NAT The NAT problem had a simple cause: I entered the wrong IP address in the forward field. So, naturally, the packets never came back. NAT is *not* broken. I used 2.4.1 and 2.4.2 custom built kernels.
My options file is ip_forward=yes spoofprotect=yes syncookies=no So I was able to leave spoofprotect in place. KMOD On kmod, I'm still not sure what the deal is. I think it is now working, and it may be related to my adding "auto" to /etc/modules. I found it in some documentation for the old scheme, and it seems a little odd I need to say anything--kmod is compiled in the kernel. However, just because it's in the kernel doesn't mean you want to use it. So maybe this on/off switch (i.e., "auto") is still available. Phil, thanks again for your help--sorry it was such a silly problem. On Thu, Mar 15, 2001 at 12:32:24PM -0600, Phil Brutsche wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > A long time ago, in a galaxy far, far way, someone said... > > > I don't think I was trying to contact the external interface, but we may be > > using that word differently. > > > > My router has a card eth1 with address x.y.z.q, used both by me and the > > outside world (my "external interface"). I am trying to pick x.y.z.1 on > > the DSL provider's network. The packets do go out eth1 and back in, but > > they don't make the final return trip to eth0. > > Ah... > > Do this as root and try again: > > sysctl -w net.ipv4.ip_forward=1 > > In /etc/network/options there is the line > > ip_forward=no > > Changing that to > > ip_forward=yes > > will cause Debian perform the "sysctl ..." line above at boot. > > If it still doesn't work, there's still another possibility: > /etc/network/options has the line > > spoofprotect=yes > > You may need to change that to > > spoofprotect=no > > and reboot (or > > for VAR in /proc/sys/net/ipv4/conf/*/rp_filter; do echo 0 > $VAR; done > > as root if you don't want to reboot). Turning off rp_filter is important > if you're doing policy routing with Linux (it doesn't look like you are). > > - -- > - ---------------------------------------------------------------------- > Phil Brutsche [EMAIL PROTECTED] > > GPG fingerprint: 9BF9 D84C 37D0 4FA7 1F2D 7E5E FD94 D264 50DE 1CFC > GPG key id: 50DE1CFC > GPG public key: http://tux.creighton.edu/~pbrutsch/gpg-public-key.asc > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.4 (GNU/Linux) > Comment: For info see http://www.gnupg.org > > iD8DBQE6sQq8/ZTSZFDeHPwRAocRAKDcO0evKYx02kesJgoi/imWwYoGTwCgjWmr > Tey467YJXlKNLqoRHWGzHjE= > =OJCu > -----END PGP SIGNATURE----- >
