Re: ip masquerading
On Fri, Mar 31, 2000 at 06:48:19PM +0200, Philip Lehman wrote:
>
> I'm trying to set up IP masquerading on a slink/potato box which is
> supposed to route the traffic on my home LAN over an ISDN dial-up
> line. I have to admit that I have no experience with advanced
> networking of this kind.
>
> I read the IP masquerading HOWTO. It suggests a sample "rc.firewall"
> script to set up masquerading and simple firewalling. It appears to me
> that this interferes with the /etc/init.d/* scripts used by related
> Debian packages, and I'd rather do it the Debian way.
>
I would recommend installing the ipmasq package, which is reasonably
smart and will usually set up IP masquerading for you automatically.
> rc.firewall wants to run:
> # echo "1" > /proc/sys/net/ipv4/ip_forward
> # echo "1" > /proc/sys/net/ipv4/ip_dynaddr
>
> I haven't found this in any other script in /etc/init.d/*. What's the
> default way to do this? Write my own script?
>
Yes.
> And it wants to run:
> # /sbin/ipfwadm -F -p deny
> # /sbin/ipfwadm -F -a m -S 192.168.0.0/24 -D 0.0.0.0/0
>
> I guess this is what /etc/init.d/ipmasq is for, but I'm feeling lost
> as far as the configuration is concerned. The postinstall script asked
> for the client IPs on the LAN and I entered that, but where is this
> stored? Do I have to do anything in addition to that, or can I rely on
> the defaults? I don't need anything fancy, but the setup should be
> halfway secure.
>
Have a look in /etc/ipmasq directory.
If you are running slink, you may want to install the ipmasq from
potato, which may be a bit smarter.
Pete
Reply to: