[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: IP Masquerading

"Michael Legart" <120010307627@post5.tele.dk> writes:

> > Now I'm working on IP Masquerading (finally!) and in the HOWTO, there is a 
> > command called "ipfwadm". I can't figure out what package it is under (and 
> > it curently doesn't exist on my system)
> A little question ... do you have to use ipfwadn to use ip 
> masquerading ? - It is for use on a network, just for a weekend (at a 
> little party)

You could probably write the commands into /proc/net/forward yourself,
but the only way I can think of to work out how to format them is to
look at either the kernel or ipfwadm source code.

It's really quite simple.  I put the following in /etc/init.d/ipfwadm
and ran update-rc.d on it.  It probably doesn't do exactly what it
should, but it works for me.  My "local network" is my old computer
( and the one I'm using now (

#! /bin/sh
# ipfwadm
# Set up and bring down IP firewalling and masquerading.

DESC="IP firewalling and masquerading"

test -x /sbin/ipfwadm || exit 0

set -e

case "$1" in
    echo -n "Starting $DESC: "
      # Forwarding: local network to anywhere, masqueraded.
      ipfwadm -F -p deny
      ipfwadm -F -f
      ipfwadm -F -a m -S -D
      # Input sanity checks:
      #   Lose packets from local network on PPP connection.
      #   Lose packets from 127.*, except on lo.
      #     (Hmm. Do I have to do this explicitly?)
      ipfwadm -I -f
      ipfwadm -I -a d -S -D -W ppp0
      ipfwadm -I -a a -S -D -W lo
      ipfwadm -I -a d -S -D
    echo done.
    echo -n "Stopping $DESC: "
      ipfwadm -F -f
      ipfwadm -I -f
    echo done.
    echo "Usage: /etc/init.d/$NAME {start|stop}"
    exit 1

exit 0

      Carey Evans  <*>  http://home.clear.net.nz/pages/c.evans/

kernel: Warning: possible SYN flooding. Sending cookies. 
kernel: validated probe(100007f, 100007f, 11557, 5010, -1645409555) 

TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . Trouble? 
e-mail to templin@bucknell.edu .

Reply to: