[ale] Re: Ping through Masq'ing firewall?

Robert L Harris nomad at rocky.orci.com
Mon Jan 5 09:02:16 EST 1998 

I did menuconfig so I could cut and paste it.  In the 2.1.X kernel there
is no ICMP Masq support apparaently. :

{0}:moat:/lib/modules/2.1.64/ipv4>ls
ip_masq_ftp.o     ip_masq_irc.o     ip_masq_quake.o   ip_masq_raudio.o
{0}:moat:/lib/modules/2.1.64/ipv4>

I need to upgrade to Redhat-5.0 to use kernel 2.0.33 so the subsystems
will be up to par.  Problem is there is no floppy or CD in this machine
which makes it hard to boot from floppies.


> 
> -----BEGIN PGP SIGNED MESSAGE-----
> 
> 
> Looks like to me to be a part of the statement:
>  --- Protocol-specific masquerading support will be built as modules.
> 
> Try 'make xconfig'... it's nicer than the menu config and has the specific
> option of making ICMP Masq into the kernel.  (Sounds like it's being made
> into a module.)
> 
> 
> On Sat, 3 Jan 1998, Robert L Harris wrote:
> 
> > >
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > >
> > >
> > > Robert,
> > >
> > > If memory serves there's an option in the kernel config for ICMP
> > > Masqurade.  Since pings & traceroutes are ICMP packets, make sure this is
> > > enabled.  After that... sorry.  Dunno.
> > >
> > > On Sat, 3 Jan 1998, Robert L Harris wrote:
> > >
> > > > Ok,
> > > >   My firewall/Masq is up and working beautifully.  The problem is that
> > > > you can't ping a host outside from inside.  The firewall can ping out, but
> > > > machines behind it never get a response.
> > > >   This seems to be keeping Quake2 and Age Of Empire from being able to play
> > > > from behind it.
> > > >
> > > >   Anyone have any Ideas?  I'd really like to be able to play AOE...
> > >
> > 
> > I found a IP Masq, but not ICMP.  Here's the section from "make menuconfig", let me know
> > if you see something wrong.
> > 
> > [*] Kernel/User network link driver
> > [ ] Routing messages
> > [*] Network firewalls
> > [ ] Socket Security API Support (EXPERIMENTAL)
> > [ ] Network aliasing
> > [*] TCP/IP networking
> > [ ] IP: multicasting
> > [*] IP: firewalling
> > [ ] IP: firewall packet netlink device
> > [ ] IP: firewall packet logging
> > [*] IP: masquerading
> >  --- Protocol-specific masquerading support will be built as modules.
> > [ ] IP: transparent proxy support
> > [ ] IP: always defragment
> > [ ] IP: accounting
> > [*] IP: optimize as router not host
> > < > IP: tunneling
> > [ ] IP: ARP daemon support (EXPERIMENTAL)
> > [ ] IP: TCP syncookie support (not enabled per default)
> > --- (it is safe to leave these untouched)
> > [ ] IP: PC/TCP compatibility mode
> > < > IP: Reverse ARP
> > [*] IP: Path MTU Discovery (normally enabled)
> > [*] IP: Drop source routed frames
> > [*] IP: Allow large windows (not recommended if <16Mb of memory)
> > < > The IPv6 protocol (EXPERIMENTAL)
> > ---
> > < > The IPX protocol
> > < > Appletalk DDP
> > < > Amateur Radio AX.25 Level 2
> > < > CCITT X.25 Packet Layer (EXPERIMENTAL)
> > < > LAPB Data Link Driver (EXPERIMENTAL)
> > [ ] Bridging (EXPERIMENTAL)
> > [ ] 802.2 LLC (EXPERIMENTAL)
> > < > WAN router
> 
> - -----
> Aaron Turner, CNE      | Either which way, one half dozen or another. 
> aturner at pobox.com      | Check out the RedHat Linux User's FAQ Online!
> www.pobox.com/~aturner | http://www.pobox.com/~aturner/RedHat-FAQ/
> All emails from this account are PGP signed.  Lack of a signature is "bad".
> PGP Key fingerprint = FB E1 CE ED 57 E4 AB 80  59 6E 60 BF 45 1B 20 E8
> 
> 
> 
> -----BEGIN PGP SIGNATURE-----
> Version: 2.6.2
> 
> iQCVAwUBNLCKQjM3jpXy1kJtAQG4TwP/YTz6vbR74r7GpHRkPXu1gNus4GBes/4g
> cdruusaMJRuDKciS66iOdjAxBW8n3rPoK8UR+greBMZxhRnmIx443SUnl2py2x53
> hY7kbpLsAhvhm9fgveM0H8eLj3E4mOCjbOi0sb2w8yXzW4EbgVDH+z5WCTLNOavA
> zjqry6A0avQ=
> =m5vd
> -----END PGP SIGNATURE-----
> 


---------------------------------------------------------------------------
Robert L. Harris          |   NT is secure.... 
System Engineer For Hire. \_   as long as you don't remove the shrink wrap.

http://www.orci.com/~nomad

DISCLAIMER:
      These are MY OPINIONS ALONE.  I speak for no-one else.
perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'

More information about the Ale mailing list