[MLIST] Re: [olug] Firewall Newbie needs help

David Walker linux_user at grax.com
Wed Mar 5 16:39:50 UTC 2003 

Just to address your problem of the changing IP
I use the following line in my script to detect the current IP (assuming eth0 
is your external card) and then I use ${MY_IP} wherever I need to reference 
my IP address.

MY_IP=`/sbin/ifconfig eth0 | grep 'inet addr' | awk '{print $2}' | sed -e 
's/.*://'`

On Wednesday 05 March 2003 10:33 am, Mike Hostetler wrote:
> On Wed, Mar 05, 2003 at 10:17:49AM -0600, Jonathan Warren wrote:
> > Here is all it think you need for MASQUERADE.  Did you modprobe ipt_nat
> > and ipt_MASQUERADE?
>
> <snip>
>
> I tried all your commands (and Dave's suggestion of putting the source
> IPs  in) and the MASQ command didn't work.  What follows is the commands
> and a list of all my loaded modules.
>
> A note: this command worked, w/o maquerading:
> gideon linux-2.4.20-gentoo-r1 # iptables -v -t nat -A POSTROUTING -o eth0
> -s 10.0.0.0/255.255.255.0 -d 68.13.132.196
>   all opt -- in * out eth0  10.0.0.0/24  -> 68.13.132.196
>
> But won't do me good when Cox changes my IP.
>
> gideon linux-2.4.20-gentoo-r1 # iptables -v -t nat -F
> Flushing chain `PREROUTING'
> Flushing chain `POSTROUTING'
> Flushing chain `OUTPUT'
> gideon linux-2.4.20-gentoo-r1 # iptables -v -F
> Flushing chain `INPUT'
> Flushing chain `FORWARD'
> Flushing chain `OUTPUT'
> gideon linux-2.4.20-gentoo-r1 # iptables -A OUTPUT -m state -p icmp
> --state INVALID -j DROP
> iptables: No chain/target/match by that name
> gideon linux-2.4.20-gentoo-r1 # iptables -v -P INPUT ACCEPT
> gideon linux-2.4.20-gentoo-r1 # iptables -v -t nat -P POSTROUTING ACCEPT
> gideon linux-2.4.20-gentoo-r1 # iptables -v -t nat -A POSTROUTING -o eth0
> -j MASQUERADE
> MASQUERADE  all opt -- in * out eth0  0.0.0.0/0  -> 0.0.0.0/0
> iptables: Invalid argument
> gideon linux-2.4.20-gentoo-r1 # iptables -v -t nat -A POSTROUTING -o eth0
> -j MASQUERADE -s 10.0.0.0/24
> MASQUERADE  all opt -- in * out eth0  10.0.0.0/24  -> 0.0.0.0/0
> iptables: Invalid argument
> gideon linux-2.4.20-gentoo-r1 # iptables -v -t nat -A POSTROUTING -o eth0
> -j MASQUERADE -s 10.0.0.0/255.0.0.0
> MASQUERADE  all opt -- in * out eth0  10.0.0.0/8  -> 0.0.0.0/0
> iptables: Invalid argument
> gideon linux-2.4.20-gentoo-r1 # iptables -v -t nat -A POSTROUTING -o eth0
> -j MASQUERADE -s 10.0.0.0/255.255.255.0
> MASQUERADE  all opt -- in * out eth0  10.0.0.0/24  -> 0.0.0.0/0
> iptables: Invalid argument
>
> deon linux-2.4.20-gentoo-r1 # lsmod
> Module                  Size  Used by    Not tainted
> ip_nat_ftp              3472   0  (unused)
> ip_conntrack_ftp        4432   1
> ip_conntrack_irc        3440   1  (autoclean)
> ip_nat_irc              2736   0  (unused)
> ipt_MASQUERADE          1464   0  (autoclean)
> iptable_nat            18972   2  (autoclean) [ip_nat_ftp ip_nat_irc
> ipt_MASQUERADE]
> ip_conntrack           24136   3  (autoclean) [ip_nat_ftp
> ip_conntrack_ftp ip_conntrack_irc ip_nat_irc ipt_MASQUERADE iptable_nat]
> ide-scsi                9264   0
> sg                     29164   0  (unused)
> iptable_filter          1740   0  (autoclean)
> ip_tables              13016   5  [ipt_MASQUERADE iptable_nat
> iptable_filter]
> sd_mod                 11212   0  (autoclean) (unused)
> scsi_mod               94388   3  (autoclean) [ide-scsi sg sd_mod]
> smc-ultra               5264   1
> 8390                    7440   0  [smc-ultra]
> uhci                   31632   0  (unused)
> visor                   9928   0  (unused)
> usbserial              18812   0  [visor]
> usbcore                72992   1  [uhci visor usbserial]
> sb                      7732   0
> sb_lib                 41678   0  [sb]
> uart401                 7268   0  [sb_lib]
>
> _______________________________________________
> OLUG mailing list
> OLUG at olug.org
> http://lists.olug.org/mailman/listinfo/olug

More information about the OLUG mailing list