IP Masquerade for a PPP0 connection

James Applebaum yellowdog-general@lists.terrasoftsolutions.com
Wed Jan 15 12:42:00 2003 

I am having trouble getting IPMASQ running on my server. I have
recompiled my kernal... adding necessary modules & I think I am very 
close.
I can ping the IP established on the PPP0 dynamic connection from any
machine on my LAN but I can't ping the anything on the internet (DNS,
etc).

Can anyone suggest my next steps to determine what I may have done 
wrong?

I am running a very basic script and receive this echo (below)... I
have also included (/etc/rc.d/init.d/iptables status, ls -i
/proc/sys/net/ipv4)
_______________________________________________________________

[root@server root]# /etc/rc.d/rc.firewall-2.4

Loading simple rc.firewall version 0.70..

   External Interface: ppp0
   Internal Interface: eth0
   loading modules:  - Verifying that all kernel modules are ok
depmod: *** Unresolved symbols in
/lib/modules/2.4.19-4a/kernel/drivers/net/wireless/orinoco.o
depmod: *** Unresolved symbols in
/lib/modules/2.4.19-4a/kernel/drivers/sound/dmasound/dmasound_pmac.o
depmod: *** Unresolved symbols in
/lib/modules/2.4.19-4a/kernel/fs/coda/coda.o
depmod: *** Unresolved symbols in
/lib/modules/2.4.19-4a/kernel/fs/nfsd/nfsd.o
depmod: *** Unresolved symbols in
/lib/modules/2.4.19-4a/kernel/net/sunrpc/sunrpc.o
----------------------------------------------------------------------
ip_tables, Using
/lib/modules/2.4.19-4a/kernel/net/ipv4/netfilter/ip_tables.o
insmod: a module named ip_tables already exists
ip_conntrack, Using
/lib/modules/2.4.19-4a/kernel/net/ipv4/netfilter/ip_conntrack.o
insmod: a module named ip_conntrack already exists
ip_conntrack_ftp, Using
/lib/modules/2.4.19-4a/kernel/net/ipv4/netfilter/ip_conntrack_ftp.o
insmod: a module named ip_conntrack_ftp already exists
ip_conntrack_irc, Using
/lib/modules/2.4.19-4a/kernel/net/ipv4/netfilter/ip_conntrack_irc.o
insmod: a module named ip_conntrack_irc already exists
iptable_nat, Using
/lib/modules/2.4.19-4a/kernel/net/ipv4/netfilter/iptable_nat.o
insmod: a module named iptable_nat already exists
ip_nat_ftp, Using
/lib/modules/2.4.19-4a/kernel/net/ipv4/netfilter/ip_nat_ftp.o
insmod: a module named ip_nat_ftp already exists
----------------------------------------------------------------------
. Done loading modules.
   enabling forwarding..
   enabling DynamicAddr..
   clearing any existing rules and setting default policy..
   FWD: Allow all connections OUT and only existing and related ones IN
iptables v1.2.4: Unknown arg `--state'
Try `iptables -h' or 'iptables --help' for more information.
/etc/rc.d/rc.firewall-2.4: ESTABLISHED,RELATED: command not found
   Enabling SNAT (MASQUERADE) functionality on ppp0

rc.firewall-2.4 v0.70 done.

_____________________________________________________________________
[root@server root]#  /etc/rc.d/init.d/iptables status
Table: filter
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
LOG        all  --  anywhere             anywhere           LOG level
warning

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
Table: nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
MASQUERADE  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

______________________________________________________________________
[root@server root]# ls -i  /proc/sys/net/ipv4
     4859 conf                                  4674 tcp_ecn
     4645 icmp_echo_ignore_all                  4672 tcp_fack
     4646 icmp_echo_ignore_broadcasts           4637 tcp_fin_timeout
     4647 icmp_ignore_bogus_error_responses     4634 tcp_keepalive_intvl
     4681 icmp_ratelimit                        4633 tcp_keepalive_probes
     4682 icmp_ratemask                         4632 tcp_keepalive_time
     4670 inet_peer_gc_maxtime                  4626 tcp_max_orphans
     4669 inet_peer_gc_mintime                  4643 tcp_max_syn_backlog
     4668 inet_peer_maxttl                      4627 tcp_max_tw_buckets
     4667 inet_peer_minttl                      4676 tcp_mem
     4666 inet_peer_threshold                   4671 tcp_orphan_retries
     4621 ip_autoconfig                         4673 tcp_reordering
     4969 ip_conntrack_max                      4618 tcp_retrans_collapse
     4620 ip_default_ttl                        4635 tcp_retries1
     4630 ip_dynaddr                            4636 tcp_retries2
     4619 ip_forward                            4642 tcp_rfc1337
     4628 ipfrag_high_thresh                    4678 tcp_rmem
     4629 ipfrag_low_thresh                     4617 tcp_sack
     4631 ipfrag_time                           4641 tcp_stdurg
     4644 ip_local_port_range                   4625 tcp_synack_retries
     4623 ip_nonlocal_bind                      4638 tcp_syncookies
     4622 ip_no_pmtu_disc                       4624 tcp_syn_retries
     4841 neigh                                 4615 tcp_timestamps
     4648 route                                 4639 tcp_tw_recycle
     4640 tcp_abort_on_overflow                 4683 tcp_tw_reuse
     4680 tcp_adv_win_scale                     4616 tcp_window_scaling
     4679 tcp_app_win                           4677 tcp_wmem
     4675 tcp_dsack

James