Linux IP Masquerade HOWTO - The Linux Documentation Project

More documents

Recommendations

Info

Chapter 1. Introduction 1.1. Introduction to IP Masquerading or IP MASQ This document describes how to enable the Linux IP Masquerade feature on a given Linux host. IP Masquerade, called "IPMASQ" or "MASQ" for short, is a form of Network Address Translation (NAT) which allows internally connected computers that do not have one or more registered Internet IP addresses to communicate to the Internet via the Linux server's Internet IP address. Since IPMASQ is a generic technology, you can connect the Linux server's internal and external to other computers through LAN technologies like Ethernet, TokenRing, and FDDI, as well as dialup connections line PPP or SLIP links. This document primarily uses Ethernet and PPP connections in examples because it is most commonly used with DSL / Cablemodems and dialup connections. "This document is intended for systems running stable Linux kernels like 2.4.x, 2.2.x, and 2.0.x preferably on an IBM−compatible PC. IP Masquerade does work on other Linux−supported platforms like Sparc, Alpha, PowerPC, etc. but this HOWTO doesn't cover them in as much detail. Beta kernels such as 2.5.x, 2.3.x, 2.1.x, and ANY kernels less than 2.0.x are NOT covered in this document. The primary reason for this is because many of the older kernels are considered broken. If you are using an older kernel version, it is highly advisable to upgrade to one of the stable Linux kernels before using IP Masquerading. " 1.2. Foreword, Feedback & Credits From the original IPMASQ HOWTO author: "As a new user, I found it very confusing to setup IP masquerade on the Linux kernel, (back then, its was a 1.2.x kernel). Although there was a FAQ and a mailing list, there was no documentation dedicated to this. There was also some requests on the mailing list for a HOWTO manual. So, I decided to write this HOWTO as a starting point for new users and possibly create a building block for other knowledgeable users. If you, the reader, have any additional ideas, corrections, or questions about this document, please feel free to contact us. " This document was originally written by Ambrose Au back in August, 1996, based on the 1.x kernel IPMASQ FAQ written by Ken Eves and numerous helpful messages from the original IP Masquerade mailing list. In particular, a mailing list message from Matthew Driver inspired Ambrose to set up IP Masquerade and eventually write version 0.80 of this HOWTO. In April 1997, Ambrose created the Linux IP Masquerade Resource Web site at http://ipmasq.webhop.net which has provided up−to−date information on Linux IP Masquerading ever since. In February 1999, David Ranch took over maintenance of the HOWTO. David then re−wrote the HOWTO and added a substantial number of sections to the document. Today, the HOWTO is still maintained by David where he constantly updates it and fixes any reported bugs, etc. Please feel free to send any feedback or comments regarding this HOWTO to dranch@trinnet.net if you have any corrections or if any information/URLs/etc. is missing. Your invaluable feedback will certainly influence the future of this HOWTO! This HOWTO is meant to be a fairly comprehensive guide to getting your Linux IP Masquerading system working in the shortest time possible. David only plays a technical writer on T.V. so you might find the information in this document not as general and/or objective as it could be. If you think a section could be clearer, etc.. please let David know. The latest version of the MASQ HOWTO can be found at Dranch's Linux Page. Additional news, mirrors of the HOWTO, and information regarding IPMASQ can be found at the IP Chapter 1. Introduction 1
Masquerade Resource web page. If you have any technical questions on IP Masquerade, please join the IP Masquerade Mailing List instead of sending email to David or Ambrose. Most MASQ problems are −common− for ALL MASQ users and can be easily solved by users on the list. In addition to this, the response time of the IP MASQ email list will be much faster than a reply from either David or Ambrose. The latest version of this document can be found at the following sites which also contains HTML, Postscript, PDF, etc. versions • Dranch's Linux page • http://ipmasq.webhop.net/: The IP Masquerade Resources • http://ipmasq2.webhop.net/: The IP Masquerade Resources MIRROR • The Linux Documentation Project • Also refer to IP Masquerade Resource Mirror Sites Listing for other local mirrored sites. 1.3. Copyright & Disclaimer This document is copyrighted(c) 2003,2002,2001,2000 for David A. Ranch and it is a FREE document. You may redistribute it under the terms of the GNU General Public License (GPL). The information herein this document is, to the best of David's knowledge, correct. However, the Linux IP Masquerade feature is written by humans and thus, the chance of mistakes, bugs, etc. might occur from time to time. No person, group, or other body is responsible for any damage on your computer(s) and any other losses by using the information on this document. i.e. "THE AUTHORS AND ALL MAINTAINERS ARE NOT RESPONSIBLE FOR ANY DAMAGES INCURRED DUE TO ACTIONS TAKEN BASED ON THE INFORMATION IN THIS DOCUMENT. " Ok, with all this behind us... On with the show.. Linux IP Masquerade HOWTO Chapter 1. Introduction 2
Page 1 and 2: Linux IP Masquerade HOWTO David A.
Page 3 and 4: Linux IP Masquerade HOWTO Table of
Page 5: Linux IP Masquerade HOWTO Table of
Page 9 and 10: Linux IP Masquerade HOWTO IP Masque
Page 11 and 12: | | : | C−box |:::::: | |.4 +−
Page 13 and 14: • Netfilter is an entirely new ar
Page 15 and 16: HOWTO. • Loadable kernel modules,
Page 17 and 18: • Linux IP Masquerade HOWTO havin
Page 19 and 20: ◊ ip_masquerade ip_conntrack ip_t
Page 21 and 22: commands might look different. It i
Page 23 and 24: cp extensions/libipt_esp.so /usr/lo
Page 25 and 26: [ Code maturity level options ] * P
Page 27 and 28: Linux IP Masquerade HOWTO * FTP pro
Page 29 and 30: (2.2.x kernels) and enable this opt
Page 31 and 32: • NOTE: Please notice that it isn
Page 33 and 34: Linux IP Masquerade HOWTO * Network
Page 35 and 36: == (Slow CPU, Telephony, SCSI, I2O,
Page 37 and 38: Please note the YES or NO ANSWERS t
Page 39 and 40: * IP: IPSEC masq debugging (DEBUG_I
Page 41 and 42: Linux IP Masquerade HOWTO We will r
Page 43 and 44: # #IPTABLES=/sbin/iptables IPTABLES
Page 45 and 46: #Loads the IRC NAT functionality in
Page 47 and 48: $IPTABLES −A FORWARD −j LOG ech
Page 49 and 50: esac 2. Slackware: • exit 1 exit
Page 51 and 52: Linux IP Masquerade HOWTO FWVER="1.
Page 53 and 54: Linux IP Masquerade HOWTO #CRITICAL
Page 55 and 56: this, copy the following file into
Page 57 and 58:
Linux IP Masquerade HOWTO echo "Loa
Page 59 and 60:
# Load all required IP MASQ modules
Page 61 and 62:
# #/sbin/ipfwadm −I −a accept
Page 63 and 64:
Slackware: • mlist) $IPFWADM −M
Page 65 and 66:
Chapter 4. Configuring the other in
Page 67 and 68:
4.2. Configuring Windows NT Linux I
Page 69 and 70:
8. Linux IP Masquerade HOWTO gatewa
Page 71 and 72:
USE DEFAULTS = OFF VLM = CONN.VLM V
Page 73 and 74:
Chapter 5. Testing IP Masquerade Fi
Page 75 and 76:
Linux IP Masquerade HOWTO −−−
Page 77 and 78:
Linux IP Masquerade HOWTO . . PPP:
Page 79 and 80:
−−−−−−−−−−−
Page 81 and 82:
Linux IP Masquerade HOWTO 5.12. Any
Page 83 and 84:
all IRC clients on various supporte
Page 85 and 86:
6.3.2. Clients that do not have ful
Page 87 and 88:
# just leave this section alone. #
Page 89 and 90:
Linux IP Masquerade HOWTO # Enabled
Page 91 and 92:
echo "1" > /proc/sys/net/ipv4/ip_fo
Page 93 and 94:
# STATEFULLY TRACKED # $IPTABLES
Page 95 and 96:
echo −e "\nrc.firewall−iptables
Page 97 and 98:
INTNET="192.168.0.0/24" echo " Inte
Page 99 and 100:
# # Make sure the EXTIF variable ab
Page 101 and 102:
# −−−−− Begin OPTIONAL FO
Page 103 and 104:
#!/bin/sh # # /etc/rc.d/rc.firewall
Page 105 and 106:
# If you get your TCP/IP address a
Page 107 and 108:
#End of file. To automatically sta
Page 109 and 110:
Linux IP Masquerade HOWTO #Enable i
Page 111 and 112:
• 2.6.x and 2.4.x kernels have PO
Page 113 and 114:
look something like this: /sbin/ins
Page 115 and 116:
If I use: > > ipmasqadm portfw −a
Page 117 and 118:
If you plan on port forwarding FTP
Page 119 and 120:
SOCKS: Finally, your last and possi
Page 121 and 122:
Linux IP Masquerade HOWTO 6.10. Gam
Page 123 and 124:
Chapter 7. Frequently Asked Questio
Page 125 and 126:
Linux IP Masquerade HOWTO 7.3. ( Er
Page 127 and 128:
Linux IP Masquerade HOWTO MASQ: IP
Page 129 and 130:
♦ correct rc.firewall−* name fo
Page 131 and 132:
The reason is because you have a dy
Page 133 and 134:
Linux IP Masquerade HOWTO rc.firewa
Page 135 and 136:
*** If you know how to also change
Page 137 and 138:
type=DWORD name="MaxMSS" (Do NOT in
Page 139 and 140:
All interface types: So, in your PP
Page 141 and 142:
like: −−−−−−−−−
Page 143 and 144:
Linux IP Masquerade HOWTO − IPTAB
Page 145 and 146:
7.21. ( Log Reduction ) − My logs
Page 147 and 148:
7.26. ( IDENT ) − IRC won't work
Page 149 and 150:
• Idea #3: Say you want to log al
Page 151 and 152:
Linux IP Masquerade HOWTO 7.34. ( N
Page 153 and 154:
The "iprule" and "iproute" commands
Page 155 and 156:
There are several things you should
Page 157 and 158:
available at the Linux IP Masquerad
Page 159 and 160:
8.3. Thanks to the following suppor
Page 161 and 162:
this one. • 05/21/05 − Updated
Page 163 and 164:
• 05/24/03: Updated the 2.4 Requi
Page 165 and 166:
Linux IP Masquerade HOWTO • 08/25
Page 167 and 168:
• − Load the FTP nat modules no
Page 169 and 170:
• Updated the comments in the 2.0
Page 171 and 172:
• Added Mandrake 6.0, 6.1, 7.0 to
Page 173:
Linux IP Masquerade HOWTO • In th
show all

Linux IP Masquerade HOWTO - The Linux Documentation Project

Create successful ePaper yourself

Delete template?

Save as template?