<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML ><HEAD ><TITLE >FAQ's - Frequently Asked Compla^H^H^H^H^H^H Questions</TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK REL="HOME" TITLE="Masquerading Made Simple HOWTO" HREF="index.html"><LINK REL="PREVIOUS" TITLE="Post-install Instructions" HREF="post-install.html"></HEAD ><BODY CLASS="SECT1" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >Masquerading Made Simple HOWTO</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="post-install.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" ></TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" > </TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><DIV CLASS="SECT1" ><H1 CLASS="SECT1" ><A NAME="FAQ" ></A >5. FAQ's - Frequently Asked Compla^H^H^H^H^H^H Questions</H1 ><P ></P ><UL ><LI ><P > How do I list the rules I've got so far? </P ><P > - Try <TABLE BORDER="1" BGCOLOR="#E0E0E0" WIDTH="90%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="SCREEN" ><TT CLASS="PROMPT" >$></TT > <B CLASS="COMMAND" >iptables -L</B > <TT CLASS="PROMPT" >$></TT > <B CLASS="COMMAND" >iptables -t nat -L</B ></PRE ></FONT ></TD ></TR ></TABLE > </P ></LI ><LI ><P > It won't resolve IP's! I'm typing 'www.microsoft.com' in and it says it can't find it! </P ><P > - Make sure you add the dns server ip to all the clients. </P ></LI ><LI ><P > It don't work! It doesn't like iptables / NAT / SNAT / MASQ </P ><P > - Go get the latest kernel, and compile with iptables and full NAT support. </P ></LI ><LI ><P > It don't work! The masquerading doesn't work at all! Die scum! </P ><P > - Try <B CLASS="COMMAND" >echo 1 > /proc/sys/net/ipv4/ip_forward</B > </P ></LI ><LI ><P > It don't work! I can't use the network at all and I hate you! </P ><P > - Try <TABLE BORDER="1" BGCOLOR="#E0E0E0" WIDTH="90%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="SCREEN" ><TT CLASS="PROMPT" >$></TT > <B CLASS="COMMAND" >iptables -F</B > <TT CLASS="PROMPT" >$></TT > <B CLASS="COMMAND" >iptables -t nat -F</B > <TT CLASS="PROMPT" >$></TT > <B CLASS="COMMAND" >iptables -t mangle -F</B ></PRE ></FONT ></TD ></TR ></TABLE > </P ><P > (all rules went bye-bye) then rerun the other iptables rules. </P ><P > - Try <B CLASS="COMMAND" >iptables -P FORWARD ACCEPT</B > </P ></LI ><LI ><P > It still don't work! </P ><P > - Hmm, does "<B CLASS="COMMAND" >dmesg | tail</B >" give any errors? or "<B CLASS="COMMAND" >cat /var/log/messages | tail</B >" ? Like I care tho... </P ></LI ><LI ><P > I don't get, it just ain't working! </P ><P > - I dunno.. but you should be able to: </P ><TABLE BORDER="1" BGCOLOR="#E0E0E0" WIDTH="90%" ><TR ><TD ><FONT COLOR="#000000" ><PRE CLASS="SCREEN" > 1) From the gateway machine, ping the outside 2) From the gateway ping your internal machines 3) From the internal machines ping the gateway</PRE ></FONT ></TD ></TR ></TABLE ><P > And this is <EM >before</EM > you play with masq'ing </P ></LI ><LI ><P > Where do I put this stuff? </P ><P > - In the <TT CLASS="FILENAME" >/etc/network/interfaces</TT > file, or firewall.rc. If you put it in the interfaces file, then put it as a pre-up to the external interface, and have "<B CLASS="COMMAND" >iptables -t nat -F</B >" as the post-down. </P ></LI ><LI ><P > How do I get it to only bring the ppp up on demand? </P ><P > - Assuming your ISP gateway IP is say 23.43.12.43 for arguments sake, then append a line like this: </P ><P > <B CLASS="COMMAND" >:23.43.12.43</B > </P ><P > to <TT CLASS="FILENAME" >/etc/ppp/peers/provider</TT > at the end. (this is for dynamic IP - static IP would be my.<B CLASS="COMMAND" >external.ip.number:23.43.12.43</B > ) </P ><P > Then at the end of that file add on a newline: </P ><P > <B CLASS="COMMAND" >demand</B > </P ><P > Pppd will remain in the background to redial the connection on demand if it's dropped until you do an "<B CLASS="COMMAND" >ifdown ppp0</B >" or a "<B CLASS="COMMAND" >poff</B >", unless you add a "<B CLASS="COMMAND" >nopersist</B >" option, in which case pppd will exit after the connection is up. You can also add on a new line "<B CLASS="COMMAND" >idle 600</B >" to disconnect after 10 mins of idleness. </P ><P > </P ></LI ><LI ><P > The connection keeps dropping! </P ><P > - First, do you have demand dialing? Is it just doing what it is supposed to? Check <TT CLASS="FILENAME" >/etc/ppp/peers/provider</TT >, and make sure your dial up works fine before attempting masq'ing. </P ><P > - Secondly, if not, then perhaps, like me, something is going weird, and you need to fall back to Linux 2.4.3 and see if that works instead.. dunno why. </P ></LI ><LI ><P > I hate doing this myself! I want a pre-made script and GUI and stuff. </P ><P > - Sure: <A HREF="http://shorewall.sourceforge.net/" TARGET="_top" > http://shorewall.sourceforge.net/</A > </P ><P > Eat your heart out! </P ></LI ><LI ><P > Do I count Cable modems as static or dynamic IP's? </P ><P > - Good question.. might as well make it dynamic. </P ></LI ><LI ><P > Do I count DHCP network cards as static or dynamic IP's? </P ><P > - They are dynamic. </P ></LI ><LI ><P > How do I handle incomming services? </P ><P > - Try forwarding or redirecting the IP ports - again make sure you firewall this if needed. </P ></LI ><LI ><P > From the clients, I can ping the linux gateway's external IP address, but can't access the internet. </P ><P > - Okay, try doing "<B CLASS="COMMAND" >rmmod iptable_filter</B >" - more info on this as I get it. </P ><P > - Make sure your not running <EM >routed</EM > or <EM >gated</EM > - to check run "<B CLASS="COMMAND" >ps aux | grep -e routed -e gated</B >". </P ><P > - Look at <A HREF="http://ipmasq.cjb.net" TARGET="_top" >http://ipmasq.cjb.net</A > </P ></LI ><LI ><P > How can I view the connections establish? Something like netstat.. </P ><P > - Try cat /proc/net/ip_conntrack </P ></LI ><LI ><P > I need more squid info and routing and stuff! </P ><P > - Try the Advanced Routing HOWTO http://www.linuxdoc.org/HOWTO/Adv-Routing-HOWTO.html </P ></LI ><LI ><P > This howto is crap! How do I yell at the guys who wrote this? </P ><P > - Go to #debian on irc.opensource.net and find and locate JohnFlux. - Mail me (JohnFlux) at tapselj0@cs.man.ac.uk </P ></LI ><LI ><P > This howto is crap! How can I see better versions? </P ><P > - Try <A HREF="http://ipmasq.cjb.net" TARGET="_top" >http://ipmasq.cjb.net</A > </P ><P > - Consult the LDP Masq-HOWTO. </P ></LI ><LI ><P > What else are you working on? </P ><P > Currently I'm writing a guide on linux on anti-missile-missiles-made-simple. There's no good guides on protecting your system from nuclear attacks for newbies. People seem to think its rocket science or something.. </P ></LI ></UL ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="post-install.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >Home</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" > </TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >Post-install Instructions</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" > </TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" > </TD ></TR ></TABLE ></DIV ></BODY ></HTML >