Title: Message
Accurate Software
[EMAIL PROTECTED]
www.accuratesoftware.com
Europe . North America . Australasia . Africa
Title: Message
Hiya,
Ipchains is a
packet filtering firewall. All packets that pass through the machine are
examined for the source, destination any type. The packets your appliactions
sent to the linux box are not stamped with the appliation that sent
them.
The mechanism for
this level of
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
On Sat, Jan 04, 2003 at 12:29:50AM -0500, David P James wrote:
> I am getting quite frustrated at not being able to do something that I
> once was able to do without any trouble... set up IP maquerading.
>
> Here's the box: 3.0r1, Kernel 2.2.20 (gave up on trying to
> compile/install a 2.4.x ker
David P James was roused into action on 2003-01-04 00:29 and wrote:
Here's the box: 3.0r1, Kernel 2.2.20 (gave up on trying to
compile/install a 2.4.x kernel). eth1 is the external, eth0 internal.
ISP
-->
- 24.x.y.z (external, by DHCP)
RH7.3 Gateway
-192.168.1.1 (internal)
-->hub-->
- 192.1
I am getting quite frustrated at not being able to do something that I
once was able to do without any trouble... set up IP maquerading.
Here's the box: 3.0r1, Kernel 2.2.20 (gave up on trying to
compile/install a 2.4.x kernel). eth1 is the external, eth0 internal.
I am trying to set this up at
I've just had the pleasure of hunting this one down. I've included the
option mtu 1492 in /etc/network/interfaces for my NIC and I seem to be
back in business (knock on woody!). This per the IP-MASQ HOWTO, section
7.15 (I connect via PPPoE).
But I wish I understood this better. Wh
I have an internal LAN. Its on IP Masq using ipchains.
the problem is dcc chat & send. Well i can't send and do
dcc chat.
Now i've read on this url
http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/irc-dcc.html
I've follow every step on its procedures, but still have no luck.
m
wsa <[EMAIL PROTECTED]> writes:
wsa> My question was about linux and how to accomplish security
wsa> on application level, like what happens in windows with a personal
wsa> firewall.
wsa> Because i don't understand how i can achieve full security when opening
wsa> ports...like port 80 for the web
* wsa ([EMAIL PROTECTED]) spake thusly:
> HI,
>
> Maybe in my original mail i wasn't very clear judging from the
> responses i got...so i'll try one more time.
>
> I wasn't asking what to do in windows...although i did mention
> windows which probably made everyone run for the hills:)
>
> My que
On Sun, 30 Dec 2001, wsa wrote:
> HI,
>
> Maybe in my original mail i wasn't very clear judging from the
> responses i got...so i'll try one more time.
>
> I wasn't asking what to do in windows...although i did mention
> windows which probably made everyone run for the hills:)
>
> My question wa
On Sun, 30 Dec 2001, wsa wrote:
> HI,
Hey,
> Maybe in my original mail i wasn't very clear judging from the
> responses i got...so i'll try one more time.
I don't seem to have your first mailing around, but no worries.
> I wasn't asking what to do in windows...although i did mention
> windows
HI,
Maybe in my original mail i wasn't very clear judging from the
responses i got...so i'll try one more time.
I wasn't asking what to do in windows...although i did mention
windows which probably made everyone run for the hills:)
My question was about linux and how to accomplish security
on a
Uhmmm...
I said i was using tiny personal firewall on windows...
My question was about linux...not about windows...
cheerios
Willem.
At 14:41 30-12-2001 +0100, you wrote:
>You should use a personal firewall on your Windoze system for that.
wsa <[EMAIL PROTECTED]> writes:
> feature, collects
wsa <[EMAIL PROTECTED]> writes:
> feature, collects info on my system and sends it home via port
> 80which in my ruleset
>
> is an allowed port because i need that port for the web.
> How would i ever block such a thing(without knowing in advance that it
> will call home and
>
> to which adr
Hi,
I've read most that i could find about firewalling/masqing/ipchains etc..
It's not all completely clear yet but i'm getting there...i think.
I have to say that i find this one of the biggest barriers of being comphy
with linux.
I'm runnning a dual boot with XP and although the goal is to dit
connected
icon at all!
Does anybody have any clues as to what could be the problem here? What
settings on the IP masq box should I investigate? I am suspecting the "TCP
mss clamping" might have something to do with it. Am I right to suspect
that?
Thanks in advance for any help with this.
- Arcadio
Sorryits discussed in the HOWTO and I assume the solution there will
work.
Ed Lawson
* Lance Hoffmeyer ([EMAIL PROTECTED]) [011020 14:38]:
> On Sat, Oct 20, 2001 at 07:03:04PM -0200, Michel Loos wrote:
> > On Sat, 20 Oct 2001, Lance Hoffmeyer wrote:
> > > Does anyone have IP Masq setup using a Reiser FS and kernel
> > > 2.4.12. I setup IP Masq one nigh
ists.debian.org
> Subject: Re: Reiser and IP Masq kernel2.4.12
> In-Reply-To: <[EMAIL PROTECTED]>
> X-UIDL: 0ba24b5d7a193b8d28475b92eb8c899c
>
> On Sat, 20 Oct 2001, Lance Hoffmeyer wrote:
>
> > Does anyone have IP Masq setup using a Reiser FS and kernel 2.4.12.
> &g
On Sat, 20 Oct 2001, Lance Hoffmeyer wrote:
> Does anyone have IP Masq setup using a Reiser FS and kernel 2.4.12.
> I setup IP Masq one night with kernel 2.4.12 when I had a ext2 FS on my
> router. It worked fine. The next day I reinstalled my system using Reiser
> FS. I instal
Hello:
Don't you also have to do (as root):
echo "1" > /proc/sys/net/ipv4/ip_forward
Dean
On Sat, Oct 20, 2001 at 08:21:17AM -0500, Lance Hoffmeyer wrote:
> Does anyone have IP Masq setup using a Reiser FS and kernel 2.4.12.
> I setup IP Masq one night with ke
Does anyone have IP Masq setup using a Reiser FS and kernel 2.4.12.
I setup IP Masq one night with kernel 2.4.12 when I had a ext2 FS on my
router. It worked fine. The next day I reinstalled my system using Reiser
FS. I installed the same kernel.deb that I used the previous night and now
I
ry applying all of these commands by hand and test to
see that it works.
- Original Message -
From: "Titus Barik" <[EMAIL PROTECTED]>
To: "Tupshin Harper" <[EMAIL PROTECTED]>
Cc:
Sent: Saturday, August 25, 2001 6:33 PM
Subject: Re: vmware & ip masq
>
On Sat, 25 Aug 2001, Tupshin Harper wrote:
> I'm doing exactly this: debian 2.4.x custom kernel + vmware + masquerading.
>
> Maker sure that the ipt_MASQUERADE module is loaded, and make sure the
> iptables debian package is installed.
Done.
> Then add an IP address to your ethernet card that i
NG -o eth0 -j MASQUERADE
-Tupshin
- Original Message -
From: "Titus Barik" <[EMAIL PROTECTED]>
To:
Sent: Saturday, August 25, 2001 2:54 PM
Subject: vmware & ip masq
> Huzza! It's me again.
>
> I'm running Woody with a 2.4.6 custom kernel. Here's w
NG -o eth0 -j MASQUERADE
-Tupshin
- Original Message -
From: "Titus Barik" <[EMAIL PROTECTED]>
To:
Sent: Saturday, August 25, 2001 2:54 PM
Subject: vmware & ip masq
> Huzza! It's me again.
>
> I'm running Woody with a 2.4.6 custom kernel. Here's w
Huzza! It's me again.
I'm running Woody with a 2.4.6 custom kernel. Here's what I'm trying to
do. I have a VMWare host-only network running Windows 98 SE. The virtual
machine's IP is 192.168.155.128. The host machine is 128.61.40.17, and
is accessed through VMWare Win98 session as 192.168.155.1.
On Fri, Jun 15, 2001 at 02:50:19AM -0400, Ed Lawson wrote:
> I just installed Debian for a server which provides interent access to
> several machines via a dial up account. Running 2.2r3. I am using the
> same rules i used running RH for setting up IP Masqing. For some reason
> certain websi
Turned out ppp was set with an MTU and MRU of 576.
Apparently that causes the problem I encountered.
It is documented in the IP Masq. HOWTO.
Setting them to 1500 solved the problem.
It was the last gotcha to solve.
Ed Lawson
Hi...
What kind of rules do you have in place?
Default rules... or did you add your own?
Mike
- Original Message -
From: "Ed Lawson" <[EMAIL PROTECTED]>
To:
Sent: Thursday, June 14, 2001 11:50 PM
Subject: Masq Question
> I just installed Debian for a server whic
I just installed Debian for a server which provides interent access to
several machines via a dial up account. Running 2.2r3. I am using the
same rules i used running RH for setting up IP Masqing. For some reason
certain websites such as LinuxToday will load on the server's browswer,
but not
Hi Derya,
> Hi all there,
>
> I'm working at a school and we have a debian server. We use ip masq for =
> more than one hundred Windows NT . Last week i get an empty PC and =
> installed debian to it. Now i have a problem. I want to find a way to =
> connect to my second
On Thu, Jun 07, 2001 at 09:35:00PM -0700, Stephen Handley wrote:
> Hi there,
>
> I'm trying to get IP Masq up and running and am very close. I can ping IP
> numbers from my Masqd machine but have not telnet capability. Futhermore I
> can't see domain names from my deb
On Fri, Jun 08, 2001 at 01:25:43PM +0300, Derya PALANCI wrote:
> Hi all there,
>
> I'm working at a school and we have a debian server. We use ip
> masq for more than one hundred Windows NT . Last week i get an
> empty PC and installed debian to it. Now i have a problem. I
>
Hi all there,
I'm working at a school and we have a debian
server. We use ip masq for more than one hundred Windows NT . Last week i get an
empty PC and installed debian to it. Now i have a problem. I want to find a way
to connect to my second debian from my home but it doesnt have
TO DNS Server Port 53
- - Allow Connection in FROM DNS Server Port 53
YMAMV tho'
On Friday 08 June 2001 04:35, Stephen Handley wrote:
> Hi there,
>
> I'm trying to get IP Masq up and running and am very close. I can ping IP
> numbers from my Masqd machine but have
Hi there,
I'm trying to get IP Masq up and running and am very close. I can ping IP
numbers from my Masqd machine but have not telnet capability. Futhermore I
can't see domain names from my debain machine or the masq'd machine.
Any ideas.
One thing I've noticed is that
install ipmasq package
# apt-get install ipmasq
Then
# ipmasq -v
Checkout my iwishlist bug report #87499 to get the firewall stronger.
On Fri, Mar 23, 2001 at 03:00:56AM +0100, Szfelix wrote:
> I am a new debian user.
>
> I have 2 eth in system, and I want to use as gateway for local net
On Fri, 23 Mar 2001, Szfelix wrote:
> I change the WIN2000 server.
> The local terminals can ping the output eth card but I can't go out on the
> internet.
> >From gateway I can go out.
> So simply what and where I must write to resolve this problem.
>
> and, where i can find a documentation, ste
I am a new debian user.
I have 2 eth in system, and I want to use as gateway for local net.
in the etc/network/interfaces
--
# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)
# The loopback interface
iface lo inet loopback
# The fi
re,
Osamu Aoki([EMAIL PROTECTED])@Wed, Feb 28, 2001 at 12:42:23PM -0800:
> Well .. I danno... Never done it. Just a thoght which may work.
>
> Seriously, PCI NIC costs only $20 these days. I have 2 NICs and MASQ
> them to access Cable and LAN. It will act as good firewall too.
Well .. I danno... Never done it. Just a thoght which may work.
Seriously, PCI NIC costs only $20 these days. I have 2 NICs and MASQ
them to access Cable and LAN. It will act as good firewall too.
Osamu
PS: One of your e-mail address bounced mail, I think.
On Wed, Feb 28, 2001 at 11:23:25PM
n Ramos [mailto:[EMAIL PROTECTED]
> Sent: Tuesday, February 27, 2001 10:11 AM
> To: debian-user@lists.debian.org
> Subject: NAT/MASQ in single NIC
>
>
> is it possible to do NAT/MASQ in single NIC with two ip address? if yes,
> then how?
>
> my comp has no dialup
off with 2 NICs since the
> collisions between the network and the internet is so high that it makes it
> not worth it to have only sigle NIC.
>
> Edwin Lau
>
> On Tue, 27 Feb 2001 08:11:01 Ker Ruben Ramos wrote:
> > is it possible to do NAT/MASQ in single NIC with two ip a
yeah.. you mean aliasing
but I mean how to masq it
On Tue, Feb 27, 2001 at 08:05:40PM -0800, Osamu Aoki wrote:
> IPALIASING, I guess
>
> eth0:0 203.170.2.x
> eth0:1 192.168.1.1
>
> ...
> On Tue, Feb 27, 2001 at 09:11:01PM +0800, Ker Ruben Ramos wrote:
> > is it possib
IPALIASING, I guess
eth0:0 203.170.2.x
eth0:1 192.168.1.1
...
On Tue, Feb 27, 2001 at 09:11:01PM +0800, Ker Ruben Ramos wrote:
> is it possible to do NAT/MASQ in single NIC with two ip address? if yes,
> then how?
>
> my comp has no dialup PPP
>
> IPs : 203.170.2.x and 192.
2001 08:11:01 Ker Ruben Ramos wrote:
> is it possible to do NAT/MASQ in single NIC with two ip address? if yes,
> then how?
>
> my comp has no dialup PPP
>
> IPs : 203.170.2.x and 192.168.1.1
>
> and I want to masq 192.168.1.1/24
>
>
> --
> To UNSUBSCR
Yes it's possible. I can't recall the URI now but check www.linuxdoc.org and
the IP_MASQ FAQ.
Regards,
M.
-Original Message-
From: Ker Ruben Ramos [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 27, 2001 10:11 AM
To: debian-user@lists.debian.org
Subject: NAT/MASQ in singl
is it possible to do NAT/MASQ in single NIC with two ip address? if yes,
then how?
my comp has no dialup PPP
IPs : 203.170.2.x and 192.168.1.1
and I want to masq 192.168.1.1/24
> Proably a stupid question since it is all really related to IP's
>
> But do you get an IP on cable just like you do DSL???
>
Yes, no problem. Multi-home the gateway machine and set up ipchains for
masquerading to/from your LAN.
Cheers,
--
Lance Levsen, Programmer
Product Innovation
PWGroup
On Thu, Feb 22, 2001 at 08:46:34PM -0800, Nick wrote:
> But do you get an IP on cable just like you do DSL???
Yes. I have used IP Masquerade with my Cablevision service and 3Com
cable modem on occasion, though usually I only have one PC up and
running at a time.
--
Carl Fink [EMA
Proably a stupid question since it is all really
related to IP's
But do you get an IP on cable just like you do
DSL???
On Thu, Feb 01, 2001 at 01:04:38AM -0600, hanasaki wrote:
> what is the difference?
>
> I installed ipmasq and my ipchains -L output
> changed. Formatting was different and all ports listed "any" but were
> not setup that way. Nor did they show that way with ipchains -L prior
> to installing ip
what is the difference?
I installed ipmasq and my ipchains -L output
changed. Formatting was different and all ports listed "any" but were
not setup that way. Nor did they show that way with ipchains -L prior
to installing ipmasq.
Thank you.
Quoting Gabor Gludovatz ([EMAIL PROTECTED]):
> On Mon, 29 Jan 2001, A+B Frank wrote:
>
> > > I connect to the Internet from a masqueraded LAN through a masquerading
> > > gateway/proxy server. My problem is that, if I am logged in to somewhere
> > > outside our network with ssh or telnet, after a
On Mon, Jan 29, 2001 at 06:45:12PM +0100, A+B Frank wrote:
> Gabor Gludovatz wrote:
> >
> > Hi,
> >
> > I connect to the Internet from a masqueraded LAN through a masquerading
> > gateway/proxy server. My problem is that, if I am logged in to somewhere
> > outside our network with ssh or telnet,
On Mon, 29 Jan 2001, A+B Frank wrote:
> > I connect to the Internet from a masqueraded LAN through a masquerading
> > gateway/proxy server. My problem is that, if I am logged in to somewhere
> > outside our network with ssh or telnet, after a little while of inactivity
> > the gateway resets the c
Gabor Gludovatz wrote:
>
> Hi,
>
> I connect to the Internet from a masqueraded LAN through a masquerading
> gateway/proxy server. My problem is that, if I am logged in to somewhere
> outside our network with ssh or telnet, after a little while of inactivity
> the gateway resets the connection an
Hi,
I connect to the Internet from a masqueraded LAN through a masquerading
gateway/proxy server. My problem is that, if I am logged in to somewhere
outside our network with ssh or telnet, after a little while of inactivity
the gateway resets the connection and I have to reconnect.
The proxy serv
Hello All,
I am attempting to build a small firewall/proxy/masq computer for my home
network. I am having a problem when I attempt to ping to and from the
INTERNAL NIC on my Linux machine to and from an INTERNAL masq machine. I
believe this to be a software issue and not a hardware issue
right magic working.
If I can't do this, I need to use a private network on the DMZ, and
masq it. That's no problem, but I'm not sure what I need to do to
allow unlimited connectivity between masq'd net 192.168.1.0 on the
private interface, and masq'd net 192.168.2.0 on
On Wed, Sep 13, 2000 at 02:23:13PM -0700, C. R. Oldham wrote:
> where I'm supposed to put calls to ipchains to setup my firewalling and
masquerading?
Will Trillich wrote:
> # apt-get install ipmasq
>
Great!
The other thing I figured out is that if you don't want to install the package
you
sho
On Wed, Sep 13, 2000 at 02:23:13PM -0700, C. R. Oldham wrote:
> Greetings,
>
> I just setup my Linux box to use the new /etc/init.d/networking startup
> script. I was using the old /etc/init.d/network script from the
> sysvinit examples. Can someone tell me where I'm supposed to put calls
> to i
On Wed, Sep 13, 2000 at 02:23:13PM -0700, C. R. Oldham wrote:
> I just setup my Linux box to use the new /etc/init.d/networking startup
> script. I was using the old /etc/init.d/network script from the
> sysvinit examples. Can someone tell me where I'm supposed to put calls
> to ipchains to setup
Greetings,
I just setup my Linux box to use the new /etc/init.d/networking startup
script. I was using the old /etc/init.d/network script from the
sysvinit examples. Can someone tell me where I'm supposed to put calls
to ipchains to setup my firewalling and masquerading?
--cro
Hi John
On Tue, Aug 15, 2000 at 02:48:12PM -0500, John Reinke wrote:
> I only had one ipchains rule to turn it on, and added another to prevent
> timeout on secondary ftp connections, but I don't really understand it all
> yet. I might try the script below, though. What do you name it, and where
>
I only had one ipchains rule to turn it on, and added another to prevent
timeout on secondary ftp connections, but I don't really understand it all
yet. I might try the script below, though. What do you name it, and where
do you put it so it gets read?
(Nice footer, BTW.)
John
On Tue, 15 Aug 200
On Tue, Aug 15, 2000 at 08:08:15AM -0700, Stan Kaufman wrote:
> This has been discussed recently on the firewalls listserv. Check out
> http://geocrawler.com/lists/3/Security/90/0/ for a searchable archive;
> think you'll find some answers there. (I personally am still trying to
> figure this out
E_MOD. Also, it sounds like there have been some
> > security patches and things, so it is recommended to at least use 2.2.16 or
> > newer. IP Masq howto I read (URL was in a previous message), strongly
> > suggested 2.2.16 or newer as well.
>
> My compile just finished for
On Tue, 15 Aug 2000, John Reinke wrote:
> I used 2.2.17pre6, and it handled compiling the modules for
> CONFIG_IP_MASQUERADE_MOD. Also, it sounds like there have been some
> security patches and things, so it is recommended to at least use 2.2.16 or
> newer. IP Masq howto I read (
I used 2.2.17pre6, and it handled compiling the modules for
CONFIG_IP_MASQUERADE_MOD. Also, it sounds like there have been some
security patches and things, so it is recommended to at least use 2.2.16 or
newer. IP Masq howto I read (URL was in a previous message), strongly
suggested 2.2.16 or
p_masq_app.c was still not compiled because, I think, this in file
net/ipv4/.depend:
$(wildcard /usr/src/linux/include/config/ip/masq/debug.h)
ip_masq_ftp.o: \
That debug.h file doesn't exist.
I've just installed and am about to build the potato
kernel-source-2.2.17_2.2.17pre6-1.deb package.
Anybody have any comments about this?
...RickM...
Okay, it looks like things work now. I had a two-fold problem. I'll need to
know where to put things so this is all done automatically when I boot,
however.
The first part is that the modules weren't loading. Jason's suggestion
fixed that. If I list them in /etc/modules, will they get loaded
autom
John Reinke wrote:
>
> Here's what my problem is (for those just joining): I have IP Masqing set
> up on a potato system, and everything works through it except ftp. The ftp
> clients on machines on the private network connect to external sites, but
> never are able to get a listing of the files o
t; mentioned previously, I've tried changing the passive settings on the ftp
> clients.
>
> I re-read the IP Masq howto at http://ipmasq.cjb.net and I had included
> everything I needed to have in the kernel. I had compiled everything into
> the kernel, with nothing compiled
This doesn't seem to help, either. The ftp clients still just sit there,
trying to get the list of files...
thanks,
John
>The modules should be compiled automatically if you have elected to do
>Masqing
>in the kernel config.
>
>Just do an insmod and you should be okay:
>
>for i in /lib/modules/`u
e ftp
clients.
I re-read the IP Masq howto at http://ipmasq.cjb.net and I had included
everything I needed to have in the kernel. I had compiled everything into
the kernel, with nothing compiled as modules - that shouldn't hurt, should
it?
There were a few items that I don't have which wer
AIL PROTECTED]> wrote:
I've got IP Masq compiled into the kernel, but I don't remember a selection
for that in the kernel config. What was that?
Also, I've tried both passive and non-passive in the clients (both mac and
windows).
At 19:28 2000/08/14 -0500, you wrote:
I am not able t
I've got IP Masq compiled into the kernel, but I don't remember a selection
for that in the kernel config. What was that?
Also, I've tried both passive and non-passive in the clients (both mac and
windows).
>At 19:28 2000/08/14 -0500, you wrote:
>>I am not able to ftp
At 19:28 2000/08/14 -0500, you wrote:
I am not able to ftp from my private network, through IP Masqerading. I
now have Debian 2.2, and I had Debian 2.1 before. As far as I can tell, I
have set up IP Masq the same way as I did before.
You need the ip_masq_ftp.o module installed, OR you need to
I am not able to ftp from my private network, through IP Masqerading. I now
have Debian 2.2, and I had Debian 2.1 before. As far as I can tell, I have
set up IP Masq the same way as I did before.
Before, I could use ftp clients on any machine in my local network to
access anything outside my
John Reinke <[EMAIL PROTECTED]>
> To:debian-user@lists.debian.org
> Subject: Re: Potato IP Masq
> I've read the man pages, and they say nothing about ipchains or
> ip_forwarding. Or, do those commands now belong in /etc/network/interfaces?
>
>
&
I've read the man pages, and they say nothing about ipchains or
ip_forwarding. Or, do those commands now belong in /etc/network/interfaces?
On Sun, 13 Aug 2000, Alan McNatty wrote:
> check out /etc/netgwork/interfaces (man interfaces, if-up, and if-down)
> HTH
>
> - Original Message -
Along with setting up my network doing it the "Potato Way", I'm not sure
where to put the ipchains and /proc/sys/net/ipv4/ip_forward commands that
I used in /etc/init.d/network for Slink. I didn't see this in the
documentation.
It looks like the ip_forward can be set in /etc/network/options, but w
On 05-Aug-2000 Alberto wrote:
>
> ipchains will be support on 2.4 and 2.3 series (with is going to 2.4)
> anyway netfilter like be the future.
>
> Just take a look at: http://netfilter.kernelnotes.org/
I used the ipchains kernel module with the 2.3 series, while I got iptables
working. I comp
2.3.x
with ip
masq support. The current HOWTO doesn't cover those kernels yet.
Thanks for any advice.
--
Unsubscribe? mail -s unsubscribe [EMAIL PROTECTED] <
/dev/null
A long time ago, in a galaxy far, far way, someone said...
> Hello,
>
>I am looking for some documentation on how to compile kernels 2.3.x
> with ip masq support. The current HOWTO doesn't cover those kernels
> yet.
http://netfilter.kernelnotes.org/unreliable-guides/ind
Hello,
I am looking for some documentation on how to compile kernels 2.3.x with ip
masq support. The current HOWTO doesn't cover those kernels yet.
Thanks for any advice.
#x27;t make clear to me what happens to packets from the
| Internal network when they're jumped to MASQ. Do they get a new port (in
| the range 61000:65095) in addition to the masqueraded ip address so that
| when they come back they get past the Bad interface to get
| demasqueraded?
yes
| Or
e FORWARD chain:
<--snip-->
Good (internal) to Bad (external).
ipchains -A good-bad -p tcp --dport www -j MASQ
ipchains -A good-bad -p tcp --dport ssh -j MASQ
ipchains -A good-bad -p udp --dport 33434:33500 -j MASQ
ipchains -A good-bad -p tcp --dport ftp -j MASQ
ipchains -A good-bad -p icmp --i
PROTECTED]
Sent: Tuesday, July 11, 2000 11:16 AM
To: debian-user@lists.debian.org
Subject: FTP, MASQ, certian hosts timeout
For some reason, with some ftp hosts my FTPs will timeout when I try to go
to them, every single time. Other hosts work perfectly fast every single
time.
I've got two parti
did you compile the masq modules, or are they binaries? you must have
ip_masq_ftp for the inbound traffic running already, right? I'm thinking
the ip_masq modules are the problem
+=> -Original Message-
+=> From: Chris Wood [mailto:[EMAIL PROTECTED]
+=> Sent: Tuesday, July
ith a
different ISP that is slow.
Traceroutes to both ISPs actually show a closer and faster connection to
the linux box.
My gateway is a Debian 2.2 masq'd firewall (kernel 2.2.14).
>From my PC behind the masq, my pc will timeout going to the ISP with the
linux box. If I go to the lin
Sorry for the cross post, but maybe someone reads debian-user and not
debian-firewall that knows.
-Original Message-
Hey,
I'm trying to take over the firewall of our company. I would like to deploy
a Linux masq'd gateway (which I have done before for another company) to
replace AIX version
I know that you can turn IP forwarding on and off on a running
kernel with something like:
echo 0 > /proc/sys/net/ipv4/ip_forward
echo 1 > /proc/sys/net/ipv4/ip_forward
I was wondering if the same was possible with IP Masq?
Also, is there a library for tftp clients? All I need to do is
> I've been trying to build the kernel to include
> the IP MASQ for the last few days without success.
> I read most of the IP MASQ HOWTo and could not
> find any of the suggested configuration variables
> during the kernel config process.
>
enable firewalling in
hi,
I've been trying to build the kernel to include
the IP MASQ for the last few days without success.
I read most of the IP MASQ HOWTo and could not
find any of the suggested configuration variables
during the kernel config process.
Could someone here in the debian list show m
i got the following trying to init. IP
Masq.
ipqadm: setsockopt failed: Protocol not
available.
any ideas why?
beavis
On Tue, 22 Feb 2000, Stuart Ballard wrote:
>=As a first pass at configuring this thing (I don't plan on leaving it
>=like this, but I'm at the stage where I just want *something* that
>=works) I set it up using:
>=
>=echo "1" > /proc/sys/net/ipv4/ip_forwa
1 - 100 of 204 matches
Mail list logo
