[ale] Re: Ping through Masq'ing firewall?
Robert L Harris
nomad at rocky.orci.com
Mon Jan 5 09:02:16 EST 1998
I did menuconfig so I could cut and paste it. In the 2.1.X kernel there
is no ICMP Masq support apparaently. :
ip_masq_ftp.o ip_masq_irc.o ip_masq_quake.o ip_masq_raudio.o
I need to upgrade to Redhat-5.0 to use kernel 2.0.33 so the subsystems
will be up to par. Problem is there is no floppy or CD in this machine
which makes it hard to boot from floppies.
> -----BEGIN PGP SIGNED MESSAGE-----
> Looks like to me to be a part of the statement:
> --- Protocol-specific masquerading support will be built as modules.
> Try 'make xconfig'... it's nicer than the menu config and has the specific
> option of making ICMP Masq into the kernel. (Sounds like it's being made
> into a module.)
> On Sat, 3 Jan 1998, Robert L Harris wrote:
> > >
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > >
> > >
> > > Robert,
> > >
> > > If memory serves there's an option in the kernel config for ICMP
> > > Masqurade. Since pings & traceroutes are ICMP packets, make sure this is
> > > enabled. After that... sorry. Dunno.
> > >
> > > On Sat, 3 Jan 1998, Robert L Harris wrote:
> > >
> > > > Ok,
> > > > My firewall/Masq is up and working beautifully. The problem is that
> > > > you can't ping a host outside from inside. The firewall can ping out, but
> > > > machines behind it never get a response.
> > > > This seems to be keeping Quake2 and Age Of Empire from being able to play
> > > > from behind it.
> > > >
> > > > Anyone have any Ideas? I'd really like to be able to play AOE...
> > >
> > I found a IP Masq, but not ICMP. Here's the section from "make menuconfig", let me know
> > if you see something wrong.
> > [*] Kernel/User network link driver
> > [ ] Routing messages
> > [*] Network firewalls
> > [ ] Socket Security API Support (EXPERIMENTAL)
> > [ ] Network aliasing
> > [*] TCP/IP networking
> > [ ] IP: multicasting
> > [*] IP: firewalling
> > [ ] IP: firewall packet netlink device
> > [ ] IP: firewall packet logging
> > [*] IP: masquerading
> > --- Protocol-specific masquerading support will be built as modules.
> > [ ] IP: transparent proxy support
> > [ ] IP: always defragment
> > [ ] IP: accounting
> > [*] IP: optimize as router not host
> > < > IP: tunneling
> > [ ] IP: ARP daemon support (EXPERIMENTAL)
> > [ ] IP: TCP syncookie support (not enabled per default)
> > --- (it is safe to leave these untouched)
> > [ ] IP: PC/TCP compatibility mode
> > < > IP: Reverse ARP
> > [*] IP: Path MTU Discovery (normally enabled)
> > [*] IP: Drop source routed frames
> > [*] IP: Allow large windows (not recommended if <16Mb of memory)
> > < > The IPv6 protocol (EXPERIMENTAL)
> > ---
> > < > The IPX protocol
> > < > Appletalk DDP
> > < > Amateur Radio AX.25 Level 2
> > < > CCITT X.25 Packet Layer (EXPERIMENTAL)
> > < > LAPB Data Link Driver (EXPERIMENTAL)
> > [ ] Bridging (EXPERIMENTAL)
> > [ ] 802.2 LLC (EXPERIMENTAL)
> > < > WAN router
> - -----
> Aaron Turner, CNE | Either which way, one half dozen or another.
> aturner at pobox.com | Check out the RedHat Linux User's FAQ Online!
> www.pobox.com/~aturner | http://www.pobox.com/~aturner/RedHat-FAQ/
> All emails from this account are PGP signed. Lack of a signature is "bad".
> PGP Key fingerprint = FB E1 CE ED 57 E4 AB 80 59 6E 60 BF 45 1B 20 E8
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> -----END PGP SIGNATURE-----
Robert L. Harris | NT is secure....
System Engineer For Hire. \_ as long as you don't remove the shrink wrap.
These are MY OPINIONS ALONE. I speak for no-one else.
perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
More information about the Ale