Howdy all,

After a mishap upgrading my web brower I've had to reset-up IP
Masquerading on my four computers. The basics; Redhat 7.2 with kernel
2.4.10. The masq server has eth0 connected to the cable modem using
dhcp, eth1 is the internal network card. In setting up masquerading
using the HOWTO, I get to step 5.8 Testing External MASQ ICMP forwarding
and that test doesn't work. I can't figure out why. All the tests up
to that point work, I can ping my IP provider (Charter Communications)
from an internally MASQed machine and all the steps before that. Help,
please.

Thanks,

Bob

Robert Jackson wrote:
> Howdy all,
>
> After a mishap upgrading my web brower I've had to reset-up IP
> Masquerading on my four computers. The basics; Redhat 7.2 with kernel
> 2.4.10. The masq server has eth0 connected to the cable modem using
> dhcp, eth1 is the internal network card. In setting up masquerading
> using the HOWTO, I get to step 5.8 Testing External MASQ ICMP forwarding
> and that test doesn't work. I can't figure out why. All the tests up
> to that point work, I can ping my IP provider (Charter Communications)
> from an internally MASQed machine and all the steps before that. Help,
> please.

Bob,

Unfortunally, I don't have the HowTo handy, so if You could be a bit
more specific on Your problem, that would be of great help to help You.
Anyways, if "ping" works from a masqueraded box to the outside, there
should be no trouble having TCP and UDP work as well. - What exactly
does not work, and what does...? - Your statement that "5.8 Testing
External MASQ ICMP Forwarding" does _not_ work is somewhat contra-
dictionary to the result You get, that You _can_ ping an external
address from behind the NATter...


Cheers, Jack.

--
----------------------------------------------------------------------
My personal reading of the string "MicroSoft" expands to "NanoWeak"...

Hey Jack,

Thanks for offering to help.

Regarding the HOWTO, they have one go though several steps after
checking that one has the correct software installed, your kernel is up
to date, firewall files installed, etc. All that is fine. OK, appears
to be 'cause masquerading isn't working. Section 5 of the HOWTO has one
check things in a logical (I suppose) order. Steps 1 through 7 check to
see that each machine can ping each other (the masqed the masqer and
visa versa) and that the masq server and the masqed machines can ping my
ISP (the IP address given by the results of the command 'ifconfig') and
that the masq server can ping the outside world beyond my ISP (the HOWTO
gives an IP address of the MetaLabs Linux Archive (152.2.210.81)). All
that works.

Step 5.7 has me check that an internally masqed machine can ping my ISP
address. It can, as stated above. Step 5.8 has the internally masqed
machine ping 152.2.210.81. That is what doesn't work. I get the
massage '3 packets transmitted, 0 packets received, 100% packet loss'.

I hope this is what you need, if not please feel free to ask more. The
funny thing is, I've had this working before using the HOWTO and now I
can't do it again.

Thanks,

Bob


jack wrote:
> Robert Jackson wrote:
>
>> Howdy all,
>>
>> After a mishap upgrading my web brower I've had to reset-up IP
>> Masquerading on my four computers. The basics; Redhat 7.2 with kernel
>> 2.4.10. The masq server has eth0 connected to the cable modem using
>> dhcp, eth1 is the internal network card. In setting up masquerading
>> using the HOWTO, I get to step 5.8 Testing External MASQ ICMP
>> forwarding and that test doesn't work. I can't figure out why. All
>> the tests up to that point work, I can ping my IP provider (Charter
>> Communications) from an internally MASQed machine and all the steps
>> before that. Help, please.
>
>
> Bob,
>
> Unfortunally, I don't have the HowTo handy, so if You could be a bit
> more specific on Your problem, that would be of great help to help You.
> Anyways, if "ping" works from a masqueraded box to the outside, there
> should be no trouble having TCP and UDP work as well. - What exactly
> does not work, and what does...? - Your statement that "5.8 Testing
> External MASQ ICMP Forwarding" does _not_ work is somewhat contra-
> dictionary to the result You get, that You _can_ ping an external
> address from behind the NATter...
>
>
> Cheers, Jack.
>

"Robert Jackson" wrote
> jack wrote:
> > Robert Jackson wrote:
> >> After a mishap upgrading my web brower I've had to reset-up IP
> >> Masquerading on my four computers. The basics; Redhat 7.2 with kernel
> >> 2.4.10. The masq server has eth0 connected to the cable modem using
> >> dhcp, eth1 is the internal network card. In setting up masquerading
> >> using the HOWTO, I get to step 5.8 Testing External MASQ ICMP
> >> forwarding and that test doesn't work. I can't figure out why. All
> >> the tests up to that point work, I can ping my IP provider (Charter
> >> Communications) from an internally MASQed machine and all the steps
> >> before that. Help, please.
> > Bob,
> >
> > Unfortunally, I don't have the HowTo handy, so if You could be a bit
> > more specific on Your problem, that would be of great help to help You.
> > Anyways, if "ping" works from a masqueraded box to the outside, there
> > should be no trouble having TCP and UDP work as well. - What exactly
> > does not work, and what does...? - Your statement that "5.8 Testing
> > External MASQ ICMP Forwarding" does _not_ work is somewhat contra-
> > dictionary to the result You get, that You _can_ ping an external
> > address from behind the NATter...
> >
> > Cheers, Jack.
> Hey Jack,
>
> Thanks for offering to help.
>
> Regarding the HOWTO, they have one go though several steps after
> checking that one has the correct software installed, your kernel is up
> to date, firewall files installed, etc. All that is fine. OK, appears
> to be 'cause masquerading isn't working. Section 5 of the HOWTO has one
> check things in a logical (I suppose) order. Steps 1 through 7 check to
> see that each machine can ping each other (the masqed the masqer and
> visa versa) and that the masq server and the masqed machines can ping my
> ISP (the IP address given by the results of the command 'ifconfig') and
> that the masq server can ping the outside world beyond my ISP (the HOWTO
> gives an IP address of the MetaLabs Linux Archive (152.2.210.81)). All
> that works.
>
> Step 5.7 has me check that an internally masqed machine can ping my ISP
> address. It can, as stated above. Step 5.8 has the internally masqed
> machine ping 152.2.210.81. That is what doesn't work. I get the
> massage '3 packets transmitted, 0 packets received, 100% packet loss'.
>
> Bob
>
Umm, did you opt for the old deprecated ipchains commands or go with the
regular iptables ? And if you're using iptables have you made sure ipchains
doesn't get run at startup time?

I'm using iptables and ipchains is not loaded and does not get loaded at
startup.

Bob

Frank Winans wrote:
> "Robert Jackson" wrote
>
>>jack wrote:
>>
>>>Robert Jackson wrote:
>>>
>>>>After a mishap upgrading my web brower I've had to reset-up IP
>>>>Masquerading on my four computers. The basics; Redhat 7.2 with kernel
>>>>2.4.10. The masq server has eth0 connected to the cable modem using
>>>>dhcp, eth1 is the internal network card. In setting up masquerading
>>>>using the HOWTO, I get to step 5.8 Testing External MASQ ICMP
>>>>forwarding and that test doesn't work. I can't figure out why. All
>>>>the tests up to that point work, I can ping my IP provider (Charter
>>>>Communications) from an internally MASQed machine and all the steps
>>>>before that. Help, please.
>>>
>>>Bob,
>>>
>>>Unfortunally, I don't have the HowTo handy, so if You could be a bit
>>>more specific on Your problem, that would be of great help to help You.
>>>Anyways, if "ping" works from a masqueraded box to the outside, there
>>>should be no trouble having TCP and UDP work as well. - What exactly
>>>does not work, and what does...? - Your statement that "5.8 Testing
>>>External MASQ ICMP Forwarding" does _not_ work is somewhat contra-
>>>dictionary to the result You get, that You _can_ ping an external
>>>address from behind the NATter...
>>>
>>>Cheers, Jack.
>>
>>Hey Jack,
>>
>>Thanks for offering to help.
>>
>>Regarding the HOWTO, they have one go though several steps after
>>checking that one has the correct software installed, your kernel is up
>>to date, firewall files installed, etc. All that is fine. OK, appears
>>to be 'cause masquerading isn't working. Section 5 of the HOWTO has one
>>check things in a logical (I suppose) order. Steps 1 through 7 check to
>>see that each machine can ping each other (the masqed the masqer and
>>visa versa) and that the masq server and the masqed machines can ping my
>>ISP (the IP address given by the results of the command 'ifconfig') and
>>that the masq server can ping the outside world beyond my ISP (the HOWTO
>>gives an IP address of the MetaLabs Linux Archive (152.2.210.81)). All
>>that works.
>>
>>Step 5.7 has me check that an internally masqed machine can ping my ISP
>>address. It can, as stated above. Step 5.8 has the internally masqed
>>machine ping 152.2.210.81. That is what doesn't work. I get the
>>massage '3 packets transmitted, 0 packets received, 100% packet loss'.
>>
>>Bob
>>
>
> Umm, did you opt for the old deprecated ipchains commands or go with the
> regular iptables ? And if you're using iptables have you made sure ipchains
> doesn't get run at startup time?
>
>

Robert Jackson wrote:
> Regarding the HOWTO, they have one go though several steps after
> checking that one has the correct software installed, your kernel is up
> to date, firewall files installed, etc. All that is fine. OK, appears
> to be 'cause masquerading isn't working. Section 5 of the HOWTO has one
> check things in a logical (I suppose) order. Steps 1 through 7 check to
> see that each machine can ping each other (the masqed the masqer and
> visa versa) and that the masq server and the masqed machines can ping my
> ISP (the IP address given by the results of the command 'ifconfig') and

Ah, that was a misunderstanding here. By "ISP", one usually refers to
the remote side of the PPP connection, that would be the device taking
Your connection at Your ISP's installations.


> that the masq server can ping the outside world beyond my ISP (the HOWTO
> gives an IP address of the MetaLabs Linux Archive (152.2.210.81)). All
> that works.
>
> Step 5.7 has me check that an internally masqed machine can ping my ISP
> address. It can, as stated above. Step 5.8 has the internally masqed
> machine ping 152.2.210.81. That is what doesn't work. I get the
> massage '3 packets transmitted, 0 packets received, 100% packet loss'.

Now normally, this really should work, as all connections and routing
seems to be in place correctly. But as for iptables and masquerading,
You need some IP connection tracking. You can either compile all that
into the kernel, or load this ability as a set of modules.

To start, try "iptables -L -n -x -v", and the same with an additional
"-t nat" option (and once You're there, send the output of those).
Then, You could "lsmod" and see which "ip_*" and "ipt_*" modules are
loaded.

That's for a start. -- I doubt that this is where the problem really
comes from, but it is just one of the many possibilities.
[Please check whether You are blocking anything with Your ruleset by
accident, and, of course, whether "cat /proc/net/ipv4/ip_forward"
returns "1".]


Cheers, Jack.

--
----------------------------------------------------------------------
My personal reading of the string "MicroSoft" expands to "NanoWeak"...