[TriLUG] ipmasq horrors on switchover to cable modem
Dan Chen
crimsun at email.unc.edu
Sun Nov 17 23:55:49 EST 2002
[Again, bouncing via imap accounts]
On Sun, 17 Nov 2002 22:31:59 -0500 (EST), Andrew Perrin wrote:
>Oddly enough, it's the same ruleset under 2.2.19pre17 and 2.4.18; on
>both systems I start by running /usr/sbin/ipmasq. But for whatever
>reason, it (currently) works under 2.2.19 and not 2.4.18. Until I made
>changes to the kernel today, it worked under both.
The culprit lies here, in your 2.4.18 .config:
#
# IP: Netfilter Configuration
#
...
# CONFIG_IP_NF_COMPAT_IPFWADM is not set <-- make this 'y' or 'm' in
menuconfig (I believe 'm'
will be the only option)
>You may be right about the overly-specific addresses; I note that there
>are several instances of 64.* addresses, which are all telocity-
>specific and therefore wouldn't work with an earthlink ip address,
>which is a 24.* address. Curiously enough, though, searching in
>/etc/ipmasq/rules for 64 or for telocity finds nothing at all, which
>makes me think there's something else at work.
Hrm, I don't have an /etc/ipmasq/rules (don't run/have it installed),
but the equivalent counters are stored in /var/lib/iptables (and
/var/lib/ip6tables) for me. Generally I have a /root/firewall.sh hacked-
up script that I set everything in prior to using /etc/default/iptables,
so I'm not sure what the ipchains/ipmasq equivalents are. Perhaps in
/etc/init.d/ip{chains,masq} there's a reference to an additional file.
If you use a separate script/setup for ipchains/ipmasq, then you'll want
to check its configuration as well.
Take care,
-Dan
--
Dan Chen crimsun at email.unc.edu
GPG key: www.unc.edu/~crimsun/pubkey.gpg.asc
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://www.trilug.org/pipermail/trilug/attachments/20021117/6130afc1/attachment.pgp>
More information about the TriLUG
mailing list