Linux IP Masquerade HOWTO - The Linux Documentation Project
Linux IP Masquerade HOWTO - The Linux Documentation Project
Linux IP Masquerade HOWTO - The Linux Documentation Project
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
2.8. Requirements for <strong>IP</strong> <strong>Masquerade</strong> on <strong>Linux</strong> 2.0.x<br />
" ** Please refer to <strong>IP</strong> <strong>Masquerade</strong> Resource for the latest information. ** "<br />
• Any decent computer hardware. See Section 7.2 for more details.<br />
• <strong>The</strong> 2.0.x kernel source is available from http://www.kernel.org/.<br />
NOTE: Most modern <strong>Linux</strong> Section 7.1 that natively come with 2.0.x kernels are typically modular<br />
kernels and have all the <strong>IP</strong> <strong>Masquerade</strong> functionality already included. In such cases, there is no need<br />
to compile a new <strong>Linux</strong> kernel. If you are UPGRADING your kernel, you should be aware of other<br />
programs that might be required and/or need to be upgraded as well (mentioned later in this<br />
<strong>HOWTO</strong>).<br />
• Loadable kernel modules, preferably 2.1.85 or newer is available from<br />
http://home.pi.se/blox/modutils/index.html or ftp://ftp.kernel.org/pub/linux/utils/kernel/modutils<br />
(modules−1.3.57 is the minimal requirement)<br />
• A properly configured and running TCP/<strong>IP</strong> network running on the <strong>Linux</strong> machine as covered in<br />
<strong>Linux</strong> NET <strong>HOWTO</strong> and the Network Administrator's GuideAlso check out the TrinityOS document<br />
which is also authored by David Ranch. TrinityOS is a very comprehensive guide to <strong>Linux</strong><br />
networking. Topics include <strong>IP</strong> MASQ, security, DNS, DHCP, Sendmail, PPP, Diald, NFS,<br />
<strong>IP</strong>SEC−based VPNs, performance issues, and many more. <strong>The</strong>re exists over fifty sections in all!<br />
• Connectivity to the Internet for your <strong>Linux</strong> host is covered in <strong>Linux</strong> ISP Hookup <strong>HOWTO</strong>, <strong>Linux</strong><br />
PPP <strong>HOWTO</strong>, and TrinityOS. Other helpful <strong>HOWTO</strong>s could include: <strong>Linux</strong> DHCP mini−<strong>HOWTO</strong>,<br />
<strong>Linux</strong> Cable Modem mini−<strong>HOWTO</strong> and <strong>Linux</strong> DSL <strong>HOWTO</strong><br />
• Ipfwadm 2.3.0 or newer is available from http://www.xos.nl/linux/ipfwadm/download.html<br />
• More information on version requirements are on the <strong>Linux</strong> <strong>IP</strong>FWADM page<br />
• If you are interested in running <strong>IP</strong>CHAINS on a 2.0.x+ kernel, see Willy Tarreau's <strong>IP</strong>CHAINS<br />
enabler for 2.0.36+ or Rusty's <strong>IP</strong>CHAINS for 2.0.x kernels. Please note that these patches are NOT<br />
compatible with the <strong>IP</strong>PORTFW patches for the 2.0.x kernels. Unfortunately, its an either/or deal.<br />
• Know how to configure, compile, and install a new <strong>Linux</strong> kernel as described in the <strong>Linux</strong> Kernel<br />
<strong>HOWTO</strong>. This <strong>HOWTO</strong> does cover kernel compiling but only for <strong>IP</strong> <strong>Masquerade</strong> related options.<br />
Here is a list of <strong>IP</strong> Masquerading patches for 2.0.x kernels:<br />
• Steven Clarke's <strong>IP</strong> PortForwarding (<strong>IP</strong>PORTFW) − RECOMMENDED<br />
• <strong>IP</strong> AutoForward − NOT Recommended<br />
• REDIR for TCP (REDIR) − NOT Recommended unless required for internal PORTFW<br />
• UDP redirector (UDPRED) − NOT Recommended<br />
• PORTFWed FTP:<br />
•<br />
<strong>Linux</strong> <strong>IP</strong> <strong>Masquerade</strong> <strong>HOWTO</strong><br />
♦ If you are going to port forward FTP traffic to an internal FTP server, you might need to<br />
download Fred Viles's FTP server patch <strong>The</strong> reason for "might" is that some users have had<br />
success without the use of these pathches, while others need it. Explicit details on this topic<br />
can be found in Section 6.7 of this <strong>HOWTO</strong>.<br />
X−Windows display forwarders:<br />
♦ X−windows forwarding (DXCP)<br />
• PPTP (GRE) and SWAN (<strong>IP</strong>SEC) VPNs tunneling forwarders:<br />
♦ If you plan connecting an internal MASQed PC to a remote PPTP server, you MUST<br />
INSTALL the PPTP−<strong>Masquerade</strong> kernel patch available from the URLsbelow. If you plan on<br />
Chapter 2. Background Knowledge 11