Re: IP Masquerading
"Michael Legart" <120010307627@post5.tele.dk> writes:
> > Now I'm working on IP Masquerading (finally!) and in the HOWTO, there is a
> > command called "ipfwadm". I can't figure out what package it is under (and
> > it curently doesn't exist on my system)
>
> A little question ... do you have to use ipfwadn to use ip
> masquerading ? - It is for use on a network, just for a weekend (at a
> little party)
You could probably write the commands into /proc/net/forward yourself,
but the only way I can think of to work out how to format them is to
look at either the kernel or ipfwadm source code.
It's really quite simple. I put the following in /etc/init.d/ipfwadm
and ran update-rc.d on it. It probably doesn't do exactly what it
should, but it works for me. My "local network" is my old computer
(192.168.117.1) and the one I'm using now (192.168.117.2).
-----
#! /bin/sh
#
# ipfwadm
#
# Set up and bring down IP firewalling and masquerading.
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
NAME=ipfwadm
DESC="IP firewalling and masquerading"
test -x /sbin/ipfwadm || exit 0
set -e
case "$1" in
start)
echo -n "Starting $DESC: "
# Forwarding: local network to anywhere, masqueraded.
ipfwadm -F -p deny
ipfwadm -F -f
ipfwadm -F -a m -S 192.168.117.0/24 -D 0.0.0.0/0
# Input sanity checks:
# Lose packets from local network on PPP connection.
# Lose packets from 127.*, except 127.0.0.1 on lo.
# (Hmm. Do I have to do this explicitly?)
ipfwadm -I -f
ipfwadm -I -a d -S 192.168.117.0/24 -D 0.0.0.0/0 -W ppp0
ipfwadm -I -a a -S 127.0.0.1/32 -D 127.0.0.1/32 -W lo
ipfwadm -I -a d -S 127.0.0.0/8 -D 0.0.0.0/0
echo done.
;;
stop)
echo -n "Stopping $DESC: "
ipfwadm -F -f
ipfwadm -I -f
echo done.
;;
*)
echo "Usage: /etc/init.d/$NAME {start|stop}"
exit 1
;;
esac
exit 0
-----
--
Carey Evans <*> http://home.clear.net.nz/pages/c.evans/
kernel: Warning: possible SYN flooding. Sending cookies.
kernel: validated probe(100007f, 100007f, 11557, 5010, -1645409555)
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . Trouble?
e-mail to templin@bucknell.edu .
Reply to: