Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

IP Masquerade

Posted on 1998-12-19
18
Medium Priority
?
703 Views
Last Modified: 2013-12-15
I am running RH5.1, kernel 2.0.34.  Trying to set up IP Masq on a LAN of win 9x machines.  I have followed all the instructions in the IP Masq HOWTO, but IP Masq doesn't work.  The win9x machines have their gateway set as the server, and of course ppp is working on the linux server.  I have no idea of how to start to debug the problem.
0
Comment
Question by:paulmitch
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 5
  • 3
  • +3
18 Comments
 
LVL 3

Expert Comment

by:mhomann
ID: 1631957
What is your exact problem? any error messages? from server? from Win9x machines? try to ping something from a windoze machine...
0
 

Expert Comment

by:boingone
ID: 1631958
what is the ip masq command u type in
I use /sbin/ipfwadm -F -a masquerade -S 192.168.0.0/24 -D 0.0.0.0/0

can your win95 ping the linux?
0
 
LVL 1

Author Comment

by:paulmitch
ID: 1631959
Dear All,
I use these in /etc/rc.d/rc.local:

/sbin/ipfwadm -F -p deny
/sbin/ipfwadm -F -a m -S 10.0.0.0/24 -D 0.0.0.0/0

(I know I'm using a class C subnet with class A addresses - sorry)

I'm pretty sure that my kernel is compiled with all the rquired stuff and I also load modules at boot time

/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio
/sbin/modprobe ip_masq_irc

the only error I get is "no route to host" on the client machines (DNS lookup is OK as the linux box is acting as a DNS server for the LAN and that works fine.)

thanks,

Paul
0
Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

 
LVL 1

Expert Comment

by:fmismetti
ID: 1631960
The error "no route to host" indicates that your problem should be on the win 9x config.

Some tests you should make, from your win 9x box:

Try to ping your linux box using the IP address.
Try to ping your linux box using name resolution.
Use the tracert tool and try to access some server on the internet, using IP numbers and name resolution.
0
 

Accepted Solution

by:
boingone earned 360 total points
ID: 1631961
use "route print" command on win9x to check your routing table
if still not work
try route add 0.0.0.0 mask 0.0.0.0 10.0.0.1(or your linux ip) <enter>
tell the win95 route all the stuff to your linux.

can you ping the linux on win9x?
0
 
LVL 1

Author Comment

by:paulmitch
ID: 1631962
thanks, everyone, for the help so far...

Boingone,

ok, when I added the route:
route add 0.0.0.0 mask 0.0.0.0 10.0.0.1
I got an extra line in the routing table for this new route.  Now, I get the error message
"request timed out" instead of "host unreachable".  

Yes, I can ping the linux box from the 95 machine.
Does this mean that the error is now with Linux?  Also, I did have 10.0.0.1 as a gateway in IP properties on the ethernet adapter in win95 - but before adding the route as u said, I could see no entry relating to this gateway.

Paul
0
 

Expert Comment

by:boingone
ID: 1631963
ok, i assume your linux box is ok.

request timed out may cause by your not use a proper network card or driver. Or the cable problem. or something we dont know.

check your cable first, if u have hub in between, u need use two
straight UTP cable, if u have no hub use a cross cable to connect.

if still not work, tell me.
0
 
LVL 1

Author Comment

by:paulmitch
ID: 1631964
Boingone,

As far as I know, my network card in the win95 machine is ok.  It happily runs IP to other 9x machines on the LAN (games etc).  My 10B2 network as far as I can see is working fine - all win9x machines can commuicate fine and I can telnet etc to the server without any problems.  The network card in the 9x is an NE2000 clone, the one in the server is a 3com 3059.  My 9x box dual boots Linux - I tried using the server as a gateway for this, but it still didn't work.  I added a route with "route add 10.0.0.1" on the client linux box - is this correct to make it route throught the server machine?  
When I traced the route from the 95 box it got as far as the server, but no further.  Does this perhaps suggest a prolem with the linux server instead of the client machines?

many thanks for your continued efforts.

Paul
0
 

Expert Comment

by:boingone
ID: 1631965
paul

i have a bit confuse now, can u tell me tell me how many pc u have and what is running one it.
e.g.
pc1 win95/linux(server) 3c509 network card
pc2 win95 ne2000...etc
also any hub in between?

did u check the cable is good?
0
 
LVL 1

Expert Comment

by:fmismetti
ID: 1631966
In your linux box, is there a default route to the internet? Are you able to traceroute internet addresses from your linux box?

If you are connected thru a dial up PPP, you should use the "defaultroute" parameter in the call to pppd. If you have a permanent connection so you have to create a default route to your router IP.


0
 
LVL 1

Author Comment

by:paulmitch
ID: 1631967
Hi all,

PC 1 Linux only:  3c509                      IP10.0.0.1
PC2 Win95/Linux NE2000                 IP10.0.0.2
PC3 Win98 only Intel EtherExpress  IP 10.0.0.3

Yes, the cable is good.  There is no hub as I'm running 10B2 (coax) network.
In summery, the server talks to the client machines fine with IP.  The server talks to the internet fine over a dialup ppp link.  If I trace routes from any client machine for an address out side of the LAN, traceroute only gets as far as the server.  This leads me to believe that the clients are correctly set up.  Do you not think that the problem could be the Linux server machine?

Paul
0
 
LVL 1

Expert Comment

by:fmismetti
ID: 1631968
Try changing your rc.local to have:

/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio
/sbin/modprobe ip_masq_irc
/sbin/modprobe ip_masq_cuseeme
/sbin/modprobe ip_masq_vdolive
/sbin/modprobe ip_masq_quake
ipfwadm -F -p deny
ipfwadm -F -a m -S 10.0.0.0/8 -D 0.0.0.0/0
ipfwadm -F -a m -S 0.0.0.0/0 -D 10.0.0.0/8

This should give you full ip forwarding in both directions. If this works, then you can refine the rules to be more safe. If this does not work, maybe you have a misconfiguration in your kernel makefile config.

0
 
LVL 3

Expert Comment

by:bluepet
ID: 1631969
I found this useful....
a detailed step by step....  maybe it's different from the one you got... maybe not... anyway

http://ldp.atnet.at/HOWTO/mini/IP-Masquerade.html

bluepet
0
 
LVL 1

Author Comment

by:paulmitch
ID: 1631970
OK everyone, I've done everything you have suggested and I have no idea why it isn't working.  Has anyone got any other ideas?  Is there any other information I could use to debug the problem?

Paul
0
 

Expert Comment

by:boingone
ID: 1631971
paul

try mail me the detail and discuss, my address is boingone@unforgettable.com
0
 

Expert Comment

by:rsurratt
ID: 1631972
Hi,

Read your problem history on Experts Exchange.  I had what sounds like the same problem.  Maybe yes, maybe no.

My solution was - I had not put the file ipfwadm in the /sbin directory.  If you have that file, sorry I tried.
If you don't, iq masq won't work without it.

good luck,

p.s., my iq masq works great now.
0
 
LVL 1

Author Comment

by:paulmitch
ID: 1631973
Rsurrat,

Unfortunately I do have ipfwadm in /sbin.

Boingone,

I will mail u soon, when I get chance to write in detail.  Thanks.
0
 
LVL 1

Author Comment

by:paulmitch
ID: 1631974
OK everyone, I've got it working!!!

I mentioned that I was using a class C netmask with class A addresses (or the other way around)  On the off chance that this was the problem, I tried altering the netmask - and it worked.  So, use the correct class of mask with the correct class of addresses.  I'm going to give boingone the points anyway, as he was very helpful.

Paul
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Over the last ten+ years I have seen Linux configuration tools come and go. In the early days there was the tried-and-true, all-powerful linuxconf that many thought would remain the one and only Linux configuration tool until the end of times. Well,…
Using 'screen' for session sharing, The Simple Edition Step 1: user starts session with command: screen Step 2: other user (logged in with same user account) connects with command: screen -x Done. Both users are connected to the same CLI sessio…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question