ICMP masquerading doesn't work for all ICMP types (ping works fine through
the masq-box, traceroute doesn't)
I think that is because routing is some sort of messed up, I'm getting
error messages like
diald[1382]: Nonzero exit status (7) on command '/sbin/route add 127.0.0.2
metric 1 dev sl0'
diald[1382]: Nonzero exit status (7) on command '/sbin/route add default
metric 1 dev sl0'
My routing table looks the following thanks to diald (yuck!):
Destination Gateway Genmask Flags Metric Ref Use Iface
255.255.255.255 0.0.0.0 255.255.255.255 UH 0 0 0 eth0
194.128.36.34 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
127.0.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
127.0.0.2 0.0.0.0 255.255.255.255 UH 0 0 0 sl0
127.0.0.2 0.0.0.0 255.255.255.255 UH 1 0 0 sl0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0
0.0.0.0 0.0.0.0 0.0.0.0 U 1 0 0 sl0
IP masquerading works fine for all other protocols than ICMP.
If I do a manual dialup and get a "clean" routing table, masquerading of a
traceroute works as usual.
The reason I cannot use pppd's demand-dialling features is because there is
nowhere you could define what kind of requests will bring the link up like
you can do with diald. I'm running a DNS server on the IP masquerading
machine for my intranet, I don't want to bring the link up for every query
of my DNS server, but once the link is up I want my DNS server to be able
to resolve internet adresses.
You cannot do this sort of thing with pppd's demand dialling, unless you
like to switch your firewall configuration every time the link goes up / down.
I think a few minor adjustments to diald should fix this, but the best
solution would be to enhance pppd's demand-dialling with a feature to deny
certain requests to bring the link up.
Gandalf
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu
Please read the FAQ at http://www.tux.org/lkml/