[fw-wiz] Transparent Proxy and IPChains

Jason L. Esman jesman@edpm.com
Wed, 19 Apr 2000 14:13:16 -0500


IP: always defragment is not an option in the kernel configuration. I am
using 2.2.14 I've tried this and it still isn't working. I am now hunting
through all my rules to see if I missed something. I have everything else
listed below right except for the IP: always defragment
Jason L. Esman


-----Original Message-----
From: Ryan Russell [mailto:ryan@securityfocus.com]
Sent: Wednesday, April 19, 2000 1:20 PM
To: Jason L. Esman
Cc: firewall-wizards@nfr.net
Subject: Re: [fw-wiz] Transparent Proxy and IPChains


Pardon me asking the obvious...

Have you checked out:
http://squid.nlanr.net/Squid/FAQ/FAQ-17.html#ss17.7

(Never done it myself.. but i was curious, and went looking.  That's what
I found.)

This seems relevent, and I don't think you said if you had it on:

"You must include the IP: always defragment, otherwise it prevents you
from using the REDIRECT chain."

And perhaps:

"Also, Andrew Shipton notes that with 2.0.x kernels you don't
need to enable packet forwarding, but with the 2.1.x and 2.2.x kernels
using ipchains you do. Packet forwarding is enabled with the following
command:

        echo 1 > /proc/sys/net/ipv4/ip_forward"

Though I suspect if IPChains is working otherwise, this is already the
case.

					Ryan