home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
BURKS 2
/
BURKS_AUG97.ISO
/
BURKS
/
LINUX
/
HOWTO
/
mini
/
ipmasq.txt
< prev
next >
Wrap
Text File
|
1997-07-07
|
52KB
|
1,370 lines
Linux IP Masquerade mini HOWTO
Ambrose Au, achau@wwonline.com
v1.00, 1 January 1997
This document describes how to enable IP masquerade feature on a Linux
host, allowing connected computers that do not have registered Inter¡
net IP addresses to connect to the Internet through your Linux box.
1. Introduction
1.1. Introduction
This document describes how to enable IP masquerade feature on a Linux
host, allowing connected computers that do not have registered
Internet IP addresses to connect to the Internet through your Linux
box. It is possible to connect your machines to the Linux host with
ethernet, as well as other kinds of connection such as a dialup ppp
link. This document will emphasize on ethernet connection, since it
should be the most likely case.
This document is intended for users using kernels 2.0.x.
Development kernels 2.1.x are NOT covered.
1.2. Foreword, Feedback & Credits
First of all, I would like to let you know that I am NOT a
knowledgeable nor an experienced user of IP masquerade.
I find it very confusing as a new user setting up IP masquerade on a
newer kernel, i.e. 2.x kernel. Although there is a FAQ and a mailing
list, there is no document dedicates on that; and there are some
requests on the mailing list for such a HOWTO. So, I decided to write
this up as a starting point for new users, and possibly a building
block for knowledgeable users to build on for documentation. If you
think I'm not doing a good job, feel free to tell me so that I can
make it better.
This document is heavily based on the original FAQ by Ken Eves , and
numerous helpful messages in the ip_masq mailing list. And a special
thanks to Mr. Matthew Driver whose mailing list message inspired me to
set up ip_masq and eventually writing this.
Please feel free to send any feedback or comments to
achau@wwonline.com if I'm mistaken on any information, or if any
information is missing. Your invaluable feedback will certainly be
influencing the future of this HOWTO!
This HOWTO is meant to be a quick guide to get your IP Masquerade
working in the shortest time. The latest news and information can be
found at the IP Masquerade Resource web page that I maintained. If
you have any technical questions on IP Masquerade, please join the IP
Masquerade Mailing List instead of sending email to me since I have
limited time, and the developers of IP_Masq are more capable of
answering your questions.
The latest version of this document can be found at the IP Masquerade
Resource, which also contains the HTML and postscript version:
╖ http://www.wwonline.com/~achau/ipmasq/
╖ http://www.hwy401.com/achau/ipmasq/
╖ http://www.leg.uct.ac.za/mirrors/ipmasq/
╖ http://130.89.230.132/linux/ipmasq/
1.3. Copyright & Disclaimer
This document is copyright(c) 1996 Ambrose Au, and it's a free
document. You can redistribute it under the terms of the GNU General
Public License.
The information and other contents in this document are to the best of
my knowledge. However, ip_masq is experimental, and there is chance
that I make mistakes as well; so you should determine if you want to
follow the information in this document.
Nobody is responsible for any damage on your computers and any other
losses by using the information on this document. i.e.
THE AUTHOR IS NOT RESPONSIBLE FOR ANY DAMAGES INCURRED DUE
TO ACTIONS TAKEN BASED ON THE INFORMATION IN THIS DOCUMENT.
2. Background Knowledge
2.1. What is IP Masquerade?
IP Masquerade is a developing networking function in Linux. If a Linux
host is connected to the Internet with IP Masquerade enabled, then
computers connecting to it (either on the same LAN or connected with
modems) can reach the Internet as well, even though they have no
official assigned IP addresses.
This allows a set of machines to invisibly access the Internet hidden
behind a gateway system, which appears to be the only system using the
Internet. Breaking the security of a well set-up masquerading system
should be considerably more difficult than breaking a good packet
filter based firewall (assuming there are no bugs in either).
2.2. Current Status
IP Masquerade is still at its experimental stages. However, kernels
since 1.3.x had built-in support already. Many individuals and even
companies are using it, with satisfactory results.
Browsing web pages and telnet are reported to work well over ip_masq.
FTP, IRC and listening to Real Audio are working with certain modules
loaded. Other network streaming audio such as True Speech and Internet
Wave work too. Some fellow users on the mailing list even tried video
conferencing software. Ping is now working, with the newly available
ICMP patch
Please refer to section 4.3 for a more complete listing of software
supported.
IP Masquerade works well with 'client machines' on several different
OS and platforms. There are successful cases with systems using Unix,
Windows 95, Windows NT, Windows for Workgroup(with TCP/IP package),
OS/2, Macintosh System's OS with Mac TCP, Mac Open Transport, DOS with
NCSA Telnet package, VAX, Alpha with Linux, and even Amiga with AmiTCP
or AS225-stack.
2.3. Who Can Benefit From IP Masquerade?
╖ If you have a Linux host connected to the Internet, and
╖ if you have some computers running TCP/IP connected to that Linux
box on a local subnet, and/or
╖ if your Linux host has more than one modem and acts as a PPP or
SLIP server connecting to others, which
╖ those OTHER machines do not have official assigned IP addresses.
(these machines are represented by OTHER machines hereby)
╖ And of course, if you want those OTHER machines to make it onto the
Internet without spending extra bucks :)
2.4. Who Doesn't Need IP Masquerade?
╖ If your machine is a stand-alone Linux host connected to the
Internet, then it is pointless to have ip_masq running, or
╖ if you already have assigned addresses for your OTHER machines,
then you don't need IP Masquerade,
╖ and of course, if you don't like the idea of a 'free ride'.
2.5. How IP Masquerade Works?
From IP Masquerade FAQ by Ken Eves:
Here is a drawing of the most simple setup:
SLIP/PPP +------------+ +-------------+
to provider | Linux | SLIP/PPP | Anybox |
<---------- modem1| |modem2 ----------- modem | |
111.222.333.444 | | 192.168.1.100 | |
+------------+ +-------------+
In the above drawing a Linux box with ip_masquerading installed and
running is connected to the Internet via SLIP/or/PPP using modem1. It has
an assigned IP address of 111.222.333.444. It is setup that modem2 allows
callers to login and start a SLIP/or/PPP connection.
The second system (which doesn't have to be running Linux) calls into the
Linux box and starts a SLIP/or/PPP connection. It does NOT have an assigned
IP address on the Internet so it uses 192.168.1.100. (see below)
With ip_masquerade and the routing configured properly the machine
Anybox can interact with the Internet as if it was really connected (with a
few exceptions).
Quoting Pauline Middelink:
Do not forget to mention the ANYBOX should have the Linux box
as its gateway (whether is be the default route or just a subnet
is no matter). If the ANYBOX can not do this, the Linux machine
should do a proxy arp for all routed address, but the setup of
proxy arp is beyond the scope of the document.
The following is an excerpt from a post on comp.os.linux.networking which
has been edited to match the names used in the above example:
o I tell machine ANYBOX that my slipped linux box is its gateway.
o When a packet comes into the linux box from ANYBOX, it will assign it
new source port number, and slap its own ip address in the packet