Linux Know-How provides a collection of introductory texts on often needed Linux skills. |
Home Newbie Guide Administrator FAQ Networking IP Masquerading | ||
See also: How to set up my home network?, IP Filtering Setup (ipfwadm), Types of Firewalls | ||
Search the VIAS Library | Index | ||
IP MasqueradingAnother computer on your network must have a modem (or another Internet connection) though :-). Set up IP masquerading. This way, all requests going from your network to your Internet Service Provider (ISP) appear to have originated from a single computer, and your ISP will let them through. ON REDHAT 5.2, simple masquerading required just one command (on the computer with the modem): /sbin/ipfwadm -F -p m This sets up masquerading as your default forwarding policy of your IP firewall, and therefore is insecure but probably OK for a home user. (The danger is that if somebody cracked into your computer, s/he can use your computer to hide his true identity. Whatever malicious the hacker does to anybody, you take the blame. The hacker can even set his route to "tunnel" back to your network thus concealing his identity from you.) For more info, please check the file /usr/doc/HOWTO/mini/IP-Masquerade. A more secure setup is shown here: ipfwadm -F -p deny ipfwadm -F -a m -S 192.168.1.1/32 -D 0.0.0.0/0 ipfwadm -F -a m -S 192.168.1.3/32 -D 0.0.0.0/0 ipfwadm -F -a m -S 192.168.2.0/24 -D 0.0.0.0/0
ON REDHAT 6.0 THE NAME OF THE COMMAND is ipfwadm-wrapper (instead of ipfwadm) and I had to use the second, more secure method (setting up masquerading as the default policy does not seem to work on my system any more). Also, with newer kernels (2.0.34 and later) forwarding is disabled by default and must be turned on using: echo "1" > /proc/sys/net/ipv4/ip_forward Actually, ipfwadm-wrapper is a wrapper because it lets me use the old rules of setting up the firewall policies using the brand new firewalling kernel code. Doing something like this may work better for you: ipchains -P forward DENY ipchains -A forward -s 192.168.1.0/24 -j MASQ If you would like to have this command(s) always executed on your system startup, add it as the last line(s) to the file /etc/rc.d/rc.local . This file is something like AUTOEXEC.BAT in DOS. As always, it is recommended to read the manual page and other documentation to see what the command(s) does and what are the other options: less /usr/doc/HOWTO/mini/IP-Masquerade man ipfwadm man ipchains ON REDHAT 7.1 (KERNEL 2.4.x) the firewalling can be set up using the new iptables command. You can still use the old ipchains, provided you don't run iptables at the same time. So perhaps use ntsysv to make sure ipchains is enabled, and iptables is disabled.
|
||
Home Newbie Guide Administrator FAQ Networking IP Masquerading |