um, it works now. basically I don't really know what I did except just flush out ipchains and redid my network interfaces. I think I have some kinda weird startup script that messes everything up. or just maybe don't have any startup scripts and it defaults to somethin I don't want. in any case, I am a happy boy now.
-----Original Message----- From: www-data [mailto:[EMAIL PROTECTED] Behalf Of Mike Egglestone Sent: Friday, July 20, 2001 4:09 PM To: Robert Matijasec Cc: [EMAIL PROTECTED] Debian. Org Subject: Re: ipmasq ipchanis; newbie question Quoting Robert Matijasec <[EMAIL PROTECTED]>: > > I am using Debian 2.2 (potato) with ipchains 1.3.9 > attempting to get ip masquerading to work. > > I can ping other computers on my network when ipmasq is > disabled. But when it's on I get a operation not permitted > message when I try to ping another machine. So as someone > hinted before, this is probably something wrong with > my firewall rules. How do you have your nics setup? eth0 is usually assigned to your ISP...and ethx is usually assigned to your subnets......ex 192.168.1.1 eth1 192.168.2.1 eth2 > > > First of all do I need to recompile kernel to get masq > to work w/my version of Debian ? You shouldn't have to recompile the kernel with Potato on a basic install.... > > I followed config file for 2.2.x kernels in the masq > HOWTO, but I must not be doing something right. > to get ipmasq working.....all you need to have is your nics setup properly... and then run apt-get install ipmasq the ipmasq program will automagically configure your ipchains for you.... edit them after if you have special rules.... Its also nice to have a dhcp server assign your workstations the private IP's ... but that's totally up to you.... > in any case this is what ipchains -L gives me : > target prot opt source destination ports > ACCEPT udp ------ anywhere anywhere bootps -> bootpc > Chain forward (policy DENY): > target prot opt source destination ports > MASQ all ------ 192.168.0.0/24 anywhere n/a > Chain output (policy DENY): > > I am connecting to my provider with dhcpcd, and that > works as well when ipmasq is not engaged. > > > > I noticed that some docs use 192.168.0.* for class C > networked machines while the masq pages use > 192.168.1.* for machines on the network, does this > matter at all ? You can use any private ranges from 192.168.x.x I think 10.0.0.x is an another available range.... Someone could correct me on this.....:) Hope this helps a bit.... Mike
