[Re: Ip-Masq]
Matt Graham
danceswithcrows@usa.net
28 Jul 2001 19:07:24 EDT
Ben Pfaff wrote:
> What kernel version is this?
Well, it's a 2.4 of some sort. That's all I know for sure. However, the
main problem that's going on is...
(From the .config file)
#
# Networking options
#
CONFIG_PACKET=y
CONFIG_PACKET_MMAP=y
CONFIG_NETLINK=y
CONFIG_RTNETLINK=y
CONFIG_NETLINK_DEV=y
# CONFIG_NETFILTER is not set <-That.
In the "menuconfig" or "xconfig" dialogs, it's under Network
COnfiguration->Network Packet Filtering (replaces ipchains). When you set
this to "Y", a new submenu called "IP: Netfilter Configuration" shows up.
You can basically set everything to "M" here. If you've included
"ipchains support" you can "modprobe ipchains" and do your masqing as if
you were on a 2.2 kernel, but ipchains is deprecated and will be going
away at some point so it's really better to use iptables.
I do something like this to enable masqing for my tiny little 2-node
network, from /etc/init.d/boot.local:
# module dependencies pull in everything else needed if we modprobe the
# FTP thingy....
modprobe ip_nat_ftp
echo "1" > /proc/sys/net/ipv4/ip_forward
/sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
# "man iptables" for what all that carp means
Note that there are none of the really nifty security bits you can put
into iptables here, and you *NEED* some of those if you're not on dialup.
Or even if you are on dialup, they're a good idea. HTH,
--
Matt G / Dances With Crows
There is no Darkness in Eternity/But only Light too dim for us to see
"I backed up my brain to tape, but tar says the tape contains no data...."