[plug] IP Chains

Michael Hunt Michael.J.Hunt at usa.net
Thu Dec 23 08:13:31 WST 1999


> skribe wrote:
> >
> > Does anyone know where I can find a walk-through/tutorial on IP Chains?
> > I've checked out the how-to and all I've managed to do is
> completely block
> > everything as a result =).

<snip>

> There is a web page there at
>
> http://stuwww.kub.nl/people/b.vannunen/linux-man11.php3
>
> but, the person does not appear to use either ipchains or ipfwadm
> for the ip
> masquerading.
>
> I have no idea how it's done, unless the kernel recompilation
> magically takes
> care of it all.

Mikes Quick and dirty quide to IP masquerading

1. Turn on IP forwarding. You can do this through most distro's control
panel app (at least under RedHat) or by echo an 1 to the relevant proc file
(the name surpasses me at the moment).

2. Putting the following in your rc.local file *changing your internal
network numbers where appropriate. This also adds some extra modules for a
couple of other services. On most distro's you don't need to recompile your
kernel as most already have the support in (at lets most of the RedHat based
ones do)

ipchains -F
ipchains -P forward DENY
ipchains -A forward -j MASQ -s 192.168.1.0/24 -d 0.0.0.0/0
modprobe ip_masq_ftp
modprobe ip_masq_irc
modprobe ip_masq_raudio
modprobe ip_masq_quake

3. Restart your computer if you want to confirm that these changes will take
affect after a reboot.

(Anyone who wants to flame more for the above read my qualification first
OK).

It seems weird that they did not put the ipcahains/ipfwadm lines in. I
suppose firewalling doesn't require you to have any rules, but then is it
really firewalling if you don't ????

>
> Bret Busby
>
> Phone/Fax:    +61 8 9399 3820 ( 08 9399 3820 within Australia)
>
> ........................................
>
>



More information about the plug mailing list