Linux IP Masquerade HOWTO - The Linux Documentation Project
Linux IP Masquerade HOWTO - The Linux Documentation Project
Linux IP Masquerade HOWTO - The Linux Documentation Project
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Linux</strong> <strong>IP</strong> <strong>Masquerade</strong> <strong>HOWTO</strong><br />
Table of Contents<br />
Chapter 7. Frequently Asked Questions<br />
7.10. ( Dial on Demand ) − Can I use Diald or the Dial−on−Demand feature of PPPd with <strong>IP</strong><br />
MASQ?...............................................................................................................................................124<br />
7.11. ( Apps ) − What applications are supported with <strong>IP</strong> <strong>Masquerade</strong>?............................................124<br />
7.12. ( Distro Setup ) − How can I get <strong>IP</strong> <strong>Masquerade</strong> running on Redhat, Debian, Slackware,<br />
etc.?.....................................................................................................................................................125<br />
7.13. ( Timeouts ) − Connections seem to break if I don't use them often. Why is that?....................125<br />
7.14. ( Odd Behavior ) − When my Internet connection first comes up, nothing works. If I try<br />
again, everything then works fine. Why is this?.................................................................................125<br />
7.15. ( MTU ) − <strong>IP</strong> MASQ seems to be working fine but some sites don't work. This usually<br />
happens with WWW and some FTP sites..........................................................................................126<br />
7.15.1. Enabling PMTU Clamping for PPPoE and some PPP Users:...........................................127<br />
7.15.2. Clamping the MSS via <strong>IP</strong>TABLES:..................................................................................127<br />
7.15.3. Changing the External MTU of the MASQ server:..........................................................128<br />
7.15.4. Changing the MTU of various operating systems:............................................................128<br />
7.16. ( FTP ) − MASQed FTP clients don't work................................................................................132<br />
7.17. ( Performance ) − <strong>IP</strong> Masquerading seems slow........................................................................132<br />
7.18. ( PORTFW ) − <strong>IP</strong> Masquerading with PORTFWing seems to break when my line is idle<br />
for long periods...................................................................................................................................134<br />
7.19. ( PORTFW − Locally ) − I can't reach my PORTFWed server from the INTERNAL lan........134<br />
7.20. ( Logs ) − Now that I have <strong>IP</strong> Masquerading up, I'm getting all sorts of weird notices and<br />
errors in the SYSLOG log files. How do I read the <strong>IP</strong>TABLES/<strong>IP</strong>CHAINS/<strong>IP</strong>FWADM firewall<br />
errors?.................................................................................................................................................135<br />
7.21. ( Log Reduction ) − My logs are filling up with packet hits due to the new "stronger"<br />
rulesets. How can I fix this?................................................................................................................140<br />
7.22. ( MASQ Security ) − Can I configure <strong>IP</strong> MASQ to allow Internet users to directly contact<br />
internal MASQed servers?..................................................................................................................140<br />
7.23. ( Free Ports ) − I'm getting "kernel: ip_masq_new(proto=UDP): no free ports." in my<br />
SYSLOG files. Whats up?..................................................................................................................140<br />
7.24. ( SETSOCKOPT ) − I'm getting "ipfwadm: setsockopt failed: Protocol not available"<br />
when I try to use <strong>IP</strong>PORTFW!............................................................................................................141<br />
7.25. ( SAMBA ) − Microsoft File and Print Sharing and Microsoft Domain clients don't work<br />
through <strong>IP</strong> Masq!................................................................................................................................141<br />
7.26. ( IDENT ) − IRC won't work properly for MASQed IRC users. Why?.....................................142<br />
7.27. ( IRC DCC ) − mIRC doesn't work with DCC Sends.................................................................142<br />
7.28. ( <strong>IP</strong> Aliasing ) − Can <strong>IP</strong> <strong>Masquerade</strong> work with only ONE Ethernet network card?.................142<br />
7.29. ( Multiple−LANs ) − I have two MASQed LANs but they cannot communicate with each<br />
other!...................................................................................................................................................143<br />
7.30. ( SHAPING ) − I want to be able to limit the speed of specific types of traffic.........................143<br />
7.31. ( ACCOUNTING ) − I need to do accounting on who is using the network.............................143<br />
7.32. ( MULT<strong>IP</strong>LE <strong>IP</strong>s − DMZ segments) − I have several EXTERNAL <strong>IP</strong> addresses that I<br />
want to PORTFW to several internal machines. How do I do this?...................................................144<br />
7.33. ( 1:1 NAT ) − I'd like to do 1:1 NAT but I can't figure out how to do it....................................145<br />
7.34. ( Netstat ) − I'm trying to use the NETSTAT command to show my <strong>Masquerade</strong>d<br />
connections but its not working..........................................................................................................146<br />
7.35. ( VPNs ) − I would like to get Microsoft PPTP (GRE tunnels) and/or <strong>IP</strong>SEC (<strong>Linux</strong><br />
SWAN) tunnels running through <strong>IP</strong> MASQ.......................................................................................146<br />
7.36. ( Games ) − I want to get the XYZ network game to work through <strong>IP</strong> MASQ but it won't<br />
iii