• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 222
  • Last Modified:

Unable ot masqerade through 2 ethernet interface

I have a Linux box and want to set it up as a gateway.  There are two ethernet interfaces in the box.  The kernel had been compiled with the masquerade option. Also, I type in ipfwadm -F -a masquerade -W eth0 -S -D .  
However, I cannot use this Linux gateway and telnet or http to the Internet.  Can anybody tell me what else do I need to do ?
1 Solution
1. Make sure your clients are configured with the internal IP address of the Linux box as their default route, aka gateway.

2. Try "ipfwadm -F -p masq" and see if it works. If it does, then your policy (above) is too restrictive.
My working configuration over ppp:
ipfwadm -F -a m -S -D
This one uses a different address space - 192.168.1.xxx (10.0.0.xxx may not be suitable. Good to read a few articles on IP address assignment on the web.)

There is the routing table, too. What's your output from "route -n"? It should include your subnetworks (for me,, your interface to the outer world and default routes (eth0, lo). Routing entries are added using "route add", by the way.

Post your detailed configuration if that doesn't help.
Are both of your ethernet interfaces configured properly?  Is your subnet mask correctly specified?  The command;

  #  netstat -i

will show network statistics for each interface configured and running, you should see eth0 and eth1.  You should also try;

  #  ifconfig -au

this will show you IP address, netmask, and broadcast address for each interface configured and running, you should see eth0 and eth1.  

I notice that your ipfwadm command includes " -W eth0 -S".  Unless you made a typo in entering your question, what you have done is specify a 9-bit subnet mask.  You would probably be better off specifying the default 8-bit subnet mask.  Also, all of your workstations on network will have to use as their subnet mask.  

Are both of your network interfaces being configured.  If not you may need to modify your /etc/lilo.conf to include the following line; (I'm doing this from memory, might be incorrect)

  append ether="eth0,0,0,eth1,0,0"

Can the firewall ping addresses on both internal and external networks?  If it can, then have you turned on IP Forwarding (one of the FAQ's I read when setting mine up said that you may need to do this).  I use the following command in my firewall start script;

  echo "1" > /proc/sys/net/ipv4/ip_forward

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Hire Technology Freelancers with Gigs

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now