----------------------------------------------- IP MASQ Setup with ipchains quick start Author : Terry 'Mongoose' Hendrix II Email : stu7440@westga.edu Version: 1.1 Date : 1999.05.?? ----------------------------------------------- NOTES ---------------------------------------- The following example has: 0.0.0.0 the IP of the gateway to the internet. 10.0.0.1 the IP of the ip masq gateway's eth0. 10.0.0.2 the IP of the ip masq client0's eth0. 10.0.0.3 the IP of the ip masq client1's eth0. NETWORK IP MASQ GATEWAY SETUP ---------------------------------------- 1. Load ethernet card modules ( if needed ). /sbin/modprobe ne2k-pci 2. Bring up the device. ( add to /etc/rc.d/rc.local if you don't have standard interface scripts) /sbin/ifconfig eth0 10.0.0.1 netmask 255.255.255.0 up /sbin/route add -net 10.0.0.0 netmask 255.255.255.0 eth0 /sbin/route add default gw 0.0.0.0 eth0 3. Allow your IP MASQ clients to use your inet. A. Add this to /etc/hosts.allow at the end: ALL:10.0.0.2 ALL:10.0.0.3 B. Add the ips to any other configs it requires. i. I suggest you use the squid ftp/http proxy for speed. NETWORK CLIENT SETUP ( 10.0.0.2 client0 ) ---------------------------------------- 1. Load ethernet card modules ( if needed ). /sbin/modprobe ne2k-pci 2. Bring up the device. ( add this to /etc/rc.d/rc.local if you don't have standard interface scripts) /sbin/ifconfig eth0 10.0.0.2 netmask 255.255.255.0 up /sbin/route add -net 10.0.0.0 netmask 255.255.255.0 eth0 /sbin/route add default gw 10.0.0.1 eth0 TESTING NETWORK ---------------------------------------- 1. Ping 10.0.0.1 from the the clients and vice versa. 2. Use /sbin/ifconfig to see packet traffic from each host. 3. You should be able to use telnet/ftp between machines now. A. If you can't telnet from clients to gateway, then check hosts.allow. IP MASQ GATEWAY IP MASQ SETUP ---------------------------------------- 1. IP forwarding setup. A. Enable ip forwarding for the IP MASQ gateway. echo "1" > proc/sys/net/ipv4/ip_forward B. Make ip forwarding enabled every boot: i. For RedHat modify /etc/sysconfig/network as follows: FORWARD_IPV4=true ii. For other distros add this to /etc/rc.d/rc.local at the end: echo "1" > proc/sys/net/ipv4/ip_forward C. To make sure no one smurfs your network add this to rc.local: echo "1" > /proc/sys/net/ipv4/tcp_syncookies 2. Now setup routing. You can add these to rc.local to load every time. A. Deny all ip forwarding by default. /sbin/ipchains -P forward DENY B. Allow ip forwarding for your IP MASQ machines 10.0.0.2 and 10.0.0.3. /sbin/ipchains -A forward -s 10.0.0.2/24 -j MASQ /sbin/ipchains -A forward -s 10.0.0.3/24 -j MASQ C. Add any masq modules you'll need. /sbin/modprobe ip_masq_ftp /sbin/modprobe ip_masq_quake /sbin/modprobe ip_masq_irc /sbin/modprobe ip_masq_user /sbin/modprobe ip_masq_raudio ... ------------------------------------------------ Visit the following site for IP Tables help: http://www.netfilter.org/unreliable-guides/