The ipmasq rules files assume a ppp connection. I have a static ip so I need to use SNAT instead of MASQUERADE.
On Sat, Feb 16, 2002 at 03:27:38PM -0500, Rick Pasotto wrote: > On Sat, Feb 16, 2002 at 03:05:14PM -0500, Wayne wrote: > > On Sat, Feb 16, 2002 at 02:29:05PM -0500, Rick Pasotto wrote: > > > I'm running a 2.4.16 kernel and the default ipmasq from woody. The > > > primary machine 192.168.0.1 (with 2 nics) talks to the internet just > > > fine. The secondary machine 192.168.0.5 (running windows 98) can access > > > the primary machine but cannot access the internet. I have samba set up > > > and the Network Neighborhood on the windows box works. My limited > > > understanding of iptables tells me that ipmasq *should* be allowing me > > > to access the internet from the windows box. > > > > > > What could I have set up wrong? > > > > > Do you have 192.168.0.1 as the windows box's gateway? > > Yes. > > > How about DNS servers? > > The primary box runs DNS. If I try to ping eg. slashdot.org from the > windows box the response shows the correct ip address. If I type the > ip address into the browser on the windows box it does not connect. > However it does connect to the apache running on the linux box. > > Running 'iptables -L -v' gives: > > Chain FORWARD (policy DROP 0 packets, 0 bytes) > pkts bytes target prot opt in out source destination > 300 14448 ACCEPT all -- eth1 eth0 localnet/24 anywhere > 0 0 ACCEPT all -- eth0 eth1 anywhere localnet/24 > > So packets are going out but not returning. > > Could portsentry be blocking the return packets? Both portsentry.ignore > and portsentry.ignore.static have 192.168.0.1/32 (eth1, the internal > interface) and the ip for eth0 (the external interface) in them. > > -- > "If a thousand men were not to pay their tax bills, that would not be so > violent and bloody a measure as it would be to pay them and enable the > state to commit violence and shed innocent blood." - Henry David Thoreau > Rick Pasotto [EMAIL PROTECTED] http://www.niof.net > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- ...on what basis will the distribution be made? Communism answers: On the basis of equality. What! Equality without reference to any difference in the pains taken? We shall all have an equal share, whether we have worked six hours or twelve, mechanically or intellectually! But of all possible types of inequality this is the most shocking; and furthermore, it means the destruction of all initiative, liberty, dignity, and prudence. You propose to kill competition, but take care; you are on redirecting it. Under present conditions we compete to see who works most and best. Under your regime we shall compete to see who works worst and least. -- Frédéric Bastiat (1801-1850) Rick Pasotto [EMAIL PROTECTED] http://www.niof.net
