[olug] Firewall Newbie needs help

Mike Hostetler thehaas at binary.net
Wed Mar 5 16:33:14 UTC 2003 

On Wed, Mar 05, 2003 at 10:17:49AM -0600, Jonathan Warren wrote:
> Here is all it think you need for MASQUERADE.  Did you modprobe ipt_nat and ipt_MASQUERADE?
<snip>

I tried all your commands (and Dave's suggestion of putting the source
IPs  in) and the MASQ command didn't work.  What follows is the commands
and a list of all my loaded modules.

A note: this command worked, w/o maquerading:
gideon linux-2.4.20-gentoo-r1 # iptables -v -t nat -A POSTROUTING -o eth0
-s 10.0.0.0/255.255.255.0 -d 68.13.132.196
  all opt -- in * out eth0  10.0.0.0/24  -> 68.13.132.196

But won't do me good when Cox changes my IP. 

gideon linux-2.4.20-gentoo-r1 # iptables -v -t nat -F
Flushing chain `PREROUTING'
Flushing chain `POSTROUTING'
Flushing chain `OUTPUT'
gideon linux-2.4.20-gentoo-r1 # iptables -v -F
Flushing chain `INPUT'
Flushing chain `FORWARD'
Flushing chain `OUTPUT'
gideon linux-2.4.20-gentoo-r1 # iptables -A OUTPUT -m state -p icmp
--state INVALID -j DROP
iptables: No chain/target/match by that name
gideon linux-2.4.20-gentoo-r1 # iptables -v -P INPUT ACCEPT
gideon linux-2.4.20-gentoo-r1 # iptables -v -t nat -P POSTROUTING ACCEPT
gideon linux-2.4.20-gentoo-r1 # iptables -v -t nat -A POSTROUTING -o eth0
-j MASQUERADE
MASQUERADE  all opt -- in * out eth0  0.0.0.0/0  -> 0.0.0.0/0
iptables: Invalid argument
gideon linux-2.4.20-gentoo-r1 # iptables -v -t nat -A POSTROUTING -o eth0
-j MASQUERADE -s 10.0.0.0/24
MASQUERADE  all opt -- in * out eth0  10.0.0.0/24  -> 0.0.0.0/0
iptables: Invalid argument
gideon linux-2.4.20-gentoo-r1 # iptables -v -t nat -A POSTROUTING -o eth0
-j MASQUERADE -s 10.0.0.0/255.0.0.0
MASQUERADE  all opt -- in * out eth0  10.0.0.0/8  -> 0.0.0.0/0
iptables: Invalid argument
gideon linux-2.4.20-gentoo-r1 # iptables -v -t nat -A POSTROUTING -o eth0
-j MASQUERADE -s 10.0.0.0/255.255.255.0
MASQUERADE  all opt -- in * out eth0  10.0.0.0/24  -> 0.0.0.0/0
iptables: Invalid argument

deon linux-2.4.20-gentoo-r1 # lsmod
Module                  Size  Used by    Not tainted
ip_nat_ftp              3472   0  (unused)
ip_conntrack_ftp        4432   1
ip_conntrack_irc        3440   1  (autoclean)
ip_nat_irc              2736   0  (unused)
ipt_MASQUERADE          1464   0  (autoclean)
iptable_nat            18972   2  (autoclean) [ip_nat_ftp ip_nat_irc
ipt_MASQUERADE]
ip_conntrack           24136   3  (autoclean) [ip_nat_ftp
ip_conntrack_ftp ip_conntrack_irc ip_nat_irc ipt_MASQUERADE iptable_nat]
ide-scsi                9264   0
sg                     29164   0  (unused)
iptable_filter          1740   0  (autoclean)
ip_tables              13016   5  [ipt_MASQUERADE iptable_nat
iptable_filter]
sd_mod                 11212   0  (autoclean) (unused)
scsi_mod               94388   3  (autoclean) [ide-scsi sg sd_mod]
smc-ultra               5264   1
8390                    7440   0  [smc-ultra]
uhci                   31632   0  (unused)
visor                   9928   0  (unused)
usbserial              18812   0  [visor]
usbcore                72992   1  [uhci visor usbserial]
sb                      7732   0
sb_lib                 41678   0  [sb]
uart401                 7268   0  [sb_lib]

More information about the OLUG mailing list