I'm trying to set up masq on a machine running Red Hat 7.1, with kernel
upgraded to 2.4.7. I followed the instructions in the newest beta HOWTO
(which covers 2.4 kernels), and in the testing section, I get as far as
pinging from my Windows machine (being masq'ed) to the external interface to
the Linux box (running RP-PPPoE on an ADSL connection) without difficulty.
But when I try to ping www.linux.org from the Windows machine, I don't get a
response, *but* the little lights blink on the network hub and the DSL
modem. After running around trying several different things (checking
interfaces, confirming iptables setup, etc.), I finally got tcpdump running
on the Linux box and listened while I tried to ping www.linux.org (which I
can ping fine from the Linux box) from the Windows machine. The following is
the output from tcpdump (I pray that no-one hunts me down for overloading
their e-mail box like this :-) ).
A few things: the Linux box is woodenspoon.maurers and the Windows machine
is titaniumspoon.maurers (old inside joke). eth0 goes to the inside network
and eth1 to the Internet. I told tcpdump to ignore port 23 since I'm
telnetting in from the Windows machine, and I'm not in the mood for an
infinite feedback loop :-)
[root@woodenspoon init.d]# tcpdump not port 23
Kernel filter, protocol ALL, TURBO mode (575 frames), datagram packet socket
tcpdump: listening on all devices
23:04:53.860103 eth1 > PPPoE [ses 0x2b0] LCP EchoReq id=0xa magic=0x6c7b492
23:04:53.871181 eth1 < PPPoE [ses 0x2b0] LCP EchoRep id=0xa magic=0x7b0dcc
23:04:59.920694 eth0 < titaniumspoon.maurers.1650 > 207.29.188.186.domain:
1+ A? www.linux.org. (31)
23:04:59.921074 ppp0 > user-uini68s.dsl.mindspring.com.1650 >
207.29.188.186.domain: 1+ A? www.linux.org. (31)
23:04:59.921619 eth1 > PPPoE [ses 0x2b0]
user-uini68s.dsl.mindspring.com.1650 > 207.29.188.186.domain: 1+ A?
www.linux.org. (31)
23:04:59.932606 ppp0 > user-uini68s.dsl.mindspring.com.1024 >
ns2.mindspring.com.domain: 47863+ PTR? 186.188.29.207.in-addr.arpa. (45)
(DF)
23:04:59.933186 eth1 > PPPoE [ses 0x2b0]
user-uini68s.dsl.mindspring.com.1024 > ns2.mindspring.com.domain: 47863+
PTR? 186.188.29.207.in-addr.arpa. (45) (DF)
23:05:00.014297 eth1 < PPPoE [ses 0x2b0] ns2.mindspring.com.domain >
user-uini68s.dsl.mindspring.com.1024: 47863 ServFail 0/0/0 (45)
23:05:00.014835 ppp0 < ns2.mindspring.com.domain >
user-uini68s.dsl.mindspring.com.1024: 47863 ServFail 0/0/0 (45)
23:05:00.016275 ppp0 > user-uini68s.dsl.mindspring.com.1024 >
ns1.mindspring.com.domain: 47863+ PTR? 186.188.29.207.in-addr.arpa. (45)
(DF)
23:05:00.016856 eth1 > PPPoE [ses 0x2b0]
user-uini68s.dsl.mindspring.com.1024 > ns1.mindspring.com.domain: 47863+
PTR? 186.188.29.207.in-addr.arpa. (45) (DF)
23:05:00.144648 eth1 < PPPoE [ses 0x2b0] ns1.mindspring.com.domain >
user-uini68s.dsl.mindspring.com.1024: 47863 ServFail 0/0/0 (45)
23:05:00.145175 ppp0 < ns1.mindspring.com.domain >
user-uini68s.dsl.mindspring.com.1024: 47863 ServFail 0/0/0 (45)
23:05:00.146253 ppp0 > user-uini68s.dsl.mindspring.com.1024 >
ns2.mindspring.com.domain: 47863+ PTR? 186.188.29.207.in-addr.arpa. (45)
(DF)
23:05:00.146843 eth1 > PPPoE [ses 0x2b0]
user-uini68s.dsl.mindspring.com.1024 > ns2.mindspring.com.domain: 47863+
PTR? 186.188.29.207.in-addr.arpa. (45) (DF)
23:05:00.228917 eth1 < PPPoE [ses 0x2b0] ns2.mindspring.com.domain >
user-uini68s.dsl.mindspring.com.1024: 47863 ServFail 0/0/0 (45)
23:05:00.229545 ppp0 < ns2.mindspring.com.domain >
user-uini68s.dsl.mindspring.com.1024: 47863 ServFail 0/0/0 (45)
23:05:00.230644 ppp0 > user-uini68s.dsl.mindspring.com.1024 >
ns1.mindspring.com.domain: 47863+ PTR? 186.188.29.207.in-addr.arpa. (45)
(DF)
23:05:00.231229 eth1 > PPPoE [ses 0x2b0]
user-uini68s.dsl.mindspring.com.1024 > ns1.mindspring.com.domain: 47863+
PTR? 186.188.29.207.in-addr.arpa. (45) (DF)
23:05:00.263881 eth1 < PPPoE [ses 0x2b0]
jfk3-core1-h4-1-0.4.atlas.digex.net > user-uini68s.dsl.mindspring.com: icmp:
time exceeded in-transit
23:05:00.264368 ppp0 < jfk3-core1-h4-1-0.4.atlas.digex.net >
user-uini68s.dsl.mindspring.com: icmp: time exceeded in-transit
23:05:00.264594 eth0 > jfk3-core1-h4-1-0.4.atlas.digex.net >
titaniumspoon.maurers: icmp: time exceeded in-transit
23:05:00.312188 eth1 < PPPoE [ses 0x2b0] ns1.mindspring.com.domain >
user-uini68s.dsl.mindspring.com.1024: 47863 ServFail 0/0/0 (45)
(I believe those first two lines are just that keep-alive thingie that the
PPPoE connection uses; they pop up from time to time if I leave tcpdump
running.)
I've cut it off there; it just goes on like that. My understanding of the
tcpdump output is limited, but I have a hunch it's significant: something is
indeed reaching the outside world from the Windows machine, but I don't get
a good response back.
Other pertinent config stuff:
[root@woodenspoon init.d]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:03:6D:1D:60:A2
inet addr:10.0.0.1 Bcast:10.255.255.255 Mask:255.0.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:20705 errors:0 dropped:0 overruns:0 frame:0
TX packets:17047 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:10 Base address:0xf800
eth1 Link encap:Ethernet HWaddr 00:03:6D:1D:60:9F
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2587 errors:0 dropped:0 overruns:0 frame:0
TX packets:2686 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:11 Base address:0xf400
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:22 errors:0 dropped:0 overruns:0 frame:0
TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
ppp0 Link encap:Point-to-Point Protocol
inet addr:x.x.x.x P-t-P:165.121.43.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:3 errors:0 dropped:0 overruns:0 frame:0
TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
[root@woodenspoon init.d]# iptables -t nat --list
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
// (I'm using the simple ruleset from the HOWTO)
[root@woodenspoon init.d]# cat /proc/sys/net/ipv4/ip_forward
1
[root@woodenspoon init.d]# cat /proc/sys/net/ipv4/ip_dynaddr
1
[root@woodenspoon init.d]# cat /proc/sys/net/ipv4/conf/all/forwarding
1
[root@woodenspoon init.d]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
165.121.43.1 0.0.0.0 255.255.255.255 UH 40 0 0
ppp0
10.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0
eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 lo
0.0.0.0 165.121.43.1 0.0.0.0 UG 40 0 0
ppp0
Any ideas? Thanks a lot for any help!
Jyrinx
jyrinx_list@hotmail.com
upgraded to 2.4.7. I followed the instructions in the newest beta HOWTO
(which covers 2.4 kernels), and in the testing section, I get as far as
pinging from my Windows machine (being masq'ed) to the external interface to
the Linux box (running RP-PPPoE on an ADSL connection) without difficulty.
But when I try to ping www.linux.org from the Windows machine, I don't get a
response, *but* the little lights blink on the network hub and the DSL
modem. After running around trying several different things (checking
interfaces, confirming iptables setup, etc.), I finally got tcpdump running
on the Linux box and listened while I tried to ping www.linux.org (which I
can ping fine from the Linux box) from the Windows machine. The following is
the output from tcpdump (I pray that no-one hunts me down for overloading
their e-mail box like this :-) ).
A few things: the Linux box is woodenspoon.maurers and the Windows machine
is titaniumspoon.maurers (old inside joke). eth0 goes to the inside network
and eth1 to the Internet. I told tcpdump to ignore port 23 since I'm
telnetting in from the Windows machine, and I'm not in the mood for an
infinite feedback loop :-)
[root@woodenspoon init.d]# tcpdump not port 23
Kernel filter, protocol ALL, TURBO mode (575 frames), datagram packet socket
tcpdump: listening on all devices
23:04:53.860103 eth1 > PPPoE [ses 0x2b0] LCP EchoReq id=0xa magic=0x6c7b492
23:04:53.871181 eth1 < PPPoE [ses 0x2b0] LCP EchoRep id=0xa magic=0x7b0dcc
23:04:59.920694 eth0 < titaniumspoon.maurers.1650 > 207.29.188.186.domain:
1+ A? www.linux.org. (31)
23:04:59.921074 ppp0 > user-uini68s.dsl.mindspring.com.1650 >
207.29.188.186.domain: 1+ A? www.linux.org. (31)
23:04:59.921619 eth1 > PPPoE [ses 0x2b0]
user-uini68s.dsl.mindspring.com.1650 > 207.29.188.186.domain: 1+ A?
www.linux.org. (31)
23:04:59.932606 ppp0 > user-uini68s.dsl.mindspring.com.1024 >
ns2.mindspring.com.domain: 47863+ PTR? 186.188.29.207.in-addr.arpa. (45)
(DF)
23:04:59.933186 eth1 > PPPoE [ses 0x2b0]
user-uini68s.dsl.mindspring.com.1024 > ns2.mindspring.com.domain: 47863+
PTR? 186.188.29.207.in-addr.arpa. (45) (DF)
23:05:00.014297 eth1 < PPPoE [ses 0x2b0] ns2.mindspring.com.domain >
user-uini68s.dsl.mindspring.com.1024: 47863 ServFail 0/0/0 (45)
23:05:00.014835 ppp0 < ns2.mindspring.com.domain >
user-uini68s.dsl.mindspring.com.1024: 47863 ServFail 0/0/0 (45)
23:05:00.016275 ppp0 > user-uini68s.dsl.mindspring.com.1024 >
ns1.mindspring.com.domain: 47863+ PTR? 186.188.29.207.in-addr.arpa. (45)
(DF)
23:05:00.016856 eth1 > PPPoE [ses 0x2b0]
user-uini68s.dsl.mindspring.com.1024 > ns1.mindspring.com.domain: 47863+
PTR? 186.188.29.207.in-addr.arpa. (45) (DF)
23:05:00.144648 eth1 < PPPoE [ses 0x2b0] ns1.mindspring.com.domain >
user-uini68s.dsl.mindspring.com.1024: 47863 ServFail 0/0/0 (45)
23:05:00.145175 ppp0 < ns1.mindspring.com.domain >
user-uini68s.dsl.mindspring.com.1024: 47863 ServFail 0/0/0 (45)
23:05:00.146253 ppp0 > user-uini68s.dsl.mindspring.com.1024 >
ns2.mindspring.com.domain: 47863+ PTR? 186.188.29.207.in-addr.arpa. (45)
(DF)
23:05:00.146843 eth1 > PPPoE [ses 0x2b0]
user-uini68s.dsl.mindspring.com.1024 > ns2.mindspring.com.domain: 47863+
PTR? 186.188.29.207.in-addr.arpa. (45) (DF)
23:05:00.228917 eth1 < PPPoE [ses 0x2b0] ns2.mindspring.com.domain >
user-uini68s.dsl.mindspring.com.1024: 47863 ServFail 0/0/0 (45)
23:05:00.229545 ppp0 < ns2.mindspring.com.domain >
user-uini68s.dsl.mindspring.com.1024: 47863 ServFail 0/0/0 (45)
23:05:00.230644 ppp0 > user-uini68s.dsl.mindspring.com.1024 >
ns1.mindspring.com.domain: 47863+ PTR? 186.188.29.207.in-addr.arpa. (45)
(DF)
23:05:00.231229 eth1 > PPPoE [ses 0x2b0]
user-uini68s.dsl.mindspring.com.1024 > ns1.mindspring.com.domain: 47863+
PTR? 186.188.29.207.in-addr.arpa. (45) (DF)
23:05:00.263881 eth1 < PPPoE [ses 0x2b0]
jfk3-core1-h4-1-0.4.atlas.digex.net > user-uini68s.dsl.mindspring.com: icmp:
time exceeded in-transit
23:05:00.264368 ppp0 < jfk3-core1-h4-1-0.4.atlas.digex.net >
user-uini68s.dsl.mindspring.com: icmp: time exceeded in-transit
23:05:00.264594 eth0 > jfk3-core1-h4-1-0.4.atlas.digex.net >
titaniumspoon.maurers: icmp: time exceeded in-transit
23:05:00.312188 eth1 < PPPoE [ses 0x2b0] ns1.mindspring.com.domain >
user-uini68s.dsl.mindspring.com.1024: 47863 ServFail 0/0/0 (45)
(I believe those first two lines are just that keep-alive thingie that the
PPPoE connection uses; they pop up from time to time if I leave tcpdump
running.)
I've cut it off there; it just goes on like that. My understanding of the
tcpdump output is limited, but I have a hunch it's significant: something is
indeed reaching the outside world from the Windows machine, but I don't get
a good response back.
Other pertinent config stuff:
[root@woodenspoon init.d]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:03:6D:1D:60:A2
inet addr:10.0.0.1 Bcast:10.255.255.255 Mask:255.0.0.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:20705 errors:0 dropped:0 overruns:0 frame:0
TX packets:17047 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:10 Base address:0xf800
eth1 Link encap:Ethernet HWaddr 00:03:6D:1D:60:9F
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2587 errors:0 dropped:0 overruns:0 frame:0
TX packets:2686 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
Interrupt:11 Base address:0xf400
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:22 errors:0 dropped:0 overruns:0 frame:0
TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
ppp0 Link encap:Point-to-Point Protocol
inet addr:x.x.x.x P-t-P:165.121.43.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:3 errors:0 dropped:0 overruns:0 frame:0
TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
[root@woodenspoon init.d]# iptables -t nat --list
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
// (I'm using the simple ruleset from the HOWTO)
[root@woodenspoon init.d]# cat /proc/sys/net/ipv4/ip_forward
1
[root@woodenspoon init.d]# cat /proc/sys/net/ipv4/ip_dynaddr
1
[root@woodenspoon init.d]# cat /proc/sys/net/ipv4/conf/all/forwarding
1
[root@woodenspoon init.d]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt
Iface
165.121.43.1 0.0.0.0 255.255.255.255 UH 40 0 0
ppp0
10.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0
eth0
127.0.0.0 0.0.0.0 255.0.0.0 U 40 0 0 lo
0.0.0.0 165.121.43.1 0.0.0.0 UG 40 0 0
ppp0
Any ideas? Thanks a lot for any help!
Jyrinx
jyrinx_list@hotmail.com