1 |
199 |
simons |
IP Masquerading lets you run multiple machines on a network behind a
|
2 |
|
|
Linux box so that all the machines (including the Linux masquerade box)
|
3 |
|
|
appear as a single IP address to the outside world.
|
4 |
|
|
|
5 |
|
|
The main use of masquerading is when your ISP only gives you one IP
|
6 |
|
|
address and wants to charge like a wounded bull for multiple IP
|
7 |
|
|
addresses. Instead of paying your ISP large amounts of money for a
|
8 |
|
|
separate address for each of your machines, funnel them all through a
|
9 |
|
|
Linux box running IP masquerading. Even when you have multiple IP
|
10 |
|
|
addresses, you can still use masquerading if you want to hide your
|
11 |
|
|
internal networks from the rest of the world.
|
12 |
|
|
|
13 |
|
|
To activate IP masquerading, compile the kernel with IP Forwarding, IP
|
14 |
|
|
Firewalling and IP Masquerading, the first two options must be on
|
15 |
|
|
before you can see the masquerade option. Also consider using the
|
16 |
|
|
ipautofw and ICMP masquerading suboptions.
|
17 |
|
|
|
18 |
|
|
Some of the masq code is in the kernel, some is in modules so you have
|
19 |
|
|
to make zImage and make modules. There are masq helper modules to
|
20 |
|
|
handle special protocols, you only need to load a helper module if you
|
21 |
|
|
want to use the corresponding protocol. Helper modules have to be
|
22 |
|
|
explicitly loaded (usually from somewhere in /etc/rc.d), they cannot be
|
23 |
|
|
loaded using kerneld. The current helper modules are ip_masq_ftp,
|
24 |
|
|
ip_masq_irc, ip_masq_raudio, ip_masq_cuseeme, ip_masq_vdolive,
|
25 |
|
|
ip_masq_quake.
|
26 |
|
|
|
27 |
|
|
All of the modules can take a parameter specifying the port they work
|
28 |
|
|
on - ie ftp handles connections to port 21 by default. This parameter,
|
29 |
|
|
which can be ommitted to take the default port(s) makes the command
|
30 |
|
|
line look like this
|
31 |
|
|
insmod ip_masq_raudio.o ports=7070,7071,7072
|
32 |
|
|
Up to 12 ports can be specified (this value can be changed if you
|
33 |
|
|
recompile).
|
34 |
|
|
|
35 |
|
|
Masquerading is more of a server function than a single user function.
|
36 |
|
|
Using it correctly requires some knowledge of TCP, UDP, IP and a high
|
37 |
|
|
level understanding of some protocols. For more details on IP
|
38 |
|
|
masquerading, visit
|
39 |
|
|
http://www.indyramp.com/masq/
|
40 |
|
|
and read the HOWTO.
|
41 |
|
|
|
42 |
|
|
There is a mailing list covering use of masqueraing, information can
|
43 |
|
|
be found on the indyramp web site given above - please read the basic
|
44 |
|
|
information before posting to the mailing list.
|
45 |
|
|
|
46 |
|
|
Other information on masquerading can be found at
|
47 |
|
|
http://www.wwonline.com/~achau/ipmasq/
|
48 |
|
|
|
49 |
|
|
March 5, 1997
|
50 |
|
|
Keith Owens
|
51 |
|
|
Nigel Metheringham
|