, although my caching DNS server appears to be working
properly.  When I use Netscape Navigator, the symbolic name gets translated to
the ip address on the status bar but the web page never is presented.

It is as though tcp or http protocols are being blocked somehow.  Any advise?

Please send advise to hughj@ma.ultranet.com

== Hugh

I finally figured out what was wrong with my system configuration.  If you have
been using MS Proxy Client on a Win 98 machine, you must deinstall it in order
for masquerade ipchains to work with Red Hat Linux 6.1.  After removing the MS
Proxy Client from the Win 98 machine, I was able to use MS IE to browse the web
through the Red Hat Linux 6.1 box, which is running as the masquerade server.
It is using the ppp0 interface via a modem to interact with the internet.

I have the ethernet/ppp masq combo setup on 6.1. Request via telnet/ftp/www
start ok (DNS works) but then fail after around 6-10 packets. Do I have to
downgrade to 6.0 to get this to work????

Is there a patch for this yet??? Is anyone working on it??

Can anyone help me ???? please email joe@xni.com

Found fix for blocking IPCHAINS/MASQ with PPP with RH6.x!

This problem causes certain protocols to hang when using the MASQ
function of IPCHAINS with a PPP link. DNS works, Ping works, but
WWW and FTP and some other traffic  from hosts behind the firewall
fail shortly after starting.

The IPCHAINS machine that is running PPP always works fine, but and NAT
hosts behind the firewal exhibit the problem.

I noticed that it only occurs when packets over 500 bytes are tranmitted
that the problem occurs. After 2 days of cursing and reloading os's and
cables and lots of other crap. I finally fixed it by setting the PPP
comms variables MTU and MRU to 552 bytes in the netcfg->PPP tool

The jumbo packets seem to cause the PPP/IPCHAINS server to hang on that demand.

Hope you find this info useful .. Joe Elliott - joe@xni.com

I would like to add that I recently set up a succesful IP Masquerade scenario
with RedHat 6.0 on my Gateway 133 (including a dial on demand setup with pppd
to an ISDN line) - then performed the install upgrade to 6.1 and made sure my
config files were the same as before.  When it didn't work, I tried the work-
around suggested in your "Install gotchas" section, but still would not work
(ip_masq_defrag - if I remember correctly).  I can ping the gateway computer
and it is connecting to the internet just fine.  I noticed that the ipchains
were upgraded in 6.1.  After downgrading to 6.0, everything worked just fine
again.  Are there any patches in the works - or another workaround I don't know
about?

I work for a company where we do and spend a lot of money on
compatibility testing. I cannot understand how this gets by
Redhat and why it has NOT been fixed for so long. For nearly
2 years I have used Redhat and we use it at work regularly, but
enough is enough -- I just bought SUSE 6.3. A message for all you
folks at Redhat -- "Your market cap is BS remember that when
your customer is asking for a fix for over 5 months!!!"

IP forwarding appears to work fine with masquerading, and has worked
in testing here for many releases.