[TriLUG] ipmasq horrors on switchover to cable modem
Andrew Perrin
clists at perrin.socsci.unc.edu
Thu Nov 21 10:52:07 EST 2002
Thank you Dan for your help. This is a report on the progress (80%
done) and also on what remains problematic.
First, the central problem turned out to be that the kernel upgrade
"magically" swapped eth0 and eth1. That, of course, screwed everything
else up. So where eth1 used to point to the 3Com card attached to the
external network and eth0 pointed to 192.168.0.x, with the new kernel it
is the reverse. (Is there any way to control this?)
So, with the help below and after noticing that fact, I was able to bring
up the fully ipmasq'ed system with:
ifconfig eth1 inet 192.168.0.3 netmask 255.255.255.0
ifconfig eth0 up
pump -i eth1 (dhclient works equally well)
ipmasq
And it all works (and, by the way, my earthlink cable "feels" dramatically
faster than my telocity DSL did).
I'm still working on getting this to happen on boot, but that's less
important to me; the machine is on a UPS so it's very rare that it goes
down on its own, and even rarer that it does so when I'm not home but my
wife is. (Famous last words!)
Thanks again-
Andy
----------------------------------------------------------------------
Andrew J Perrin - http://www.unc.edu/~aperrin
Assistant Professor of Sociology, U of North Carolina, Chapel Hill
clists at perrin.socsci.unc.edu * andrew_perrin (at) unc.edu
On Sun, 17 Nov 2002, Dan Chen wrote:
> [Again, bouncing via imap accounts]
>
> On Sun, 17 Nov 2002 22:31:59 -0500 (EST), Andrew Perrin wrote:
> >Oddly enough, it's the same ruleset under 2.2.19pre17 and 2.4.18; on
> >both systems I start by running /usr/sbin/ipmasq. But for whatever
> >reason, it (currently) works under 2.2.19 and not 2.4.18. Until I made
> >changes to the kernel today, it worked under both.
>
> The culprit lies here, in your 2.4.18 .config:
>
> #
> # IP: Netfilter Configuration
> #
> ...
> # CONFIG_IP_NF_COMPAT_IPFWADM is not set <-- make this 'y' or 'm' in
> menuconfig (I believe 'm'
> will be the only option)
>
> >You may be right about the overly-specific addresses; I note that there
> >are several instances of 64.* addresses, which are all telocity-
> >specific and therefore wouldn't work with an earthlink ip address,
> >which is a 24.* address. Curiously enough, though, searching in
> >/etc/ipmasq/rules for 64 or for telocity finds nothing at all, which
> >makes me think there's something else at work.
>
> Hrm, I don't have an /etc/ipmasq/rules (don't run/have it installed),
> but the equivalent counters are stored in /var/lib/iptables (and
> /var/lib/ip6tables) for me. Generally I have a /root/firewall.sh hacked-
> up script that I set everything in prior to using /etc/default/iptables,
> so I'm not sure what the ipchains/ipmasq equivalents are. Perhaps in
> /etc/init.d/ip{chains,masq} there's a reference to an additional file.
>
> If you use a separate script/setup for ipchains/ipmasq, then you'll want
> to check its configuration as well.
>
> Take care,
> -Dan
>
> --
> Dan Chen crimsun at email.unc.edu
> GPG key: www.unc.edu/~crimsun/pubkey.gpg.asc
>
More information about the TriLUG
mailing list