Problem setting up IP MASQ

James Applebaum yellowdog-general@lists.terrasoftsolutions.com
Tue Jan 14 08:08:01 2003 

I am having trouble getting IPMASQ running on my server. I have 
recompiled my kernal... I think I am close.
I can ping the IP established on the PPP0 dynamic connection from any 
machine on my LAN but I can't ping the anything on the internet (DNS, 
etc).

I am running a very basic script and receive this echo (below)... I 
have also included (/etc/rc.d/init.d/iptables status, ls -i  
/proc/sys/net/ipv4)
_______________________________________________________________

[root@server root]# /etc/rc.d/rc.firewall-2.4

Loading simple rc.firewall version 0.70..

  External Interface: ppp0
  Internal Interface: eth0
  loading modules:  - Verifying that all kernel modules are ok
depmod: *** Unresolved symbols in 
/lib/modules/2.4.19-4a/kernel/drivers/net/wireless/orinoco.o
depmod: *** Unresolved symbols in 
/lib/modules/2.4.19-4a/kernel/drivers/sound/dmasound/dmasound_pmac.o
depmod: *** Unresolved symbols in 
/lib/modules/2.4.19-4a/kernel/fs/coda/coda.o
depmod: *** Unresolved symbols in 
/lib/modules/2.4.19-4a/kernel/fs/nfsd/nfsd.o
depmod: *** Unresolved symbols in 
/lib/modules/2.4.19-4a/kernel/net/sunrpc/sunrpc.o
----------------------------------------------------------------------
ip_tables, Using 
/lib/modules/2.4.19-4a/kernel/net/ipv4/netfilter/ip_tables.o
insmod: a module named ip_tables already exists
ip_conntrack, Using 
/lib/modules/2.4.19-4a/kernel/net/ipv4/netfilter/ip_conntrack.o
insmod: a module named ip_conntrack already exists
ip_conntrack_ftp, Using 
/lib/modules/2.4.19-4a/kernel/net/ipv4/netfilter/ip_conntrack_ftp.o
insmod: a module named ip_conntrack_ftp already exists
ip_conntrack_irc, Using 
/lib/modules/2.4.19-4a/kernel/net/ipv4/netfilter/ip_conntrack_irc.o
insmod: a module named ip_conntrack_irc already exists
iptable_nat, Using 
/lib/modules/2.4.19-4a/kernel/net/ipv4/netfilter/iptable_nat.o
insmod: a module named iptable_nat already exists
ip_nat_ftp, Using 
/lib/modules/2.4.19-4a/kernel/net/ipv4/netfilter/ip_nat_ftp.o
insmod: a module named ip_nat_ftp already exists
----------------------------------------------------------------------
. Done loading modules.
  enabling forwarding..
  enabling DynamicAddr..
  clearing any existing rules and setting default policy..
  FWD: Allow all connections OUT and only existing and related ones IN
iptables v1.2.4: Unknown arg `--state'
Try `iptables -h' or 'iptables --help' for more information.
/etc/rc.d/rc.firewall-2.4: ESTABLISHED,RELATED: command not found
  Enabling SNAT (MASQUERADE) functionality on ppp0

rc.firewall-2.4 v0.70 done.

_____________________________________________________________________
[root@server root]#  /etc/rc.d/init.d/iptables status
Table: filter
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere           LOG level 
warning

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Table: nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

______________________________________________________________________
[root@server root]# ls -i  /proc/sys/net/ipv4
    4859 conf                                  4674 tcp_ecn
    4645 icmp_echo_ignore_all                  4672 tcp_fack
    4646 icmp_echo_ignore_broadcasts           4637 tcp_fin_timeout
    4647 icmp_ignore_bogus_error_responses     4634 tcp_keepalive_intvl
    4681 icmp_ratelimit                        4633 tcp_keepalive_probes
    4682 icmp_ratemask                         4632 tcp_keepalive_time
    4670 inet_peer_gc_maxtime                  4626 tcp_max_orphans
    4669 inet_peer_gc_mintime                  4643 tcp_max_syn_backlog
    4668 inet_peer_maxttl                      4627 tcp_max_tw_buckets
    4667 inet_peer_minttl                      4676 tcp_mem
    4666 inet_peer_threshold                   4671 tcp_orphan_retries
    4621 ip_autoconfig                         4673 tcp_reordering
    4969 ip_conntrack_max                      4618 tcp_retrans_collapse
    4620 ip_default_ttl                        4635 tcp_retries1
    4630 ip_dynaddr                            4636 tcp_retries2
    4619 ip_forward                            4642 tcp_rfc1337
    4628 ipfrag_high_thresh                    4678 tcp_rmem
    4629 ipfrag_low_thresh                     4617 tcp_sack
    4631 ipfrag_time                           4641 tcp_stdurg
    4644 ip_local_port_range                   4625 tcp_synack_retries
    4623 ip_nonlocal_bind                      4638 tcp_syncookies
    4622 ip_no_pmtu_disc                       4624 tcp_syn_retries
    4841 neigh                                 4615 tcp_timestamps
    4648 route                                 4639 tcp_tw_recycle
    4640 tcp_abort_on_overflow                 4683 tcp_tw_reuse
    4680 tcp_adv_win_scale                     4616 tcp_window_scaling
    4679 tcp_app_win                           4677 tcp_wmem
    4675 tcp_dsack

James