paulmitch
asked on
IP Masquerade
I am running RH5.1, kernel 2.0.34. Trying to set up IP Masq on a LAN of win 9x machines. I have followed all the instructions in the IP Masq HOWTO, but IP Masq doesn't work. The win9x machines have their gateway set as the server, and of course ppp is working on the linux server. I have no idea of how to start to debug the problem.
mhomann
What is your exact problem? any error messages? from server? from Win9x machines? try to ping something from a windoze machine...
what is the ip masq command u type in
I use /sbin/ipfwadm -F -a masquerade -S 192.168.0.0/24 -D 0.0.0.0/0
can your win95 ping the linux?
I use /sbin/ipfwadm -F -a masquerade -S 192.168.0.0/24 -D 0.0.0.0/0
can your win95 ping the linux?
ASKER
Dear All,
I use these in /etc/rc.d/rc.local:
/sbin/ipfwadm -F -p deny
/sbin/ipfwadm -F -a m -S 10.0.0.0/24 -D 0.0.0.0/0
(I know I'm using a class C subnet with class A addresses - sorry)
I'm pretty sure that my kernel is compiled with all the rquired stuff and I also load modules at boot time
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio
/sbin/modprobe ip_masq_irc
the only error I get is "no route to host" on the client machines (DNS lookup is OK as the linux box is acting as a DNS server for the LAN and that works fine.)
thanks,
Paul
I use these in /etc/rc.d/rc.local:
/sbin/ipfwadm -F -p deny
/sbin/ipfwadm -F -a m -S 10.0.0.0/24 -D 0.0.0.0/0
(I know I'm using a class C subnet with class A addresses - sorry)
I'm pretty sure that my kernel is compiled with all the rquired stuff and I also load modules at boot time
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio
/sbin/modprobe ip_masq_irc
the only error I get is "no route to host" on the client machines (DNS lookup is OK as the linux box is acting as a DNS server for the LAN and that works fine.)
thanks,
Paul
The error "no route to host" indicates that your problem should be on the win 9x config.
Some tests you should make, from your win 9x box:
Try to ping your linux box using the IP address.
Try to ping your linux box using name resolution.
Use the tracert tool and try to access some server on the internet, using IP numbers and name resolution.
Some tests you should make, from your win 9x box:
Try to ping your linux box using the IP address.
Try to ping your linux box using name resolution.
Use the tracert tool and try to access some server on the internet, using IP numbers and name resolution.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
thanks, everyone, for the help so far...
Boingone,
ok, when I added the route:
route add 0.0.0.0 mask 0.0.0.0 10.0.0.1
I got an extra line in the routing table for this new route. Now, I get the error message
"request timed out" instead of "host unreachable".
Yes, I can ping the linux box from the 95 machine.
Does this mean that the error is now with Linux? Also, I did have 10.0.0.1 as a gateway in IP properties on the ethernet adapter in win95 - but before adding the route as u said, I could see no entry relating to this gateway.
Paul
Boingone,
ok, when I added the route:
route add 0.0.0.0 mask 0.0.0.0 10.0.0.1
I got an extra line in the routing table for this new route. Now, I get the error message
"request timed out" instead of "host unreachable".
Yes, I can ping the linux box from the 95 machine.
Does this mean that the error is now with Linux? Also, I did have 10.0.0.1 as a gateway in IP properties on the ethernet adapter in win95 - but before adding the route as u said, I could see no entry relating to this gateway.
Paul
ok, i assume your linux box is ok.
request timed out may cause by your not use a proper network card or driver. Or the cable problem. or something we dont know.
check your cable first, if u have hub in between, u need use two
straight UTP cable, if u have no hub use a cross cable to connect.
if still not work, tell me.
request timed out may cause by your not use a proper network card or driver. Or the cable problem. or something we dont know.
check your cable first, if u have hub in between, u need use two
straight UTP cable, if u have no hub use a cross cable to connect.
if still not work, tell me.
ASKER
Boingone,
As far as I know, my network card in the win95 machine is ok. It happily runs IP to other 9x machines on the LAN (games etc). My 10B2 network as far as I can see is working fine - all win9x machines can commuicate fine and I can telnet etc to the server without any problems. The network card in the 9x is an NE2000 clone, the one in the server is a 3com 3059. My 9x box dual boots Linux - I tried using the server as a gateway for this, but it still didn't work. I added a route with "route add 10.0.0.1" on the client linux box - is this correct to make it route throught the server machine?
When I traced the route from the 95 box it got as far as the server, but no further. Does this perhaps suggest a prolem with the linux server instead of the client machines?
many thanks for your continued efforts.
Paul
As far as I know, my network card in the win95 machine is ok. It happily runs IP to other 9x machines on the LAN (games etc). My 10B2 network as far as I can see is working fine - all win9x machines can commuicate fine and I can telnet etc to the server without any problems. The network card in the 9x is an NE2000 clone, the one in the server is a 3com 3059. My 9x box dual boots Linux - I tried using the server as a gateway for this, but it still didn't work. I added a route with "route add 10.0.0.1" on the client linux box - is this correct to make it route throught the server machine?
When I traced the route from the 95 box it got as far as the server, but no further. Does this perhaps suggest a prolem with the linux server instead of the client machines?
many thanks for your continued efforts.
Paul
paul
i have a bit confuse now, can u tell me tell me how many pc u have and what is running one it.
e.g.
pc1 win95/linux(server) 3c509 network card
pc2 win95 ne2000...etc
also any hub in between?
did u check the cable is good?
i have a bit confuse now, can u tell me tell me how many pc u have and what is running one it.
e.g.
pc1 win95/linux(server) 3c509 network card
pc2 win95 ne2000...etc
also any hub in between?
did u check the cable is good?
In your linux box, is there a default route to the internet? Are you able to traceroute internet addresses from your linux box?
If you are connected thru a dial up PPP, you should use the "defaultroute" parameter in the call to pppd. If you have a permanent connection so you have to create a default route to your router IP.
If you are connected thru a dial up PPP, you should use the "defaultroute" parameter in the call to pppd. If you have a permanent connection so you have to create a default route to your router IP.
ASKER
Hi all,
PC 1 Linux only: 3c509 IP10.0.0.1
PC2 Win95/Linux NE2000 IP10.0.0.2
PC3 Win98 only Intel EtherExpress IP 10.0.0.3
Yes, the cable is good. There is no hub as I'm running 10B2 (coax) network.
In summery, the server talks to the client machines fine with IP. The server talks to the internet fine over a dialup ppp link. If I trace routes from any client machine for an address out side of the LAN, traceroute only gets as far as the server. This leads me to believe that the clients are correctly set up. Do you not think that the problem could be the Linux server machine?
Paul
PC 1 Linux only: 3c509 IP10.0.0.1
PC2 Win95/Linux NE2000 IP10.0.0.2
PC3 Win98 only Intel EtherExpress IP 10.0.0.3
Yes, the cable is good. There is no hub as I'm running 10B2 (coax) network.
In summery, the server talks to the client machines fine with IP. The server talks to the internet fine over a dialup ppp link. If I trace routes from any client machine for an address out side of the LAN, traceroute only gets as far as the server. This leads me to believe that the clients are correctly set up. Do you not think that the problem could be the Linux server machine?
Paul
Try changing your rc.local to have:
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio
/sbin/modprobe ip_masq_irc
/sbin/modprobe ip_masq_cuseeme
/sbin/modprobe ip_masq_vdolive
/sbin/modprobe ip_masq_quake
ipfwadm -F -p deny
ipfwadm -F -a m -S 10.0.0.0/8 -D 0.0.0.0/0
ipfwadm -F -a m -S 0.0.0.0/0 -D 10.0.0.0/8
This should give you full ip forwarding in both directions. If this works, then you can refine the rules to be more safe. If this does not work, maybe you have a misconfiguration in your kernel makefile config.
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio
/sbin/modprobe ip_masq_irc
/sbin/modprobe ip_masq_cuseeme
/sbin/modprobe ip_masq_vdolive
/sbin/modprobe ip_masq_quake
ipfwadm -F -p deny
ipfwadm -F -a m -S 10.0.0.0/8 -D 0.0.0.0/0
ipfwadm -F -a m -S 0.0.0.0/0 -D 10.0.0.0/8
This should give you full ip forwarding in both directions. If this works, then you can refine the rules to be more safe. If this does not work, maybe you have a misconfiguration in your kernel makefile config.
I found this useful....
a detailed step by step.... maybe it's different from the one you got... maybe not... anyway
http://ldp.atnet.at/HOWTO/mini/IP-Masquerade.html
bluepet
a detailed step by step.... maybe it's different from the one you got... maybe not... anyway
http://ldp.atnet.at/HOWTO/mini/IP-Masquerade.html
bluepet
ASKER
OK everyone, I've done everything you have suggested and I have no idea why it isn't working. Has anyone got any other ideas? Is there any other information I could use to debug the problem?
Paul
Paul
paul
try mail me the detail and discuss, my address is boingone@unforgettable.com
try mail me the detail and discuss, my address is boingone@unforgettable.com
Hi,
Read your problem history on Experts Exchange. I had what sounds like the same problem. Maybe yes, maybe no.
My solution was - I had not put the file ipfwadm in the /sbin directory. If you have that file, sorry I tried.
If you don't, iq masq won't work without it.
good luck,
p.s., my iq masq works great now.
Read your problem history on Experts Exchange. I had what sounds like the same problem. Maybe yes, maybe no.
My solution was - I had not put the file ipfwadm in the /sbin directory. If you have that file, sorry I tried.
If you don't, iq masq won't work without it.
good luck,
p.s., my iq masq works great now.
ASKER
Rsurrat,
Unfortunately I do have ipfwadm in /sbin.
Boingone,
I will mail u soon, when I get chance to write in detail. Thanks.
Unfortunately I do have ipfwadm in /sbin.
Boingone,
I will mail u soon, when I get chance to write in detail. Thanks.
ASKER
OK everyone, I've got it working!!!
I mentioned that I was using a class C netmask with class A addresses (or the other way around) On the off chance that this was the problem, I tried altering the netmask - and it worked. So, use the correct class of mask with the correct class of addresses. I'm going to give boingone the points anyway, as he was very helpful.
Paul
I mentioned that I was using a class C netmask with class A addresses (or the other way around) On the off chance that this was the problem, I tried altering the netmask - and it worked. So, use the correct class of mask with the correct class of addresses. I'm going to give boingone the points anyway, as he was very helpful.
Paul