I just tried to setup a box running debian 3.0 r2 (kernel 2.2.20) to perform IP Masquerading. I used the following ruleset (mostly taken from a howto at TLDP)
Code:
#!/bin/sh
echo -e "\n\nLoading simple rc.firewall-2.2 : version $FWVER..\n"
IPCHAINS=/sbin/ipchains
DEPMOD=/sbin/depmod
MODPROBE=/sbin/modprobe
EXTIF="eth0"
INTIF="eth1"
echo " External Interface: $EXTIF"
echo " Internal Interface: $INTIF"
INTLAN="192.168.1.0/24"
echo -e " Internal Interface: $INTLAN\n"
echo " loading required IPMASQ kernel modules.."
$DEPMOD -a
echo -en " Loading modules: "
echo -en "FTP, "
$MODPROBE ip_masq_ftp
echo -en "RealAudio, "
$MODPROBE ip_masq_raudio
echo -en "Irc, "
$MODPROBE ip_masq_irc
echo ". Done loading modules."
echo " enabling forwarding.."
echo "1" > /proc/sys/net/ipv4/ip_forward
echo " enabling AlwaysDefrag.."
echo "1" > /proc/sys/net/ipv4/ip_always_defrag
echo " clearing any existing rules and setting default policy.."
$IPCHAINS -P input ACCEPT
$IPCHAINS -P output ACCEPT
$IPCHAINS -P forward REJECT
$IPCHAINS -F input
$IPCHAINS -F output
$IPCHAINS -F forward
echo " setting default timers.."
$IPCHAINS -M -S 7200 10 160
$IPCHAINS -A input -j ACCEPT -i $EXTIF -s 0/0 67 -d 0/0 68 -p udp
echo " enabling IPMASQ functionality on $EXTIF"
$IPCHAINS -P forward DENY
$IPCHAINS -A forward -i $EXTIF -s $INTLAN -j MASQ
echo -e "\nrc.firewall-2.2 v$FWVER done.\n"
When I run the script, the output is as follows:
Code:
DebianSever:~# /etc/rc.firewall
Loading simple rc.firewall-2.2 : version 1.22..
External Interface : eth0
Internal Interface : eth1
Loading required IPMASQ modules
Loading modules: FTP, IRC, . Done loading modules.
enabling forwarding..
enabling AlwaysDefrag..
clearing any existing rules and setting default policy
/etc/rc.firewall: -P: command not found
setting default timers..
enabling IPMASQ functionality on eth0
rc.firewall2.2 v1.22 done.
I could not ping anything on the internal interface. I tried pinging the IPMASQ box from my desktop and that also failed. I ran ifconfig to see if all my interfaces were working.
Code:
DebianServer:~#ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:60:97:13:32:E6
inet addr:192.168.1.105 Bcast:192.168.1.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6 errors:0 dropped:0 overruns:0 frame:0
TX packets:26 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:1113 (1.0KiB) TX bytes:3143 (3.0 KiB)
Interrupt:10 Base address:0X300
eth1 Link encap:Ethernet HWaddr 00:30:BD:2E:BF:E8
BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
Interrupt:9 Base address:0X3000
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOBACK RUNNING MTU:3924 Metric:1
RX packets:8 errors:0 dropped:0 overruns:0 frame:0
TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:560 (560.0 b) TX bytes:560 (560.0 b)
#I don't know what this is or how it got here
#It is there before I run the script as well
tunl0 Link encap:IPIP Tunnel HWaddr
NOARP MTU:1480 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
As you can see, eth1 has no IP address. This is fixed by adding "auto eth1" to the /etc/network/interfaces file, but then my internet connection stops working. Any ideas on why this happens?
My /etc/network/interfaces file, for good measure:
Code:
# /etc/network/interfaces -- configuration file for ifup(8), ifdown(8)
#The loopback interface
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
iface eth1 inet static
address 192.168.1.142
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
I would like to have this section of my network look like this :
router->eth0->eth1->switch->clients
I think my main problem is with eth1. Any help is greatly appriciated.