problems with (perhaps) IPMASQ

by Carlos Enrique Carleos Artime <carleos@[EMAIL PROTECTED] > Jan 23, 2008 at 10:50 AM

Hello!

I have a home network with three computers (A, B and C).

Computer A has a direct connection to internet by a cable-modem.
It has interfaces:
- eth0 to internet, uses DHCP
- eth1 to computer B, static IP-address: 192.168.0.2
Its operating system is Debian etch, with default 
IPMASQ configuration.  I added:
 route add -net 192.168.2.0 netmask 255.255.255.0 gw 192.168.0.1 eth1
to /etc/init.d/bootmisc.sh (first) and to /etc/init.d/ipmasq (then)
(without that "route add" it does not work either).

Computer B is connected to both A and C.
Its interfaces:
- rl0 to computer A, IP 192.168.0.1
- ural0 to computer B, IP 192.168.2.1
It runs FreeBSD 6.3, configured while install to be gateway (but no
firewall).

Computer C is connected to B.  Interface:
- ural0 to computer B, IP 192.168.2.2
It has FreeBSD 6.3 and OpenBSD 4.0.

=========================================================================

Present situation:

Ping from B to C 192.168.2.2 success.
Ping from C to B 192.168.2.1 success.
Ping from C to B 192.168.0.1 success.
Ping from B to A 192.168.0.2 success.
Ping from B to anywhere in internet success.
Ping from A to B 192.168.0.1 success.
Ping from C to A 192.168.0.2 failed (host is down).
Ping from A to B 192.168.2.1 failed:
 knoppix@[EMAIL PROTECTED]
 ping 192.168.2.1
 PING 192.168.2.1 (192.168.2.1) 56(84) bytes of data.
 ping: sendmsg: Operation not permitted
 ping: sendmsg: Operation not permitted


Does anybody know where the problem is?

The aim is for C to be able to connect to internet (for now, I run an
X server in C, ssh from C to B, and run applications in B displaying 
in C).

I read do***ents about IPmasq and IPtables, but understood not enough.
I tried examples in /usr/share/doc/ipmasq/examples/basics but failed.
I added the "route add" line after reading FreeBSD manual on routing.

Many thanks for your time and help :-)


=================================================================== 

Jen plia informo:

knoppix@[EMAIL PROTECTED]
 /sbin/route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
192.168.2.0     192.168.0.1     255.255.255.0   UG    0      0        0
eth1
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0
eth1
85.152.88.0     0.0.0.0         255.255.252.0   U     0      0        0
eth0
0.0.0.0         85.152.88.254   0.0.0.0         UG    0      0        0
eth0
root@[EMAIL PROTECTED]
 iptables -L INPUT
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     0    --  anywhere             anywhere
LOG        0    --  loopback/8           anywhere            LOG level
warning
DROP       0    --  loopback/8           anywhere
ACCEPT     0    --  anywhere             255.255.255.255
ACCEPT     0    --  192.168.0.0/24       anywhere
ACCEPT    !tcp  --  anywhere             BASE-ADDRESS.MCAST.NET/4
LOG        0    --  192.168.0.0/24       anywhere            LOG level
warning
DROP       0    --  192.168.0.0/24       anywhere
ACCEPT     0    --  anywhere             255.255.255.255
ACCEPT     0    --  anywhere             cm-85-152-88-242.telecable.es
ACCEPT     0    --  anywhere             85.152.91.255
LOG        0    --  anywhere             anywhere            LOG level
warning
DROP       0    --  anywhere             anywhere
root@[EMAIL PROTECTED]
 iptables -L OUTPUT
Chain OUTPUT (policy DROP)
target     prot opt source               destination
ACCEPT     0    --  anywhere             anywhere
ACCEPT     0    --  anywhere             255.255.255.255
ACCEPT     0    --  anywhere             192.168.0.0/24
ACCEPT    !tcp  --  anywhere             BASE-ADDRESS.MCAST.NET/4
LOG        0    --  anywhere             192.168.0.0/24      LOG level
warning
DROP       0    --  anywhere             192.168.0.0/24
ACCEPT     0    --  anywhere             255.255.255.255
ACCEPT     0    --  cm-85-152-88-242.telecable.es  anywhere
ACCEPT     0    --  85.152.91.255        anywhere
LOG        0    --  anywhere             anywhere            LOG level
warning
DROP       0    --  anywhere             anywhere
root@[EMAIL PROTECTED]
 iptables -L FORWARD
Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     0    --  192.168.0.0/24       anywhere
ACCEPT     0    --  anywhere             anywhere            state
RELATED,ESTABLISHED
LOG        0    --  anywhere             19

____________________________________________________________________________

 Carlos Enrique Carleos Artime             FidoNet-poshto:     
2:341/14.79
 Dep-to de Statistiko kaj Plejbonigo,      Retposhto:    
carleos@[EMAIL PROTECTED]
           kaj Matematika Didaktiko        Telefono:        +34 985 181
904
 Universitato Oviedo - Asturio             Adreso: EUITIndus 33203
Hispanio


__________________________________________________________________________

   Departemento pri Statistiko kaj Plejbonigo, kaj Matematika Didaktiko   
   Universitato Oviedo - EUITIndus 33203 Hispanio - 2:341/14.79@[EMAIL PROTECTED]
   


-- 
To UNSUBSCRIBE, email to debian-firewall-REQUEST@[EMAIL PROTECTED]
 a subject of "unsubscribe". Trouble? Contact
listmaster@[EMAIL PROTECTED]

10 Posts in Topic:

problems with (perhaps) IPMASQ

Carlos Enrique Carleos Ar

2008-01-23 10:50:15

Re: problems with (perhaps) IPMASQ

Mario Koppensteiner <m

2008-01-23 13:00:21

Re: problems with (perhaps) IPMASQ

Pascal Hambourg <pasca

2008-01-23 20:40:26

Re: problems with (perhaps) IPMASQ

PEdroARthur_JEdi <pedr