Linux IP Masquerade HOWTO - The Linux Documentation Project

More documents

Recommendations

Info

Linux IP Masquerade HOWTO #Load the main body of the IPTABLES module − "iptable" # − Loaded automatically when the "iptables" command is invoked # # − Loaded manually to clean up kernel auto−loading timing issues # echo −en "ip_tables, " $MODPROBE ip_tables #Load the IPTABLES filtering module − "iptable_filter" # − Loaded automatically when filter policies are activated #Load the stateful connection tracking framework − "ip_conntrack" # # The conntrack module in itself does nothing without other specific # conntrack modules being loaded afterwards such as the "ip_conntrack_ftp" # module # # − This module is loaded automatically when MASQ functionality is # enabled # # − Loaded manually to clean up kernel auto−loading timing issues # echo −en "ip_conntrack, " $MODPROBE ip_conntrack #Load the FTP tracking mechanism for full FTP tracking # # Enabled by default −− insert a "#" on the next line to deactivate # echo −en "ip_conntrack_ftp, " $MODPROBE ip_conntrack_ftp #Load the IRC tracking mechanism for full IRC tracking # # Enabled by default −− insert a "#" on the next line to deactivate # echo −en "ip_conntrack_irc, " $MODPROBE ip_conntrack_irc #Load the general IPTABLES NAT code − "iptable_nat" # − Loaded automatically when MASQ functionality is turned on # # − Loaded manually to clean up kernel auto−loading timing issues # echo −en "iptable_nat, " $MODPROBE iptable_nat #Loads the FTP NAT functionality into the core IPTABLES code # Required to support non−PASV FTP. # # Enabled by default −− insert a "#" on the next line to deactivate # echo −en "ip_nat_ftp, " $MODPROBE ip_nat_ftp Chapter 3. Setting Up IP Masquerade 39
#Loads the IRC NAT functionality into the core IPTABLES code # Required to support NAT of IRC DCC requests # # Disabled by default −− remove the "#" on the next line to activate # #echo −e "ip_nat_irc" #$MODPROBE ip_nat_irc echo "−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−" # Just to be complete, here is a partial list of some of the other # IPTABLES kernel modules and their function. Please note that most # of these modules (the ipt ones) are automatically loaded by the # master kernel module for proper operation and don't need to be # manually loaded. # −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− # # ip_nat_snmp_basic − this module allows for proper NATing of some # SNMP traffic # # iptable_mangle − this target allows for packets to be # manipulated for things like the TCPMSS # option, etc. # # −− # # ipt_mark − this target marks a given packet for future action. # This automatically loads the ipt_MARK module # # ipt_tcpmss − this target allows to manipulate the TCP MSS # option for braindead remote firewalls. # This automatically loads the ipt_TCPMSS module # # ipt_limit − this target allows for packets to be limited to # to many hits per sec/min/hr # # ipt_multiport − this match allows for targets within a range # of port numbers vs. listing each port individually # # ipt_state − this match allows to catch packets with various # IP and TCP flags set/unset # # ipt_unclean − this match allows to catch packets that have invalid # IP/TCP flags set # # iptable_filter − this module allows for packets to be DROPped, # REJECTed, or LOGged. This module automatically # loads the following modules: # # ipt_LOG − this target allows for packets to be # logged # # ipt_REJECT − this target DROPs the packet and returns # a configurable ICMP packet back to the # sender. # echo −e " Done loading modules.\n" Linux IP Masquerade HOWTO Chapter 3. Setting Up IP Masquerade 40
Page 1 and 2: Linux IP Masquerade HOWTO David A.
Page 3 and 4: Linux IP Masquerade HOWTO Table of
Page 5 and 6: Linux IP Masquerade HOWTO Table of
Page 7 and 8: Masquerade Resource web page. If yo
Page 9 and 10: Linux IP Masquerade HOWTO IP Masque
Page 11 and 12: | | : | C−box |:::::: | |.4 +−
Page 13 and 14: • Netfilter is an entirely new ar
Page 15 and 16: HOWTO. • Loadable kernel modules,
Page 17 and 18: • Linux IP Masquerade HOWTO havin
Page 19 and 20: ◊ ip_masquerade ip_conntrack ip_t
Page 21 and 22: commands might look different. It i
Page 23 and 24: cp extensions/libipt_esp.so /usr/lo
Page 25 and 26: [ Code maturity level options ] * P
Page 27 and 28: Linux IP Masquerade HOWTO * FTP pro
Page 29 and 30: (2.2.x kernels) and enable this opt
Page 31 and 32: • NOTE: Please notice that it isn
Page 33 and 34: Linux IP Masquerade HOWTO * Network
Page 35 and 36: == (Slow CPU, Telephony, SCSI, I2O,
Page 37 and 38: Please note the YES or NO ANSWERS t
Page 39 and 40: * IP: IPSEC masq debugging (DEBUG_I
Page 41 and 42: Linux IP Masquerade HOWTO We will r
Page 43: # #IPTABLES=/sbin/iptables IPTABLES
Page 47 and 48: $IPTABLES −A FORWARD −j LOG ech
Page 49 and 50: esac 2. Slackware: • exit 1 exit
Page 51 and 52: Linux IP Masquerade HOWTO FWVER="1.
Page 53 and 54: Linux IP Masquerade HOWTO #CRITICAL
Page 55 and 56: this, copy the following file into
Page 57 and 58: Linux IP Masquerade HOWTO echo "Loa
Page 59 and 60: # Load all required IP MASQ modules
Page 61 and 62: # #/sbin/ipfwadm −I −a accept
Page 63 and 64: Slackware: • mlist) $IPFWADM −M
Page 65 and 66: Chapter 4. Configuring the other in
Page 67 and 68: 4.2. Configuring Windows NT Linux I
Page 69 and 70: 8. Linux IP Masquerade HOWTO gatewa
Page 71 and 72: USE DEFAULTS = OFF VLM = CONN.VLM V
Page 73 and 74: Chapter 5. Testing IP Masquerade Fi
Page 75 and 76: Linux IP Masquerade HOWTO −−−
Page 77 and 78: Linux IP Masquerade HOWTO . . PPP:
Page 79 and 80: −−−−−−−−−−−
Page 81 and 82: Linux IP Masquerade HOWTO 5.12. Any
Page 83 and 84: all IRC clients on various supporte
Page 85 and 86: 6.3.2. Clients that do not have ful
Page 87 and 88: # just leave this section alone. #
Page 89 and 90: Linux IP Masquerade HOWTO # Enabled
Page 91 and 92: echo "1" > /proc/sys/net/ipv4/ip_fo
Page 93 and 94: # STATEFULLY TRACKED # $IPTABLES
Page 95 and 96:
echo −e "\nrc.firewall−iptables
Page 97 and 98:
INTNET="192.168.0.0/24" echo " Inte
Page 99 and 100:
# # Make sure the EXTIF variable ab
Page 101 and 102:
# −−−−− Begin OPTIONAL FO
Page 103 and 104:
#!/bin/sh # # /etc/rc.d/rc.firewall
Page 105 and 106:
# If you get your TCP/IP address a
Page 107 and 108:
#End of file. To automatically sta
Page 109 and 110:
Linux IP Masquerade HOWTO #Enable i
Page 111 and 112:
• 2.6.x and 2.4.x kernels have PO
Page 113 and 114:
look something like this: /sbin/ins
Page 115 and 116:
If I use: > > ipmasqadm portfw −a
Page 117 and 118:
If you plan on port forwarding FTP
Page 119 and 120:
SOCKS: Finally, your last and possi
Page 121 and 122:
Linux IP Masquerade HOWTO 6.10. Gam
Page 123 and 124:
Chapter 7. Frequently Asked Questio
Page 125 and 126:
Linux IP Masquerade HOWTO 7.3. ( Er
Page 127 and 128:
Linux IP Masquerade HOWTO MASQ: IP
Page 129 and 130:
♦ correct rc.firewall−* name fo
Page 131 and 132:
The reason is because you have a dy
Page 133 and 134:
Linux IP Masquerade HOWTO rc.firewa
Page 135 and 136:
*** If you know how to also change
Page 137 and 138:
type=DWORD name="MaxMSS" (Do NOT in
Page 139 and 140:
All interface types: So, in your PP
Page 141 and 142:
like: −−−−−−−−−
Page 143 and 144:
Linux IP Masquerade HOWTO − IPTAB
Page 145 and 146:
7.21. ( Log Reduction ) − My logs
Page 147 and 148:
7.26. ( IDENT ) − IRC won't work
Page 149 and 150:
• Idea #3: Say you want to log al
Page 151 and 152:
Linux IP Masquerade HOWTO 7.34. ( N
Page 153 and 154:
The "iprule" and "iproute" commands
Page 155 and 156:
There are several things you should
Page 157 and 158:
available at the Linux IP Masquerad
Page 159 and 160:
8.3. Thanks to the following suppor
Page 161 and 162:
this one. • 05/21/05 − Updated
Page 163 and 164:
• 05/24/03: Updated the 2.4 Requi
Page 165 and 166:
Linux IP Masquerade HOWTO • 08/25
Page 167 and 168:
• − Load the FTP nat modules no
Page 169 and 170:
• Updated the comments in the 2.0
Page 171 and 172:
• Added Mandrake 6.0, 6.1, 7.0 to
Page 173:
Linux IP Masquerade HOWTO • In th
show all

Linux IP Masquerade HOWTO - The Linux Documentation Project

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?