Not registered ? Sign Up!
IceWalkers.com - Linux Software downloads and news
Name : Password :
Forgot your password?
Linux SoftwareLinux RPMLinux HowtosLink UsAboutAdvertise
What's new? | Linux Software | Linux RPM Database | Linux Howtos | Add Software |
Free eBook: The 7 Things that IT Security Professionals MUST KNOW!

HOWTOs

Search Howtos :Match :
Howtos Index
Masquerading Made Simple HOWTO
PrevNext

3. Bitmore indepth version

Compiling the kernel: (Use a 2.4.x kernel or greater)

You need the following support in the kernel:

  • Under Networking Options

    • Network packet filtering (CONFIG_NETFILTER)

  • Under Networking Options->Netfilter Configuration

    • Connection tracking (CONFIG_IP_NF_CONNTRACK)

    • FTP Protocol support (CONFIG_IP_NF_FTP)

    • IP tables support (CONFIG_IP_NF_IPTABLES)

    • Connection state match support (CONFIG_IP_NF_MATCH_STATE)

    • Packet filtering (CONFIG_IP_NF_FILTER)

      • REJECT target support (CONFIG_IP_NF_TARGET_REJECT)

    • Full NAT (CONFIG_IP_NF_NAT)

      • MASQUERADE target support (CONFIG_IP_NF_TARGET_MASQUERADE)

      • REDIRECT target support (CONFIG_IP_NF_TARGET_REDIRECT)

    • Packet mangling (CONFIG_IP_NF_MANGLE)

    • LOG target support (CONFIG_IP_NF_TARGET_LOG)

First, if the iptable and masq modules are not compiled into the kernel and not installed, but do exist as modules, we need to install them. If you insmod ipt_MASQUERADE it will load ip_tables, ip_conntrack and iptable_nat. 

$> modprobe ipt_MASQERADE

Now either your Intranet is large, or you're just trying to get two or three machines to work on the internet - it doesn't make much difference either way.

Okay, I'm assuming that you have no other rules, so do: 

$> iptables -F; iptables -t nat -F; iptables -t mangle -F

If you get an error saying can't find iptables, go find it and install it. If it says no such table 'nat', recompile the kernel with nat support. If it says no such table as 'mangle', don't worry about it, it's not necessary for MASQ'ing. If it says iptables is incompatible with your kernel, go get > 2.4 and compile that with iptables support.

Then if you have a static ip do (e.g. network card not using DHCP): 

$> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 123.12.23.43

or for dynamic (e.g. a modem - you have to call a number first): 

$> iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

Then finally to tell the kernel yes, you really do want to start forwarding packets: (This only needs to be done once per reboot - but dosen't hurt to do it lots) 

$> echo 1 > /proc/sys/net/ipv4/ip_forward

Once you have checked this all works (See under Post-install) only allow masquerading from the internal network - you don't want to allow people on the internet to use it after all :)

First, allow any existing connections, or anything related (e.g. ftp server connecting back to you) 

$> iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

If this gives an error, then you most likely don't have state tracking in the kernel - go recompile. Then allow new connections only from our intranet (local/internal network). Replace the ppp0 with eth0 or whatever your external device is. (The ! means anything but) 

$> iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT

And now deny everything else: 

$> iptables -P INPUT DROP   #only if the first two are succesful

If either of the first two rules failed, then this last rule with prevent the masquerading from working at all. To undo this rule do "iptables -P INPUT ACCEPT".

PrevHomeNext
Summary: (I like doing summaries first) Post-install Instructions
Search Howtos :Match :
Howtos Index
Linux Kernel 2.6 2.6.27.7
Linux Kernel
Battle for Wesnoth 1.4.6
Fantasy Turn-Based Strategy Game
DeleGate 9.9.0-pre8
Proxy server which runs on multiple platforms
Safesquid proxy server 4.2.2.RC8.14B
Antivirus and content filtering proxy server
Thunderbird 2.0.0.18
An email and newsgroup client with powerful, new junk mail controls
JEdit 4.3pre16
Programmers text editor
Wine 1.1.9
Free implementation of Windows on Unix
WebGUI 7.5.34
A fully featured content management system.
KOffice 2.0 beta3
Integrated office suite for KDE
LimeWire 4.18.8
Gnutella Client
Free IT Magazines, White Papers, eBooks, and more !
Oracle Magazine

Contains technology strategy articles, sample code, tips, Oracle and partner news, how to articles for developers and DBAs, and more.
eWeek

The essential technology information source for builders of e-business.
BusinessWeek (Digital Edition)

Provides readers a deeper understanding of the trends that drive growth, and what best practices keep them ahead of the competition.

Linux Software Map
Find Linux RPM
Best Rated Linux Software
Most Rated Linux Software
Linux Distributions
Linux Howtos
Quick Survey

Please take our survey and help us improve our website to serve you better.

Thank you.
Linux Software
Linux / IT Resources
Site Resources
Google
Privacy Policy
Contact Us
Submit Software
Advertising info