I fixed the problem by purging the ipmasq package
and instead writing my own ipchain commands in a local file at
/etc/init.d
-Oz
> On %M 0, Oz Dror wrote
> > I have a similar problem, But instead of having 2 network cards I have
> > one card using IP aliasing ( two subnets on the same card/network, one for
> > DSL and the
> > second local 192.168.0.x).
> >
> > as soon as I start ipmasq I cannot ping beyond the local subnet of each
> > card, thus I cannot access the DNS server, thus I cannot ping or surf
> > out side the to subnets.
> >
> > I tried to start ipmasq after after the two network are initialized,
> > but as soon as ipmasq start I loose the DNS server and access beyond the
> > local net.
> >
> > I have the latest potato system using kernel 2.2.7
> > I have the latest potato version of ipmask.
> >
> > Does any one have any idea how to solve/debug this problem?
> > Is this problem occurring because ipmasq make the second non local net
> > a firewall? If that is the case how can I have ipmasq apply only to the
> > subnet
> > 192.168.0.x and not to the DSL subnet.?
> > how can I have ipmasq apply to eth0 ( 192.168.0.x) and not to the subnet
> > of eth0:0 (DSL subnet)
> >
> > What does ipmasq do? I have a second linux computer running kernel 2.2.1
> > (hybrid system of sling hamm and potato). I do not use ipmasq. I have
> > ipalias working correctly with masquerading (apply the firewall only to the
> > local
> > subnet). I use ipchain to apply the rules.
> >
>
> Unless you need ip masquerading, you should uninstall ipmasq. Ipmasq checks
> which interface your default route points to, and sets up packet filter
> rules so that packets being forwarded via your default interface from your
> *other* interfaces are masqueraded as coming from the default interface. If
> you have a 'private' subnet on your second NIC and a 'public' connection via
> your default route this is likely to be useful, but if you don't then you
> won't be able to access machines connected via your second NIC from machines
> connected via your default NIC.
>
> If you need masquerading then ipmasq seems to be the best solution, if you
> can get it to meet your requirements. I haven't used the 'potato' version,
> but the 'slink' version has bugs when dealing with aliased interfaces: look
> in the bug tracking system for patches if you need masquerading and that is
> your problem.
>
> After you uninstall ipmasq you are likely to still have your existing packet
> filter rules in place; under kernel 2.0.x, you can remove them by going
> ipfwadm -I -p accept
> ipfwadm -I -f
> ipfwadm -O -p accept
> ipfwadm -O -f
> ipfwadm -F -p accept
> ipfwadm -F -f
> but you should be aware that /etc/init.d/netbase normally installs 'spoof
> protection' rules to drop bogus packets, so you may also want to do
> /etc/init.d/netbase start
> as well.
>
>
> John P.
> --
> [EMAIL PROTECTED]
> [EMAIL PROTECTED]
> "Oh - I - you know - my job is to fear everything." - Bill Gates in Denmark
>
>
--
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
NAME Oz Dror, Los Angeles, California
EMAIL [EMAIL PROTECTED] <<Linux since 8/15/94>>
PHONE Fax (310) 474-3126
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
