[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: New machine to IP Masq for - what am I doing wrong?



On Tue, 29 Feb 2000, Barrie Bremner wrote:

>  My main Linux Box, 192.168.0.1 is set up to IP Masq for all machines on
> the LAN 192.192.0.x with these lines in /etc/rc.d/rc.firewall:
> 
> /sbin/ipchains -P forward DENY
> /sbin/ipchains -A forward -s 192.168.0.0/24 -j MASQ
> 
>  I`ve just got another (RH6.0) machine to add the network (192.168.0.4)
> - right now, that machine knows it`s own name ,and it`s IP number.
> That`s the lot...still, should it not be able to taken advantage of IP
> masq services?
> 
>  What I am forgetting to do?

You need to add routes on the machines to tell them where to send packets. 
There should be a route on 1 to pass all packets destined for 192.168.0.*
over the network interface (usually eth0) and, unless you're on a permanent
link, no others (if you're on a permenant, there will be a default link to
the outside world).  The other routes should be on 4 - a default link to
your gateway at 192.168.0.1, and a network of 192.168.0.0, both on eth0.

The commands are (working from memory, and it's been a while since I've used
route so check the man page):

On 192.168.0.1:

route -add net 192.168.0.0 -netmask 255.255.255.0 eth0

On 192.168.0.4:

route -add default gw 192.168.0.1 eth0
route -add net 192.168.0.0 -netmask 255.255.255.0 eth0


-- 
-----------------------------------------------------------------------
#include <disclaimer.h>
Matthew Palmer
mjp16@uow.edu.au

---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.