Re: IP Masq

To: Paul Nathan Puri <publisher@ompages.com>
Cc: Debian User List <debian-user@lists.debian.org>
Subject: Re: IP Masq
From: Peter Ludwig <khan@one.net.au>
Date: Tue, 2 Mar 1999 18:39:27 +1000 (EST)
Message-id: <[🔎] Pine.LNX.3.96.990302183143.3575C-100000@midnight.ipxhome>
In-reply-to: <[🔎] Pine.LNX.3.96.990302002732.233A-100000@office>

On Tue, 2 Mar 1999, Paul Nathan Puri wrote:
> When you say 'set up ip forwarding,' do you mean on the gateway/host or
> the linux client?

On the client.  Depending on how your Internet Connection is established
(I use pon/poff myself) it may or may not setup a default route on the
gateway.host machine.

> I've followed the mini howto very closely, and feel quit close.  My
> machines ping each other no problem.  But my linux client will not reach
> the outside world.  I'm running 2.2.2 on both machines.  I think I need to
> add a route on my linux client that says my gateway is 192.168.1.1, but
> "route add" doesn't work, but the howto is RH specific and I don't have
> the file: /etc/sysconfig/network-scripts/ifcfg-eth0.

Yeah, I had a problem with understanding how the ipforwarding worked when
reading the howto's myself.. that's why I use dotfile-ipfwadm I can then
just point and click <grin> (I hope that's a microsoft trademark, because
if it is...).  Anyhow, after allowing IP Masquerading I used
dotfile-ipfwadm and well, the system worked fine.

The Client machine needs to have it's default gateway set as your
gateway/host machine.  Oops... forgot an important detail before, you'll
need to allow the IP number for your client machine as part of the allowed
systems in your hosts.allow file for portmap:

Example from my system :-
<start of file>
# /etc/hosts.allow: list of hosts that are allowed to access the system.
#                   See the manual pages hosts_access(5), hosts_options(5)
#                   and /usr/doc/netbase/portmapper.txt.gz
#
# Example:    ALL: LOCAL @some_netgroup
#             ALL: .foobar.edu EXCEPT terminalserver.foobar.edu
#
# If you're going to protect the portmapper use the name "portmap" for the
# daemon name. Remember that you can only use the keyword "ALL" and IP
# addresses (NOT host or domain names) for the portmapper. See portmap(8)
# and /usr/doc/netbase/portmapper.txt.gz for further information.
#
portmap: 192.168.1.0/255.255.255.0 192.168.1.2/255.255.255.0
<end of file>

Also make sure (for security purposes, you don't want somebody playing
with your system from outside, i.e. the internet) that you have the
hosts.deny set similar to the file below

<start of file>
# /etc/hosts.deny: list of hosts that are _not_ allowed to access the
system.
#                  See the manual pages hosts_access(5), hosts_options(5)
#                  and /usr/doc/netbase/portmapper.txt.gz
#
# Example:    ALL: some.host.name, .some.domain
#             ALL EXCEPT in.fingerd: other.host.name, .other.domain
#
# If you're going to protect the portmapper use the name "portmap" for the
# daemon name. Remember that you can only use the keyword "ALL" and IP
# addresses (NOT host or domain names) for the portmapper. See portmap(8)
# and /usr/doc/netbase/portmapper.txt.gz for further information.
#
# The PARANOID wildcard matches any host whose name does not match its
# address.
portmap: ALL

<end of file>

These files are VERY important, without them setup correctly, no matter
what I did I couldn't do anything.

For your information portmap refers to the gateway/hosts DNS server, and
the above files should be on the gateway/host.

Hope this helps,
	Peter Ludwig

Reply to:

Follow-Ups:
- Re: IP Masq
  - From: Torsten Landschoff <t.landschoff@gmx.net>

References:
- Re: IP Masq
  - From: Paul Nathan Puri <publisher@ompages.com>

Prev by Date: Re: Help please
Next by Date: Setup ethernet connection
Previous by thread: Re: IP Masq
Next by thread: Re: IP Masq
Index(es):
- Date
- Thread