<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML
><HEAD
><TITLE
>FAQ's - Frequently Asked Compla^H^H^H^H^H^H Questions</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK
REL="HOME"
TITLE="Masquerading Made Simple HOWTO"
HREF="index.html"><LINK
REL="PREVIOUS"
TITLE="Post-install Instructions"
HREF="post-install.html"></HEAD
><BODY
CLASS="SECT1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>Masquerading Made Simple HOWTO</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="post-install.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
> </TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="FAQ"
></A
>5. FAQ's - Frequently Asked Compla^H^H^H^H^H^H Questions</H1
><P
></P
><UL
><LI
><P
> How do I list the rules I've got so far?
</P
><P
> - Try
<TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
><TT
CLASS="PROMPT"
>$></TT
> <B
CLASS="COMMAND"
>iptables -L</B
>
<TT
CLASS="PROMPT"
>$></TT
> <B
CLASS="COMMAND"
>iptables -t nat -L</B
></PRE
></FONT
></TD
></TR
></TABLE
>
</P
></LI
><LI
><P
> It won't resolve IP's! I'm typing 'www.microsoft.com' in and it says
it can't find it!
</P
><P
> - Make sure you add the dns server ip to all the clients.
</P
></LI
><LI
><P
>
It don't work! It doesn't like iptables / NAT / SNAT / MASQ
</P
><P
> - Go get the latest kernel, and compile with iptables and full NAT support.
</P
></LI
><LI
><P
> It don't work! The masquerading doesn't work at all! Die scum!
</P
><P
> - Try <B
CLASS="COMMAND"
>echo 1 > /proc/sys/net/ipv4/ip_forward</B
>
</P
></LI
><LI
><P
> It don't work! I can't use the network at all and I hate you!
</P
><P
> - Try
<TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
><TT
CLASS="PROMPT"
>$></TT
> <B
CLASS="COMMAND"
>iptables -F</B
>
<TT
CLASS="PROMPT"
>$></TT
> <B
CLASS="COMMAND"
>iptables -t nat -F</B
>
<TT
CLASS="PROMPT"
>$></TT
> <B
CLASS="COMMAND"
>iptables -t mangle -F</B
></PRE
></FONT
></TD
></TR
></TABLE
>
</P
><P
> (all rules went bye-bye) then rerun the other iptables rules.
</P
><P
> - Try <B
CLASS="COMMAND"
>iptables -P FORWARD ACCEPT</B
>
</P
></LI
><LI
><P
> It still don't work!
</P
><P
> - Hmm, does "<B
CLASS="COMMAND"
>dmesg | tail</B
>" give any errors?
or "<B
CLASS="COMMAND"
>cat /var/log/messages | tail</B
>" ? Like I care tho...
</P
></LI
><LI
><P
> I don't get, it just ain't working!
</P
><P
> - I dunno.. but you should be able to:
</P
><TABLE
BORDER="1"
BGCOLOR="#E0E0E0"
WIDTH="90%"
><TR
><TD
><FONT
COLOR="#000000"
><PRE
CLASS="SCREEN"
> 1) From the gateway machine, ping the outside
2) From the gateway ping your internal machines
3) From the internal machines ping the gateway</PRE
></FONT
></TD
></TR
></TABLE
><P
> And this is <EM
>before</EM
> you play with masq'ing
</P
></LI
><LI
><P
> Where do I put this stuff?
</P
><P
> - In the <TT
CLASS="FILENAME"
>/etc/network/interfaces</TT
> file, or
firewall.rc. If you put it in the interfaces file, then put
it as a pre-up to the external interface, and have
"<B
CLASS="COMMAND"
>iptables -t nat -F</B
>" as the post-down.
</P
></LI
><LI
><P
> How do I get it to only bring the ppp up on demand?
</P
><P
> - Assuming your ISP gateway IP is say 23.43.12.43 for arguments sake, then
append a line like this:
</P
><P
>
<B
CLASS="COMMAND"
>:23.43.12.43</B
>
</P
><P
> to <TT
CLASS="FILENAME"
>/etc/ppp/peers/provider</TT
> at the end.
(this is for dynamic IP - static IP would be
my.<B
CLASS="COMMAND"
>external.ip.number:23.43.12.43</B
> )
</P
><P
> Then at the end of that file add on a newline:
</P
><P
> <B
CLASS="COMMAND"
>demand</B
>
</P
><P
> Pppd will remain in the background to redial the connection on demand
if it's dropped until you do an "<B
CLASS="COMMAND"
>ifdown ppp0</B
>" or
a "<B
CLASS="COMMAND"
>poff</B
>", unless you add
a "<B
CLASS="COMMAND"
>nopersist</B
>" option, in which case pppd will exit after the connection
is up. You can also add on a new line "<B
CLASS="COMMAND"
>idle 600</B
>" to disconnect after 10
mins of idleness.
</P
><P
> </P
></LI
><LI
><P
> The connection keeps dropping!
</P
><P
> - First, do you have demand dialing? Is it just doing what it is supposed
to?
Check <TT
CLASS="FILENAME"
>/etc/ppp/peers/provider</TT
>, and make sure your dial up works fine
before attempting masq'ing.
</P
><P
> - Secondly, if not, then perhaps, like me, something is going weird, and
you need to fall back to Linux 2.4.3 and see if that works instead.. dunno
why.
</P
></LI
><LI
><P
> I hate doing this myself! I want a pre-made script and GUI and stuff.
</P
><P
> - Sure: <A
HREF="http://shorewall.sourceforge.net/"
TARGET="_top"
> http://shorewall.sourceforge.net/</A
>
</P
><P
> Eat your heart out!
</P
></LI
><LI
><P
> Do I count Cable modems as static or dynamic IP's?
</P
><P
> - Good question.. might as well make it dynamic.
</P
></LI
><LI
><P
> Do I count DHCP network cards as static or dynamic IP's?
</P
><P
> - They are dynamic.
</P
></LI
><LI
><P
> How do I handle incomming services?
</P
><P
> - Try forwarding or redirecting the IP ports - again make
sure you firewall this if needed.
</P
></LI
><LI
><P
> From the clients, I can ping the linux gateway's external IP
address, but can't access the internet.
</P
><P
> - Okay, try doing "<B
CLASS="COMMAND"
>rmmod iptable_filter</B
>" - more
info on this as I get it.
</P
><P
> - Make sure your not running <EM
>routed</EM
> or
<EM
>gated</EM
> - to check run
"<B
CLASS="COMMAND"
>ps aux | grep -e routed -e gated</B
>".
</P
><P
> - Look at <A
HREF="http://ipmasq.cjb.net"
TARGET="_top"
>http://ipmasq.cjb.net</A
>
</P
></LI
><LI
><P
> How can I view the connections establish? Something like netstat..
</P
><P
> - Try cat /proc/net/ip_conntrack
</P
></LI
><LI
><P
> I need more squid info and routing and stuff!
</P
><P
> - Try the Advanced Routing HOWTO
http://www.linuxdoc.org/HOWTO/Adv-Routing-HOWTO.html
</P
></LI
><LI
><P
> This howto is crap! How do I yell at the guys who wrote this?
</P
><P
> - Go to #debian on irc.opensource.net and find and locate JohnFlux.
- Mail me (JohnFlux) at tapselj0@cs.man.ac.uk
</P
></LI
><LI
><P
> This howto is crap! How can I see better versions?
</P
><P
> - Try <A
HREF="http://ipmasq.cjb.net"
TARGET="_top"
>http://ipmasq.cjb.net</A
>
</P
><P
> - Consult the LDP Masq-HOWTO.
</P
></LI
><LI
><P
> What else are you working on?
</P
><P
> Currently I'm writing a guide on linux on anti-missile-missiles-made-simple.
There's no good guides on protecting your system from nuclear attacks
for newbies. People seem to think its rocket science or something..
</P
></LI
></UL
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="post-install.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
> </TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Post-install Instructions</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
> </TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
> </TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
