[TriLUG] ipmasq horrors on switchover to cable modem

Andrew Perrin clists at perrin.socsci.unc.edu
Mon Nov 18 09:33:26 EST 2002


Wow, thanks for the detailed look. I'll make the change as soon as I can
and report back.

ap

----------------------------------------------------------------------
Andrew J Perrin - http://www.unc.edu/~aperrin
Assistant Professor of Sociology, U of North Carolina, Chapel Hill
clists at perrin.socsci.unc.edu * andrew_perrin (at) unc.edu


On Sun, 17 Nov 2002, Dan Chen wrote:

> [Again, bouncing via imap accounts]
> 
> On Sun, 17 Nov 2002 22:31:59 -0500 (EST), Andrew Perrin wrote:
> >Oddly enough, it's the same ruleset under 2.2.19pre17 and 2.4.18; on
> >both systems I start by running /usr/sbin/ipmasq.  But for whatever
> >reason, it (currently) works under 2.2.19 and not 2.4.18. Until I made
> >changes to the kernel today, it worked under both.
> 
> The culprit lies here, in your 2.4.18 .config:
> 
> #
> #   IP: Netfilter Configuration
> #
> ...
> # CONFIG_IP_NF_COMPAT_IPFWADM is not set <-- make this 'y' or 'm' in
>                                              menuconfig (I believe 'm'
>                                              will be the only option)
> 
> >You may be right about the overly-specific addresses; I note that there
> >are several instances of 64.* addresses, which are all telocity-
> >specific and therefore wouldn't work with an earthlink ip address,
> >which is a 24.* address.  Curiously enough, though, searching in
> >/etc/ipmasq/rules for 64 or for telocity finds nothing at all, which
> >makes me think there's something else at work.
> 
> Hrm, I don't have an /etc/ipmasq/rules (don't run/have it installed),
> but the equivalent counters are stored in /var/lib/iptables (and
> /var/lib/ip6tables) for me. Generally I have a /root/firewall.sh hacked-
> up script that I set everything in prior to using /etc/default/iptables,
> so I'm not sure what the ipchains/ipmasq equivalents are. Perhaps in
> /etc/init.d/ip{chains,masq} there's a reference to an additional file.
> 
> If you use a separate script/setup for ipchains/ipmasq, then you'll want
> to check its configuration as well.
> 
> Take care,
> -Dan
> 
> -- 
> Dan Chen                 crimsun at email.unc.edu
> GPG key:   www.unc.edu/~crimsun/pubkey.gpg.asc
> 




More information about the TriLUG mailing list