On Tue, Jan 22, 2008 at 11:52:58PM +0100, Carlos Enrique Carleos Artime wrote: > > On Debian, you shouldn't have to do the rout add thing. ipmasq will > > likly just work on its own, and you may just confuse it. > > I added it because without it, it does not work either.
That's because you need a gateway line in /etc/network/interfaces which sets the default route. > > I will remove it, anyway. > > (Note that IPMASQ works fine for my 192.168.0.0 net, but does not > for the 192.168.2.0 one.) > > > Give us your /etc/network/interfaces file on machine A. > > Here it is: > > [EMAIL PROTECTED]:~$ cat /etc/network/interfaces > # /etc/network/interfaces -- configuration file for ifup(8), ifdown(8) > > # The loopback interface > # automatically added when upgrading > auto lo eth0 eth1 > iface lo inet loopback > > iface eth0 inet dhcp > > iface eth1 inet static > address 192.168.0.2 > netmask 255.255.255.0 > network 192.168.0.0 > broadcast 192.168.0.255 > Need gateway here. > [EMAIL PROTECTED]:~$ > > > > I tried examples in /usr/share/doc/ipmasq/basic but failed. > > I must write instead: /usr/share/doc/ipmasq/examples/basics > > > The ipmasq package sets up a basic masquerading firewall based on the > > 'net' being in the direction of the default route. If you want more > > control of the firewall, install the shorewall-doc package, read it, > > then remove ipmasq and install shorewall. While some people write raw > > iptables firewalls themselves, most on this list (last I saw a poll) use > > shorewall. If you know PF on BSD, yo?ll feel comfortable with > > shorewall. > > Ok, I'll give it a try to shorewall. But before I wanted to check > whether ipmasq had a default setup allowing all of several chained/sequential > internal networks to access the internet. Till now I failed. It relies on a default route to know what interface to masq. > > > You'll also need to turn on IP forwarding in /etc/sysctl.conf > > I think it is already on: > > [EMAIL PROTECTED]:~$ /sbin/sysctl net.ipv4.conf.default.forwarding > net.ipv4.conf.default.forwarding = 1 > [EMAIL PROTECTED]:~$ > > > In your example lines, I saw the word KNOPPIX. I thought that was a > > live CD thingy. If you are using that, then my reply may not make sense > > since KNOPPIX will set things up differently from Debian and you should > > ask on a KNOPPIX list. > > The computer A was installed from a Knoppix, choosing the "Debian system" > option. I think it was in the "woody" era. Since then, every Knoppix > package has been removed or replaced during upgrades. I think there is > nothing Knoppix-related in this issue, but I left the default user name > "knoppix" just in case someone could suggest the opposite. > > I suppose in few days I will try shorewall. Good luck. Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
