IP Masquerade/TCP-IP Problem
Posted on 1998-04-01
Okay, here's the scoop. I have a redhat 5.0 box (2.0.32) with the Following Vital stats-
-16 Megs of RAM
-290 Meg Hard Drive
-Two NE2000 cards
-2meg Cirrus PCI graphics card
I had Masquerade working with Slackware 96, but then my hard drive died and I figured I'd reinstall everything from scratch with Redhat 5. Using the exact same network configuration, ip masquerading does not work.
I have a cable modem, with ip address 24.2.80.* (last digit obscured to protect the innocent).
My private network is on the 192.168.2.* subnet, with my linux box having 192.168.2.1.
The command "cat /proc/sys/net/ipv4/ip_masquerade" returns a "1" value
My ipfwadm commands are as follows (I'm using the default kernel, but that comes with masq support built-in)-
ipfwadm -Ip accept
ipfwadm -Op accept
ipfwadm -Fp deny
ipfwadn -F -a m -S 192.168.2.0/24 -D 0.0.0.0/0
I've also tried ipfwadm -F -a masquerade -S 192.168.2.0/24 -D 0.0.0.0/0, but that doesn't work either. My win95 box has a proper IP address, has 192.168.2.1 set as the gateway, and can ping the Linux box with no problem. My routing tables are as follows.
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 * 255.255.255.0 U 0 0 0 eth1
loopback * 255.0.0.0 U 0 0 1 lo
default 22.214.171.124 255.255.255.0 UG 0 0 0 eth0
126.96.36.199 * 255.255.255.0 U 0 0 0 eth0
(it's right after a reboot)
From the Linux box, I can ping any box on either side of the network, but I can't ping my router (188.8.131.52) from the internal network. I don't know if ICMP masquerading is enabled, so I tried to also do name server lookups and http requests from my internal machine to home.netscape.com and my school's web server. Nothing.
I went and got tcpdump and installed it, then watched some sessions between my Linux box and the win95 machine (i.e. tcpdump -i eth1). When it tried to ping the router, I just got a whole string of "ICMP Echo Request"s to the router from the win95. But on the other side (tcpdump -i eth0), there was no masqueraded Echo Requests being sent.
Then I tried telnetting to my Linux box from my win95 box. IT just simply didn't work. So, I tcpdumped the output of an attempted telnet session, and saw that my win95 box sent out four packets with a destination ip address of my Linux box, and my Linux box never sent a single packet. My tcp_wrappers script allows telnet requests in, and my ipfwadm policies allow incoming packets.
Then I wasn't sure if tcpdump would show my outgoing packets from the Linux box. So I tried telnetting from the Linux box to the win95 (I know the win95 machine doesn't have a telnet server. I just wanted to see what would happen) and tcpdumped the output. It showed my Linux box sending a packet, the win95 box responding, etc., etc. but my Linux box never came back with "Connection Refused". It just timed out. Hoping it was a win95 problem, I reinstalled the win95 networking drivers, but that didn't work either. Then I tried setting my Linux box's Window and MSS sizes to the same as those sent by the win95 box when it tried to telnet to my machine (Window 8192 MSS 1500). No luck. Does anyone have any clue what it is? I thinki I've tried everything. If it's a win95 problem, can anyone tell me how to fix it? Ditto for Linux. Thank you all very much in advance.