'Re: MASQ not working/forwarding'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       ipchains-list
Subject:    Re: MASQ not working/forwarding
From:       John Sage <jsage () finchhaven ! com>
Date:       2001-02-27 15:44:41
[Download RAW message or body]

Carl:

Carl King wrote:

> Hello everyone,
> 
>     I am new here, so I will ask first if I may use the list as a source
> of help. I have not been able to get definitive answers from RH or other
> users on Bugzilla regarding my problem.
> 
> Here is a summary;
> 
>     I have a single forwarding rule (actually I stripped it down to one
> when the problem started (still no fix)) that was working fine until
> about a week ago when none of the machines on my private network could
> get out to the internet or so I thought.

Actually, for basic masquerading you only need one rule, one that would
look very much like the one you've shown, below.

Port forwarding is another matter..

> It appears that ICMP is the
> only thing that gets thru,...I can ping external nameservers and other
> hosts.

What are the symptoms, here? Can you ping by host name, or by IP number
only?

> I cannot get any ftp or http response from internal or external
> hosts.

You can't ping your internal hosts? Or telnet or ftp to them?

Internal hosts have nothing to do with masquerading or forwarding.

I'm wondering if you have a nameserver issue.

What have you changed, lately? (The famous first helpdesk question ;-)

 I have both Win95 and Linux machines internally. The
> gateway/firewall is the only machine that can get external or localhost
> ftp or http traffic.
> 
> I have disconnected DNS,

So how *are* you getting nameservice if you've disconnected it?
Nameservice is neither an option nor a convinience. If you have none,
you are limited to using IP addresses only.

> DHCP, and Samba/WINS servers internally for
> troubleshooting and used fix IP configs on clients to no avail.
> 
> I am using RHL6.1 with the standard release of ipchains. The one rule
> left is;
> 
> ipchains -A forward -p all -s 192.168.1.0/24 -d 0.0.0.0/0 -i ppp0 -j
> MASQ

This looks just like mine, except that I don't bother to specify protocol..
 
> Has anyone experienced this or seen it before. I have found other users
> that have had the problem before and their fixes involved things that
> don't apply to me such as removing the MS Proxy Client. Someone else
> suggested changing the MTU size. Don't know why changing the MTU size
> would work when it was working at the default before(?).

What input rules do you have? Have you changed anything in the input 
rules? This can be another place where problems arise: packets are 
getting out, but a response can't get back in.

I still wonder if it's not a nameservice issue. Confirm that you've got 
nameservice -- say "nslookup" and see what it returns as your default 
name server...

- John

--
John Sage
FinchHaven, Vashon Island, WA, USA
http://www.finchhaven.com/
mailto:jsage@finchhaven.com
And remember: it's spelled l-i-n-u-x, but it's pronounced "Linux"

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic