Masquerading problem

Paul (msmith@quix.robins.af.mil)
Thu, 6 Mar 1997 12:00:14 -0500 (GMT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Rogier Wolff: "Re: Extremely preliminary WWW benchmark numbers with ISS test3"
Previous message: Paul: "Re: Local Network Inop"
Next in thread: Keith Owens: "Re: Masquerading problem"
Maybe reply: Keith Owens: "Re: Masquerading problem"

Hi guys,

First the problem description.

I'm doing masquerading from class C to a class B. The problem seems
to be that I don't get the expected behavior when using the -W <device>
matching. As you see below, my private network (192.168.1.x) is on
interface eth0, so I only want to masquerade packets from eth0.

I do:
ipfwadm -F -a mas -S 192.168.1.0/24 -D 0.0.0.0/0 -W eth0

telnet from 192.168.1.2 to 137.244.x.x does nothing.

Then I replace this rule with:

ipfwadm -F -a mas -S 192.168.1.0/24 -D 0.0.0.0/0 -W eth1

Everything works as expected. But eth1 is the external interface.
Is this correct? I expected it to be the opposite.

I'm using latest stable kernel 2.0.29 and ipfwadm 2.3.0
My routing table and ifconfigs are below.

Melvin Smith

[root@rpdev1 /root]# netstat -rn
Kernel routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
127.0.0.1 0.0.0.0 255.255.255.255 UH 0 0 3 lo
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 6 eth0
137.244.0.0 0.0.0.0 255.255.0.0 U 0 0 13 eth1
0.0.0.0 137.244.128.250 0.0.0.0 UG 0 0 0 eth1

[root@rpdev1 /root]# ifconfig
lo Link encap:Local Loopback
inet addr:127.0.0.1 Bcast:127.255.255.255 Mask:255.0.0.0
UP BROADCAST LOOPBACK RUNNING MTU:3584 Metric:1
RX packets:51 errors:0 dropped:0 overruns:0
TX packets:51 errors:0 dropped:0 overruns:0

eth0 Link encap:10Mbps Ethernet HWaddr 00:60:97:33:E3:87
inet addr:192.168.1.1 Bcast:192.168.1.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:379 errors:2 dropped:2 overruns:0
TX packets:317 errors:0 dropped:0 overruns:0
Interrupt:11 Base address:0xfc80

eth1 Link encap:10Mbps Ethernet HWaddr 08:00:2B:19:42:10
inet addr:137.244.194.32 Bcast:137.244.255.255 Mask:255.255.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1834100 errors:0 dropped:0 overruns:0
TX packets:470 errors:0 dropped:0 overruns:0
Interrupt:9 Base address:0x300

[root@rpdev1 /root]# ifpfwadm -F -p deny
[root@rpdev1 /root]# ipfwadm -F -f
[root@rpdev1 /root]# ipfwadm -F -a mas -S 192.168.1.0/24 -D 0.0.0.0/0 -W eth0

< Nothing doing! >

[root@rpdev1 /root]# ipfwadm -F -f
[root@rpdev1 /root]# ipfwadm -F -a mas -S 192.168.1.0/24 -D 0.0.0.0/0 -W eth1

< Ok, works just fine, but why? >

[root@rpdev1 /root]# ipfwadm -F -l
IP firewall forward rules, default policy: deny
type prot source destination ports
acc/m all rpnet/24 anywhere n/a

(rpnet = 192.168.1.0 in my /etc/networks)

Next message: Rogier Wolff: "Re: Extremely preliminary WWW benchmark numbers with ISS test3"
Previous message: Paul: "Re: Local Network Inop"
Next in thread: Keith Owens: "Re: Masquerading problem"
Maybe reply: Keith Owens: "Re: Masquerading problem"