Linux IP Masquerade HOWTO - The Linux Documentation Project
Linux IP Masquerade HOWTO - The Linux Documentation Project
Linux IP Masquerade HOWTO - The Linux Documentation Project
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>HOWTO</strong>. Please see the this FAQ section in the <strong>HOWTO</strong> for additional<br />
information.<br />
* <strong>IP</strong>: ip fwmark masq−forwarding support (EXPERIMENTAL) (CONFIG_<strong>IP</strong>_MASQUERADE_MFW) [Y/m/n/?] y<br />
− OPTIONAL: This is a NEW method of performing PORTFW−like functionality which is<br />
similar to how the new 2.4.x kernels do things. With this option, <strong>IP</strong>CHAINS<br />
can mark packets that should have additional work done upon it. Using a<br />
UserSpace tool, much like <strong>IP</strong>MASQADM or <strong>IP</strong>PORFW, <strong>IP</strong>CHAINS would then<br />
do things like re−address the packets, change their TOS value, etc.<br />
Currently, this code is less tested than PORTFW but it looks promising.<br />
For now, this <strong>HOWTO</strong> recommends to use <strong>IP</strong>MASQADM and <strong>IP</strong>PORTFW. If you<br />
have specific thoughts or comments on MFW, please email dranch.<br />
* <strong>IP</strong>: optimize as a router not host (CONFIG_<strong>IP</strong>_ROUTER) [Y/n/?] y<br />
− YES: This optimizes the kernel for the network subsystem, though it<br />
isn't well known if this makes a siginificant performance difference<br />
or not.<br />
== Non−MASQ options skipped<br />
== ( autoconf, tunneling, GRE )<br />
* <strong>IP</strong>: multicast routing (CONFIG_<strong>IP</strong>_MROUTE) [N/y/?] n<br />
− OPTIONAL: Though not needed for <strong>IP</strong>MASQ, enabling this feature will<br />
let you route multicast traffic through your <strong>Linux</strong> box.<br />
Please note that this requires that your ISP be multicast<br />
enabled as well.<br />
== Non−MASQ options skipped<br />
== (Aliasing, ARPd)<br />
* <strong>IP</strong>: TCP syncookie support (disabled per default) (CONFIG_SYN_COOKIES) [Y/n/?]<br />
− YES: Recommended : for basic TCP/<strong>IP</strong> network security<br />
* <strong>IP</strong>: GRE tunnels over <strong>IP</strong> (CONFIG_NET_<strong>IP</strong>GRE) [N/y/m/?]<br />
− NO: This OPTIONAL selection is to enable PPTP and GRE tunnels through<br />
the <strong>IP</strong> MASQ box<br />
== Non−MASQ options skipped<br />
== (aliasing, ARPd)<br />
* <strong>IP</strong>: TCP syncookie support (not enabled per default) (CONFIG_SYN_COOKIES) [Y/n/?]<br />
− YES: HIGHLY recommended for basic TCP/<strong>IP</strong> network security<br />
== Non−MASQ options skipped<br />
== (RARP)<br />
* <strong>IP</strong>: Allow large windows (not recommended if