[2491] in linux-net channel archive
Re: IP Masquerade
daemon@ATHENA.MIT.EDU (Jos Vos)
Sun Apr 14 18:11:23 1996
From: Jos Vos <jos@xos.nl>
To: basrijn@hacom.nl (Bas Rijniersce)
Date: Sun, 14 Apr 1996 17:38:30 +0200 (MET DST)
Cc: linux-net@vger.rutgers.edu
In-Reply-To: <2.2.32.19960413212043.006ad214@hacom.nl> from "Bas Rijniersce" at Apr 13, 96 11:20:43 pm
Hi,
> I have 2 computers at home:
> - 1 Win95 machine (10.0.0.2)
> - 1 Linux 1.3.20 machine
> The Linux machine is sometimes connected to the Internet using SLIP. It has
> an dynamic IP. The NET-2-HOWTO gives an explanation for masquerading using a
> similar setup.
> I have compiled the kernel with IP-forwarding/IP-masquerading etc.
> I have used the command:
> ipfw a m all from 10.0.0.2/32 to 0.0.0.0/0
>
> I can ping the Linux box, but i get 'network is unreachable' when i try to
> ping other computers on the internet.
> What am i doing wrong??????
You assume masquerading works for ping (i.e., ICMP messages) too,
which is not the case. Masquerading uses the port numbers of
TCP and UDP, and will only work for these two protocols.
For all other IP packets (of which ICMP messages are the most widely
used example) the masquerading rule in the forwarding firewall just
means "accept". But, because you're using RFC1597 addresses, these
packets will never pass a router on the Internet and will always fail.
--
-- Jos Vos <jos@xos.nl>
-- X/OS Experts in Open Systems BV | Phone: +31 20 6938364
-- Amsterdam, The Netherlands | Fax: +31 20 6948204
