[H-GEN] ip masq, ,chaining, proxies, squid etc

Harry Phillips hfphillips at iname.com
Sat Sep 11 07:15:07 EDT 1999 

[ Humbug *General* list - semi-serious discussions about Humbug and
Unix-related topics. ]

> I assumed that all I would have to due is enable forwarding in
> etc/sysconfig/network and do 
> ipchains -P forward DENY 
> and 
> ipchains -A foward -j MASQ -s 192.168.0.0/24 -d 0.0.0.0/0
> as explained in APC pocket book.  It doesn't mention anything about
> proxies or firewalls and I don't know a great deal about any of it.
> 
> The network is as follows:
> machine 	ip		role
> ski		192.168.0.1	gateway (linux)
> serra		192.168.0.2	file server and my own mail client (linux)
> lucifer		192.168.0.3	work & internet machine (win98)
> wilbur		192.168.0.4	work, internet & game machine  (win98)
> puppy		192.168.0.5	internet and game machine  (win98)
> romanian	192.168.0.6	internet and game machine  (win98)
> 
> I'm no expert just an amateur so I hope someone could give me either some
> advice on what I'm am doing wrong or the correct way to do it if I'm going
> about it all wrong.
> 
> All help appreciate and reciprocated where possible.
> 
> Darrin Mison
> -- 

Darrin,

I am just a beginner to linux/unix and I run Mandrake 6.0. I have setup what
you are trying to achieve. I use /etc/rc.d/rc.local and have the following
entries and they work like a charm.

#The following section is for IP masquerading
/sbin/depmod -a
/sbin/modprobe ip_masq_portfw
/sbin/modprobe ip_masq_autofw
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio
/sbin/modprobe ip_masq_user
/sbin/modprobe ip_masq_mfw
/sbin/modprobe ip_masq_irc

#Setup basic forwarding rules
ipchains -P forward DENY
ipchains -A forward -s 192.168.1.0/24 -j MASQ

Don't ask me what they do or if the order of the second ipchains line matters
but the other PC's on the network can do anything including Commonwealth
Netbank. I got all the settings by reading, reading and reading all the HOW-TO
that were relevant and some that weren't.

if you need any of my other setting (such as the kppp setup) just drop me a
line.

Regards
Harry

PS. If you just have the first modprobe line everything will work but it's
really really _slow_. I think it catches and does everything that the others
don't.

--
This is list (humbug) general handled by majordomo at lists.humbug.org.au .
Postings only from subscribed addresses of lists general or general-post.

More information about the General mailing list