Chapter 7. Frequently Asked Questions
- Table of Contents
- 7.1. ( Distro ) - What Linux Distributions support IP Masquerading?
- 7.2. ( Requirements ) - What are the minimum hardware requirements and any
limitations for IP Masquerade? How well does it perform?
- 7.3. ( Errors ) - When I run my specific rc.firewall-* ruleset, I get
"command not found" errors.
- 7.4. ( Still wont work ) - I've checked all my configurations, I still can't get IP Masquerade to
work. What should I do?
- 7.5. ( Email list ) - How do I join or view the IP Masquerade and/or IP Masqurade Developers
mailing lists and archives?
- 7.6. ( NAT vs. Proxy ) - How does IP Masquerade differ from Proxy or NAT services?
- 7.7. ( GUI ) - Are there any GUI firewall creation/management tools?
- 7.8. ( MASQ and Dynamic IPs ) - Does IP Masquerade work with dynamically
assigned IP addresses?
- 7.9. ( MASQ and various networks ) - Can I use a cable modem (both
bi-directional and with modem returns), DSL, satellite link, etc. to connect
to the Internet and use IP Masquerade?
- 7.10. ( Dial on Demand ) - Can I use Diald or the Dial-on-Demand feature of
PPPd with IP MASQ?
- 7.11. ( Apps ) - What applications are supported with IP Masquerade?
- 7.12. ( Distro Setup ) - How can I get IP Masquerade running on Redhat,
Debian, Slackware, etc.?
- 7.13. ( Timeouts ) - Connections seem to break if I don't use them often.
Why is that?
- 7.14. ( Odd Behavior ) - When my Internet connection first comes up, nothing
works. If I try again, everything then works fine. Why is this?
- 7.15. ( MTU ) - IP MASQ seems to be working fine but some sites don't work.
This usually happens with WWW and some FTP sites.
- 7.15.1. Enabling PMTU Clamping for PPPoE and some PPP Users:
- 7.15.2. Clamping the MSS via IPTABLES:
- 7.15.3. Changing the External MTU of the MASQ server:
- 7.15.4. Changing the MTU of various operating systems:
- 188.8.131.52. Changing the MTU on Linux:
- 184.108.40.206. Changing the MTU on MS Windows 2000
- 220.127.116.11. Changing the MTU on MS Windows NT 4.x
- 18.104.22.168. Changing the MTU on MS Windows 98:
- 22.214.171.124. Changing the MTU on MS Windows 95:
- 7.16. ( FTP ) - MASQed FTP clients don't work.
- 7.17. ( Performance ) - IP Masquerading seems slow
- 7.18. ( PORTFW ) - IP Masquerading with PORTFWing seems to break when my line
is idle for long periods
- 7.19. ( PORTFW - Locally ) - I can't reach my PORTFWed server from the INTERNAL lan
- 7.20. ( Logs ) - Now that I have IP Masquerading up, I'm getting all sorts of weird
notices and errors in the SYSLOG log files. How do I read the IPTABLES/IPCHAINS/IPFWADM
- 7.21. ( Log Reduction ) - My logs are filling up with packet hits due to the
new "stronger" rulesets. How can I fix this?
- 7.22. ( MASQ Security ) - Can I configure IP MASQ to allow Internet users to
directly contact internal MASQed servers?
- 7.23. ( Free Ports ) - I'm getting "kernel: ip_masq_new(proto=UDP): no free ports." in my
SYSLOG files. Whats up?
- 7.24. ( SETSOCKOPT ) - I'm getting "ipfwadm: setsockopt failed: Protocol not
available" when I try to use IPPORTFW!
- 7.25. ( SAMBA ) - Microsoft File and Print Sharing and Microsoft Domain clients
don't work through IP Masq!
- 7.26. ( IDENT ) - IRC won't work properly for MASQed IRC users. Why?
- 7.27. ( IRC DCC ) - mIRC doesn't work with DCC Sends
- 7.28. ( IP Aliasing ) - Can IP Masquerade work with only ONE Ethernet network card?
- 7.29. ( Multiple-LANs ) - I have two MASQed LANs but they cannot communicate with
- 7.30. ( SHAPING ) - I want to be able to limit the speed of specific types of
- 7.31. ( ACCOUNTING ) - I need to do accounting on who is using the network
- 7.32. ( MULTIPLE IPs - DMZ segments) - I have several EXTERNAL IP addresses that I want to
PORTFW to several internal machines. How do I do this?
- 7.33. ( 1:1 NAT ) - I'd like to do 1:1 NAT but I can't figure out how to do it
- 7.34. ( Netstat ) - I'm trying to use the NETSTAT command to show my Masqueraded
connections but its not working
- 7.35. ( VPNs ) - I would like to get Microsoft PPTP (GRE tunnels) and/or
IPSEC (Linux SWAN) tunnels running through IP MASQ
- 7.36. ( Games ) - I want to get the XYZ network game to work through IP MASQ but it won't
- 7.37. ( Stops working ) - IP MASQ works fine for a while but then it stops working. A reboot
seems to fix this. Why?
- 7.38. ( SMTP Relay ) - Internal MASQed computers cannot send SMTP or POP-3 mail!
- 7.39. ( Source Routing ) - I need different internal MASQed networks to exit
on different external IP addresses
- 7.40. ( IPCHAINS rulesets on 2.4.x kernels ) - What the ipchains.o module can
do on 2.4.x kernels
- 7.41. ( IPTABLES vs. IPCHAINS vs. IPFWADM ) - Why do the 2.4.x, 2.2.x,
and 2.0.x kernels use different firewall systems?
- 7.42. ( Upgrades ) - I've just upgraded to the x.y.z kernel, why isn't IP
- 7.43. ( EQL ) - I need help with EQL connections and IP Masq
- 7.44. ( Wussing out ) - I can't get IP Masquerade to work! What options do I
have for Windows Platforms?
- 7.45. ( Developers ) - I want to help with IP Masquerade development. What
can I do?
- 7.46. ( More INFO ) - Where can I find more information on IP Masquerade?
- 7.47. ( Translators ) - I want to translate this HOWTO to another language,
what should I do?
- 7.48. ( Updates ) - This HOWTO seems out of date, are you still maintaining
it? Can you include more information on ...? Are there any plans for making
- 7.49. ( Thanks ) - I got IP Masquerade working, it's great! I want to thank
you guys, what can I do?
If you can think of any useful FAQ suggestions, please send it to
clearly state the question and an appropriate answer (if you have it). Thank