[ale] Re: Ping through Masq'ing firewall?

Aaron D. Turner aturner at best.com
Mon Jan 5 02:22:40 EST 1998


-----BEGIN PGP SIGNED MESSAGE-----


Looks like to me to be a part of the statement:
 --- Protocol-specific masquerading support will be built as modules.

Try 'make xconfig'... it's nicer than the menu config and has the specific
option of making ICMP Masq into the kernel.  (Sounds like it's being made
into a module.)


On Sat, 3 Jan 1998, Robert L Harris wrote:

> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> >
> >
> > Robert,
> >
> > If memory serves there's an option in the kernel config for ICMP
> > Masqurade.  Since pings & traceroutes are ICMP packets, make sure this is
> > enabled.  After that... sorry.  Dunno.
> >
> > On Sat, 3 Jan 1998, Robert L Harris wrote:
> >
> > > Ok,
> > >   My firewall/Masq is up and working beautifully.  The problem is that
> > > you can't ping a host outside from inside.  The firewall can ping out, but
> > > machines behind it never get a response.
> > >   This seems to be keeping Quake2 and Age Of Empire from being able to play
> > > from behind it.
> > >
> > >   Anyone have any Ideas?  I'd really like to be able to play AOE...
> >
> 
> I found a IP Masq, but not ICMP.  Here's the section from "make menuconfig", let me know
> if you see something wrong.
> 
> [*] Kernel/User network link driver
> [ ] Routing messages
> [*] Network firewalls
> [ ] Socket Security API Support (EXPERIMENTAL)
> [ ] Network aliasing
> [*] TCP/IP networking
> [ ] IP: multicasting
> [*] IP: firewalling
> [ ] IP: firewall packet netlink device
> [ ] IP: firewall packet logging
> [*] IP: masquerading
>  --- Protocol-specific masquerading support will be built as modules.
> [ ] IP: transparent proxy support
> [ ] IP: always defragment
> [ ] IP: accounting
> [*] IP: optimize as router not host
> < > IP: tunneling
> [ ] IP: ARP daemon support (EXPERIMENTAL)
> [ ] IP: TCP syncookie support (not enabled per default)
> --- (it is safe to leave these untouched)
> [ ] IP: PC/TCP compatibility mode
> < > IP: Reverse ARP
> [*] IP: Path MTU Discovery (normally enabled)
> [*] IP: Drop source routed frames
> [*] IP: Allow large windows (not recommended if <16Mb of memory)
> < > The IPv6 protocol (EXPERIMENTAL)
> ---
> < > The IPX protocol
> < > Appletalk DDP
> < > Amateur Radio AX.25 Level 2
> < > CCITT X.25 Packet Layer (EXPERIMENTAL)
> < > LAPB Data Link Driver (EXPERIMENTAL)
> [ ] Bridging (EXPERIMENTAL)
> [ ] 802.2 LLC (EXPERIMENTAL)
> < > WAN router

- -----
Aaron Turner, CNE      | Either which way, one half dozen or another. 
aturner at pobox.com      | Check out the RedHat Linux User's FAQ Online!
www.pobox.com/~aturner | http://www.pobox.com/~aturner/RedHat-FAQ/
All emails from this account are PGP signed.  Lack of a signature is "bad".
PGP Key fingerprint = FB E1 CE ED 57 E4 AB 80  59 6E 60 BF 45 1B 20 E8



-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBNLCKQjM3jpXy1kJtAQG4TwP/YTz6vbR74r7GpHRkPXu1gNus4GBes/4g
cdruusaMJRuDKciS66iOdjAxBW8n3rPoK8UR+greBMZxhRnmIx443SUnl2py2x53
hY7kbpLsAhvhm9fgveM0H8eLj3E4mOCjbOi0sb2w8yXzW4EbgVDH+z5WCTLNOavA
zjqry6A0avQ=
=m5vd
-----END PGP SIGNATURE-----






More information about the Ale mailing list