Chapter 7. Frequently Asked Questions

Table of Contents
7.1. ( Distro ) - What Linux Distributions support IP Masquerading?
7.2. ( Requirements ) - What are the minimum hardware requirements and any limitations for IP Masquerade? How well does it perform?
7.3. ( Errors ) - When I run my specific rc.firewall-* ruleset, I get "command not found" errors. Why?
7.4. ( Still wont work ) - I've checked all my configurations, I still can't get IP Masquerade to work. What should I do?
7.5. ( Email list ) - How do I join or view the IP Masquerade and/or IP Masqurade Developers mailing lists and archives?
7.6. ( NAT vs. Proxy ) - How does IP Masquerade differ from Proxy or NAT services?
7.7. ( GUI ) - Are there any GUI firewall creation/management tools?
7.8. ( MASQ and Dynamic IPs ) - Does IP Masquerade work with dynamically assigned IP addresses?
7.9. ( MASQ and various networks ) - Can I use a cable modem (both bi-directional and with modem returns), DSL, satellite link, etc. to connect to the Internet and use IP Masquerade?
7.10. ( Dial on Demand ) - Can I use Diald or the Dial-on-Demand feature of PPPd with IP MASQ?
7.11. ( Apps ) - What applications are supported with IP Masquerade?
7.12. ( Distro Setup ) - How can I get IP Masquerade running on Redhat, Debian, Slackware, etc.?
7.13. ( Timeouts ) - Connections seem to break if I don't use them often. Why is that?
7.14. ( Odd Behavior ) - When my Internet connection first comes up, nothing works. If I try again, everything then works fine. Why is this?
7.15. ( MTU ) - IP MASQ seems to be working fine but some sites don't work. This usually happens with WWW and some FTP sites.
7.15.1. Enabling PMTU Clamping for PPPoE and some PPP Users:
7.15.2. Clamping the MSS via IPTABLES:
7.15.3. Changing the External MTU of the MASQ server:
7.15.4. Changing the MTU of various operating systems:
7.16. ( FTP ) - MASQed FTP clients don't work.
7.17. ( Performance ) - IP Masquerading seems slow
7.18. ( PORTFW ) - IP Masquerading with PORTFWing seems to break when my line is idle for long periods
7.19. ( PORTFW - Locally ) - I can't reach my PORTFWed server from the INTERNAL lan
7.20. ( Logs ) - Now that I have IP Masquerading up, I'm getting all sorts of weird notices and errors in the SYSLOG log files. How do I read the IPTABLES/IPCHAINS/IPFWADM firewall errors?
7.21. ( Log Reduction ) - My logs are filling up with packet hits due to the new "stronger" rulesets. How can I fix this?
7.22. ( MASQ Security ) - Can I configure IP MASQ to allow Internet users to directly contact internal MASQed servers?
7.23. ( Free Ports ) - I'm getting "kernel: ip_masq_new(proto=UDP): no free ports." in my SYSLOG files. Whats up?
7.24. ( SETSOCKOPT ) - I'm getting "ipfwadm: setsockopt failed: Protocol not available" when I try to use IPPORTFW!
7.25. ( SAMBA ) - Microsoft File and Print Sharing and Microsoft Domain clients don't work through IP Masq!
7.26. ( IDENT ) - IRC won't work properly for MASQed IRC users. Why?
7.27. ( IRC DCC ) - mIRC doesn't work with DCC Sends
7.28. ( IP Aliasing ) - Can IP Masquerade work with only ONE Ethernet network card?
7.29. ( Multiple-LANs ) - I have two MASQed LANs but they cannot communicate with each other!
7.30. ( SHAPING ) - I want to be able to limit the speed of specific types of traffic
7.31. ( ACCOUNTING ) - I need to do accounting on who is using the network
7.32. ( MULTIPLE IPs - DMZ segments) - I have several EXTERNAL IP addresses that I want to PORTFW to several internal machines. How do I do this?
7.33. ( 1:1 NAT ) - I'd like to do 1:1 NAT but I can't figure out how to do it
7.34. ( Netstat ) - I'm trying to use the NETSTAT command to show my Masqueraded connections but its not working
7.35. ( VPNs ) - I would like to get Microsoft PPTP (GRE tunnels) and/or IPSEC (Linux SWAN) tunnels running through IP MASQ
7.36. ( Games ) - I want to get the XYZ network game to work through IP MASQ but it won't work. Help!
7.37. ( Stops working ) - IP MASQ works fine for a while but then it stops working. A reboot seems to fix this. Why?
7.38. ( SMTP Relay ) - Internal MASQed computers cannot send SMTP or POP-3 mail!
7.39. ( Source Routing ) - I need different internal MASQed networks to exit on different external IP addresses
7.40. ( IPCHAINS rulesets on 2.4.x kernels ) - What the ipchains.o module can do on 2.4.x kernels
7.41. ( IPTABLES vs. IPCHAINS vs. IPFWADM ) - Why do the 2.4.x, 2.2.x, and 2.0.x kernels use different firewall systems?
7.42. ( Upgrades ) - I've just upgraded to the x.y.z kernel, why isn't IP Masquerade working?
7.43. ( EQL ) - I need help with EQL connections and IP Masq
7.44. ( Wussing out ) - I can't get IP Masquerade to work! What options do I have for Windows Platforms?
7.45. ( Developers ) - I want to help with IP Masquerade development. What can I do?
7.46. ( More INFO ) - Where can I find more information on IP Masquerade?
7.47. ( Translators ) - I want to translate this HOWTO to another language, what should I do?
7.48. ( Updates ) - This HOWTO seems out of date, are you still maintaining it? Can you include more information on ...? Are there any plans for making this better?
7.49. ( Thanks ) - I got IP Masquerade working, it's great! I want to thank you guys, what can I do?

If you can think of any useful FAQ suggestions, please send it to dranch@trinnet.net. Please clearly state the question and an appropriate answer (if you have it). Thank you!