[RE: [RE: [RE: [lug] Sending POP email thru firewall]]]

George Sexton gsexton at mhsoftware.com
Tue Jul 11 17:43:33 MDT 2000


> So is it safe to say that any masquerading that entries that came
> as a result
> of 'netstat -M' or 'ipchains -LM' before were only things being
> masq'd by my

All I can tell you is my experience. I had a working MASQ setup and I added
the -i $IF to the MASQ line and masquerading stopped working. Proxied
connections (through squid) continued to work through the masq machine.

When I removed the -i $IF from the MASQ line, things started working again.

On another, working machine I repeated the experiment of adding -i $IF and
it killed masquerade. I removed -i $IF and masquerade worked again.



> -----Original Message-----
> From: lug-admin at lug.boulder.co.us [mailto:lug-admin at lug.boulder.co.us]On
> Behalf Of Justin
> Sent: Tuesday, July 11, 2000 4:35 PM
> To: lug at lug.boulder.co.us
> Subject: Re: [RE: [RE: [RE: [lug] Sending POP email thru firewall]]]
>
>
> So is it safe to say that any masquerading that entries that came
> as a result
> of 'netstat -M' or 'ipchains -LM' before were only things being
> masq'd by my
> loaded masq modules (ie: ip_masq_irc, etc)? Not by the ipchains MASQ entry
> itself? Or am I confused? :-)
>
>
> "George Sexton" <gsexton at mhsoftware.com> wrote:
> > It kills masquerading off totally.
> >
> > > -----Original Message-----
> > > From: lug-admin at lug.boulder.co.us
> [mailto:lug-admin at lug.boulder.co.us]On
> > > Behalf Of Justin
> > > Sent: Tuesday, July 11, 2000 3:36 PM
> > > To: lug at lug.boulder.co.us
> > > Subject: Re: [RE: [RE: [lug] Sending POP email thru firewall]]
> > >
> > >
> > > This doesn't work for MASQ'ing in general or when trying to send
> > > email thru
> > > the firewall?
> > >
> > > justin
> > >
> > > "George Sexton" <gsexton at mhsoftware.com> wrote:
> > > > Change:
> > > >
> > > > ipchains -A forward -i $EXTERNAL_INTERFACE -s $LOCALNET_1 -j MASQ
> > > >
> > > > to
> > > >
> > > > ipchains -A forward -s $LOCALNET_1 -j MASQ
> > > >
> > > > What you are attempting to do makes logical sense, but I know from
> > > > experience it doesn't work.
> > > >
> > > > I got bit severely by this a couple of weeks ago, and it took
> > > me a while to
> > > > get sorted out.
> > > >
> > > > George Sexton
> > > > MH Software, Inc.
> > > > Voice: 303 438 9585
> > > > http://www.mhsoftware.com
> > > >
> >
> >
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>
>
> ____________________________________________________________________
> Get your own FREE, personal Netscape WebMail account today at
http://webmail.netscape.com.

_______________________________________________
Web Page:  http://lug.boulder.co.us
Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug





More information about the LUG mailing list