Not registered ? Sign Up!
IceWalkers.com - Linux Software downloads and news
Name : Password :
Forgot your password?
Linux SoftwareLinux RPMLinux HowtosLink UsAboutAdvertise
What's new? | Linux Software | Linux RPM Database | Linux Howtos | Add Software |
Free eBook: The 7 Things that IT Security Professionals MUST KNOW!

HOWTOs

Search Howtos :Match :
Howtos Index
Masquerading Made Simple HOWTO
PrevNext

4. Post-install Instructions

And it should all work now. Don't forget to:

  • Setup all the clients on the internal network to point to the Linux internal IP address as their gateway. (In windows right-click network neighbourhood->properties->gateway then change it to the Linux gateway internal ip.)

  • Setup all the clients to use your ISP's HTTP proxy if they have one, use a transparent proxy (WARNING - I've heard reports of transparent proxying to be very slow on very big networks), or run squid on your new linux gateway. (This is optional, but preferrable for large networks)

  • Be sure to specify a DNS when setting up your clients. Otherwise you will get errors on the clients saying 'cannot resolve address' etc. If DNS used to work (URL address worked) but doesn't after you setup Masquerading, this is because your ISP's/network's DHCP server can no longer tell you what the DNS address is.

    [Offtopic] I wonder if you could simply send out a dhcp broadcast that just forwards on the dns server (and http_proxy while you're at it) without having to setup a dhcp server (or even if you do). Can someone mail me about this? :)

    Thanks to Richard Atcheson for pointing this out.

  • Now you should start securing it! First turn off forwarding in general: "iptables -P FORWARD DROP", and then learn how to use iptables and /etc/hosts.allow and /etc/hosts.deny to secure your system. WARNING - Don't try this mentioned iptables rule until you have the masquerading working. You have to explicitely allow every packet through that you want if you are going to set the last rule to be DENY. (Undo with "iptables -P FORWARD ACCEPT")

  • Allow through any services you do want the internet to see.

    For an example, to allow access to your web server do: 

    $> iptables -A INPUT --protocol tcp --dport 80 -j ACCEPT
$> iptables -A INPUT --protocol tcp --dport 443 -j ACCEPT

    To allow ident (For connecting to irc etc) do 

    $> iptables -A INPUT --protocol tcp --dport 113 -j ACCEPT

To test it:

  • Try connecting from a client to the web using an IP. Google's IP is 216.239.33.100 (well that's one of them) and you should be able to get a reply from that. e.g. "ping 216.239.33.100" "lynx 216.239.33.100".

  • Try a full out connection by name. e.g. "ping google.com" "lynx google.com" or from Internet Explorer / netscape.

Where eth0 is the external Internet card, and 123.12.23.43 is the external ip of that machine.

PrevHomeNext
Bitmore indepth version FAQ's - Frequently Asked Compla^H^H^H^H^H^H Questions
Search Howtos :Match :
Howtos Index
DbVisualizer 6.5.2
The Universal Database Tool
PhpMyAdmin 3.1.2 rc1
Php front-end to MySQL administration
Xine 1.1.6
Free video player
Glade 3.5.5
User interface builder for GTK+ and Gnome
Evolution 2.25.4
GNOME mailer, calendar, contact manager and communications tool
GEdit 2.25.4
Small but powerful text editor
LimeWire 5.0.4
Gnutella Client
WebGUI 7.6.8
A fully featured content management system.
GTK2 2.14.7
GUI Toolkit
Brasero 0.9.0
Application to burn CD/DVD
Free IT Magazines, White Papers, eBooks, and more !
Dr. Dobb's Journal

Dr. Dobb's Journal enables programmers to write the most efficient and sophisticated programs and help in daily programming quandaries.
The 7 Things that IT Security Professionals MUST KNOW!

Gain key insight into security problem and find the safest means to protect your technological assets.
Database Trends and Applications

Provides timely coverage of the technology, intelligence and insight needed to plan, implement and manage information-rich projects.

Linux Software Map
Find Linux RPM
Best Rated Linux Software
Most Rated Linux Software
Linux Distributions
Linux Howtos
Quick Survey

Please take our survey and help us improve our website to serve you better.

Thank you.
Linux Software
Linux / IT Resources
Site Resources
Google
Privacy Policy
Contact Us
Submit Software
Advertising info