Re: Setting up IP mascarading.
Shaya Potter said:
> All my experience with linux networking has either been plain lans or
> just setting up PPP. I am sure I need to role my own kernel with things
> like IP mascarading, but do I also need firewalling and ip-forwarding.
There is a IP-Masquerading mini-HOWTO on suniste.unc.edu, I believe. You need
to compile a kernel with "CONFIG_EXPERIMENTAL=y", "CONFIG_FIREWALL=y",
"CONFIG_IP_FORWARD=y", "CONFIG_IP_FIREWALL=y", and "CONFIG_IP_MASQUERADE=y".
Then, setup the masquerading with:
# default policy deny forwarding (to prevent any packets from "escaping"
/sbin/ipfwadm -F -p deny
# allow forwarding on the local net (in case you have any PPP connections
# via null-modem or modem)
/sbin/ipfwadm -F -a accept -S localnet/24 -D localnet/24
# masquerade anything from the localnet
/sbin/ipfwadm -F -a masquerade -S localnet/24 -D 0.0.0.0/0
# to allow ftp to work (there are also irc and realaudio modules)
/sbin/modprobe ip_masq_ftp
# add this if you have any microslop boxes (there is a bug in them which
# will bring your ISP connection up every 7-10minutes if you don't add this)
/sbin/ipfwadm -I -a deny -S localnet/24 netbios-ns -D <this_host> domain -P udp
--
Scott Barker
Linux Consultant
scott@galileo.cuug.ab.ca
http://www.cuug.ab.ca:8001/~barkers/ (under construction)
[ I try to reply to all e-mail within 3 days. If you don't ]
[ get a response by then, I probably didn't get your e-mail. ]
[ Unsolicited commercial and junk e-mail will be proof-read for US$100 ]
"Learning from one's own experience is even more impractical if the injury is
a very serious one. In the extreme case of a fatal accident, of course, the
learning experience might be profound, but the learning curve is abruptly
truncated."
- Victor Goldberg (1974)
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-REQUEST@lists.debian.org . Trouble? e-mail to Bruce@Pixar.com
Reply to: