Re: [TCLUG:7915] Linux Not-So-Newbie Problems

To: tclug-list@mn-linux.org
Subject: Re: [TCLUG:7915] Linux Not-So-Newbie Problems
From: Kevin Bullock <kbullock@ringworld.org>
Date: Thu, 26 Aug 1999 14:46:14 -0500 (CDT)
In-Reply-To: <Pine.LNX.4.10.9908261144540.3935-100000@guinness.urw.org>
Reply-To: Kevin Bullock <kbullock@ringworld.org>

On Thu, 26 Aug 1999, ^chewie wrote:
> On Thu, 26 Aug 1999, David Guy Brizan wrote:
> > > Or at least make sure that the proc file gets changed to contain the
> > > number '1' instead of '0' in one of your boot scripts.
> > Actually it's '1' instead of '' (empty file).
> > </being_a_nerd>
> [...start snipped grep of my /proc/sys/net/ipv4/ directory...]
<snip - *very* snipped :)>
> [...end snipped grep of my /proc/sys/net/ipv4/ directory...]
> 
> I see a lot of 0's in there... :)  Probably depends upon which kernel
> you're running.  I'm using 2.2.x on most of my machines.

Here's the deal with setting up IP Masq'ing:
echo "1" > /proc/sys/net/ipv4/ip_forward
This enables IP forwarding in the kernel.

Now we set up the ethernet interface:
ifconfig eth0 <your ip> netmask <netmask> up

Then add the routing for this network:
route add -net <network address>

Then we set up the ipchains rules:
ipchains-restore < /etc/ipchains.conf
(That's a useful thing I'll explain further down.)

These steps are taken from my init.d/network script (which sets everything
up under Debian).

So in practice it looks like this:
#!/bin/sh
# dysonsphere.ringworld.org /etc/init.d/network
echo "1" > /proc/sys/net/ipv4/ip_forward
ifconfig eth0 192.168.1.1 netmask 255.255.255.0 up
route add -net 192.168.1.0
ipchains-restore < /etc/ipchains.conf

And /etc/ipchains.conf looks like this:
:input ACCEPT
:forward DENY
:output ACCEPT
-A forward -s 192.168.1.0/255.255.255.0 -d 0.0.0.0/0.0.0.0 -j MASQ

I got ipchains.conf to look like that this way:
ipchains -P forward DENY
ipchains -A forward -s 192.168.1.0/255.255.255.0 -d 0/0 -j MASQ

Those two commands set up the forwarding rules well enough for my
application (all computers in my house connect through my linux box). Then
I save the rules for later reloading like so:

ipchains-save > /etc/ipchains.conf

Then on every boot, everything is once again set up properly.

Your implementation will vary in the way you set up the firewall; read
some more in the NET-3-HOWTO and the IP-Masquerade mini-HOWTO. Also, check
out the ipchains documentation. But those are the basics of getting
masq'ing up and running. Hope this helps.

--Kevin R. Bullock

References:
- Re: [TCLUG:7915] Linux Not-So-Newbie Problems
  - From: ^chewie <chewie@guinness.urw.org>

Prev by Date: Proliant 4500?
Next by Date: 2.2.12 and NFS help, please
Prev by thread: Re: [TCLUG:7915] Linux Not-So-Newbie Problems
Next by thread: Proliant 4500?
Index(es):
- Date
- Thread