[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: New machine to IP Masq for - what am I doing wrong?
On Tue, 29 Feb 2000, Barrie Bremner wrote:
> My main Linux Box, 192.168.0.1 is set up to IP Masq for all machines on
> the LAN 192.192.0.x with these lines in /etc/rc.d/rc.firewall:
>
> /sbin/ipchains -P forward DENY
> /sbin/ipchains -A forward -s 192.168.0.0/24 -j MASQ
>
> I`ve just got another (RH6.0) machine to add the network (192.168.0.4)
> - right now, that machine knows it`s own name ,and it`s IP number.
> That`s the lot...still, should it not be able to taken advantage of IP
> masq services?
>
> What I am forgetting to do?
You need to add routes on the machines to tell them where to send packets.
There should be a route on 1 to pass all packets destined for 192.168.0.*
over the network interface (usually eth0) and, unless you're on a permanent
link, no others (if you're on a permenant, there will be a default link to
the outside world). The other routes should be on 4 - a default link to
your gateway at 192.168.0.1, and a network of 192.168.0.0, both on eth0.
The commands are (working from memory, and it's been a while since I've used
route so check the man page):
On 192.168.0.1:
route -add net 192.168.0.0 -netmask 255.255.255.0 eth0
On 192.168.0.4:
route -add default gw 192.168.0.1 eth0
route -add net 192.168.0.0 -netmask 255.255.255.0 eth0
--
-----------------------------------------------------------------------
#include <disclaimer.h>
Matthew Palmer
mjp16@uow.edu.au
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word
"unsubscribe" in the body of the message.
GNU the choice of a complete generation.