Has anyone succeded in using masquerade in 2.1.109-ac2?
I've spent this day trying to convince ipchains to set it up for me and
I'm beginning to think there is a bug in the kernel...
This is what I want, it shall deny everything on port 1 to 1000 except for
the auth port, and I want to masquerade my 10.0.0.0/255.0.0.0 LAN, it
shall of course accept anything from my LAN..
zeus:~# ipchains-save
:input ACCEPT
:forward ACCEPT
:output ACCEPT
Saving `input'.
-A input -s 0.0.0.0/0.0.0.0 -d 127.0.0.1/255.255.255.255 113:113 -i ppp+ -p 6 -j 0 ACCEPT
-A input -s 0.0.0.0/0.0.0.0 -d 127.0.0.1/255.255.255.255 1:1000 -i ppp+ -p 6 -j 0 DENY
Saving `forward'.
-A forward -s 10.0.0.0/255.0.0.0 -d 0.0.0.0/0.0.0.0 -j 0 MASQ
I believe this should work but it doesn't..
These are the relevant .config stuff I use..
# Networking options
#
# CONFIG_PACKET is not set
# CONFIG_NETLINK is not set
CONFIG_FIREWALL=y
# CONFIG_NET_ALIAS is not set
# CONFIG_FILTER is not set
CONFIG_UNIX=y
CONFIG_INET=y
# CONFIG_IP_MULTICAST is not set
# CONFIG_IP_ADVANCED_ROUTER is not set
# CONFIG_IP_PNP is not set
CONFIG_IP_FIREWALL=y
# CONFIG_IP_TRANSPARENT_PROXY is not set
CONFIG_IP_ALWAYS_DEFRAG=y
CONFIG_IP_MASQUERADE=y
If I have missed something you have to excuse me for bloating this
maillinglist. As said, I've been wrestling with this all day and haven't
gotten anything to work..
-- Med vänlig hälsning Kalle Andersson kalle.andersson@mbox303.swipnet.se
- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.altern.org/andrebalsa/doc/lkml-faq.html