Linux IP Masquerade HOWTO - The Linux Documentation Project
Linux IP Masquerade HOWTO - The Linux Documentation Project
Linux IP Masquerade HOWTO - The Linux Documentation Project
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
== Non−MASQ options skipped<br />
== (I2C, Watchdog cards, Ftape, Video for <strong>Linux</strong>, etc. )<br />
[ File systems ]<br />
== Non−MASQ options skipped<br />
== (Quota, ISO9660, NTFS, etc )<br />
* /proc filesystem support (CONFIG_PROC_FS) [Y/n/?]<br />
− YES: Required to dynamically configure the <strong>Linux</strong> forwarding<br />
and NATing systems<br />
== Non−MASQ options skipped<br />
== (Console drivers, Sound, USB, Kernel Hacking)<br />
So go ahead and select "exit" and you should be prompted to save your config.<br />
NOTE: <strong>The</strong>se are just the kernel components you need for <strong>IP</strong> <strong>Masquerade</strong> networking support. You will need<br />
to select whatever other options needed for your specific setup. If you want more information on what each<br />
one of these kernel modules does, please see the FAQ section of this <strong>HOWTO</strong> for details.<br />
• Now compile the kernel (make dep; make clean; make bzImage; make modules; make<br />
modules_install) , etc. Again, it is beyond the scope of this <strong>HOWTO</strong> if you have problems compiling<br />
your kernel. Please see Section 2.6 for URLs to the KERNEL howto, etc.<br />
• You will then have move over the kernel binary, update your bootloader (LILO, Grub, etc.), and<br />
reboot. If you have questions about kernel compiling, I highly recommend to consult some of the<br />
URLs mentioned above in this section.<br />
3.2.2. Compiling <strong>Linux</strong> 2.2.x Kernels<br />
Please see Section 2.7 for any required software, patches, etc.<br />
• First of all, you need the kernel source for 2.2.x (preferably the latest kernel version)<br />
•<br />
♦ NOTE #1: −−− UPDATE YOUR KERNEL −−− <strong>Linux</strong> 2.2.x kernels less than version 2.2.20<br />
contain several different security vulnerabilities (some were MASQ specific). Kernels less<br />
than 2.2.20 have a few local vulnerabilities. Kernel versions less than 2.2.16 have a TCP root<br />
exploit vulnerability and versions less than 2.2.11 have a <strong>IP</strong>CHAINS fragmentation bug.<br />
Because of these issues, users running a firewall with strong <strong>IP</strong>CHAINS rulesets are open to<br />
possible instrusion. Please upgrade your kernel to a fixed version.<br />
♦ NOTE #2: As the 2.2.x train progressed, the compile−time options keep on changing. As of<br />
this version, this section reflects the settings for a 2.2.20 kernel.<br />
If you are running either a newer or older kernel version, the dialogs will look different. It is<br />
recommended that you update to the newest kernel for added capability and stability of the<br />
system.<br />
<strong>Linux</strong> <strong>IP</strong> <strong>Masquerade</strong> <strong>HOWTO</strong><br />
If this is your first time compiling the kernel, don't be scared. In fact, it's rather easy and it's covered<br />
in several URLs found in Section 2.7. Please note that the instructions included here is just one way to<br />
do build a kernel. Please see the Kernel <strong>HOWTO</strong> for full details.<br />
Chapter 3. Setting Up <strong>IP</strong> <strong>Masquerade</strong> 25