[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ipmasq and howto

Hi, Matt --

On Thu, 30 Mar 2000 17:38:05 -0600, matt garman <garman@uiuc.edu> wrote:

> Perhaps I'm not making myself clear.  I just want to get IP Masquerading
> working on my Linux box.  So I read the IP Masquerading howto.  But I
> believe some steps outlined in the howto would be redundant given the
> packages I have installed on my computer.
>
> In other words, having installed ipmasq and other related Debian packages,
> do I still need to follow all the steps in the howto?

The answer seems to be, "Yes...sort of." :-)  See if this helps:

I've got a dial-up connection, and a 2-station LAN, with my brother's machine needing to dial out through the modem on my machine.  What appears to have been necessary to get this working included these steps:

 - ipmasq and ipchains are installed;
 - ip_masquerading is enabled in the kernel -- not sure why, but it wasn't enabled in the 2.2.14 kernel I had, and I had to compile one in which it was enabled.  I think it's possible I might've answered a question during installation that switched masquerading 'off', but I don't know for sure.  Whatever -- if you run ipmasq, you'll either get a message about masquerading not being enabled, or you won't, and can go from there.
 - forwarding policies are set to 'allow' -- the default on these, understandably, is 'deny', so you have to take active steps to get forwarding turned 'on'.  These commands do that across-the-board (leaving you wide open, so this is not a good final state to be in if you're hosting folks with a permanent connection, etc.):

     ipchains -P input ACCEPT
     ipchains -P output ACCEPT
     ipchains -P forward ACCEPT

 - also do:  

     echo "1" > /proc/sys/net/ipv4/ip_forward

 - and, yes:

     ipchains -A forward -s 10.0.0.30 -j MASQ

...with the IP to be masqueraded in place of the 10.0.0.30 I'm showing here.  

NOTE, all this is about using ipmasq with 2.2.14 and ipchains.  The HOW-TO instructions are (for the moment) confusing about this, since they mention ipfwadm, etc., and only if your eyes haven't yet glazed over do you locate the info at the -bottom- of the HOW-TO that mentions the "new" ipchains.

Helps...?

 -- Jeff --   <http://www.wellnow.com>

 "There's nothing left in the world to prove.  All that's worth doing
  is to love one another, using whatever means are available to serve."
Reply to: