1444 lines
23 KiB
HTML
1444 lines
23 KiB
HTML
|
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
|
||
|
<HTML
|
||
|
><HEAD
|
||
|
><TITLE
|
||
|
>Masquerading Made Simple HOWTO</TITLE
|
||
|
><META
|
||
|
NAME="GENERATOR"
|
||
|
CONTENT="Modular DocBook HTML Stylesheet Version 1.7"></HEAD
|
||
|
><BODY
|
||
|
CLASS="ARTICLE"
|
||
|
BGCOLOR="#FFFFFF"
|
||
|
TEXT="#000000"
|
||
|
LINK="#0000FF"
|
||
|
VLINK="#840084"
|
||
|
ALINK="#0000FF"
|
||
|
><DIV
|
||
|
CLASS="ARTICLE"
|
||
|
><DIV
|
||
|
CLASS="TITLEPAGE"
|
||
|
><H1
|
||
|
CLASS="TITLE"
|
||
|
><A
|
||
|
NAME="AEN2"
|
||
|
></A
|
||
|
>Masquerading Made Simple HOWTO</H1
|
||
|
><H3
|
||
|
CLASS="AUTHOR"
|
||
|
><A
|
||
|
NAME="AEN4"
|
||
|
>John Tapsell</A
|
||
|
></H3
|
||
|
><DIV
|
||
|
CLASS="AFFILIATION"
|
||
|
><DIV
|
||
|
CLASS="ADDRESS"
|
||
|
><P
|
||
|
CLASS="ADDRESS"
|
||
|
> <TT
|
||
|
CLASS="EMAIL"
|
||
|
><<A
|
||
|
HREF="mailto:tapselj0@cs.man.ac.uk"
|
||
|
>tapselj0@cs.man.ac.uk</A
|
||
|
>></TT
|
||
|
><br>
|
||
|
</P
|
||
|
></DIV
|
||
|
></DIV
|
||
|
><H3
|
||
|
CLASS="AUTHOR"
|
||
|
><A
|
||
|
NAME="AEN10"
|
||
|
>Thomas Spellman</A
|
||
|
></H3
|
||
|
><DIV
|
||
|
CLASS="AFFILIATION"
|
||
|
><DIV
|
||
|
CLASS="ADDRESS"
|
||
|
><P
|
||
|
CLASS="ADDRESS"
|
||
|
> <TT
|
||
|
CLASS="EMAIL"
|
||
|
><<A
|
||
|
HREF="mailto:thomasNO@SPAMresonancePLEASE.org"
|
||
|
>thomasNO@SPAMresonancePLEASE.org</A
|
||
|
>></TT
|
||
|
><br>
|
||
|
</P
|
||
|
></DIV
|
||
|
></DIV
|
||
|
><H3
|
||
|
CLASS="AUTHOR"
|
||
|
><A
|
||
|
NAME="AEN16"
|
||
|
>Matthias Grimm</A
|
||
|
></H3
|
||
|
><DIV
|
||
|
CLASS="AFFILIATION"
|
||
|
><DIV
|
||
|
CLASS="ADDRESS"
|
||
|
><P
|
||
|
CLASS="ADDRESS"
|
||
|
> <TT
|
||
|
CLASS="EMAIL"
|
||
|
><<A
|
||
|
HREF="mailto:DeadBull@gmx.net"
|
||
|
>DeadBull@gmx.net</A
|
||
|
>></TT
|
||
|
><br>
|
||
|
</P
|
||
|
></DIV
|
||
|
></DIV
|
||
|
><DIV
|
||
|
CLASS="REVHISTORY"
|
||
|
><TABLE
|
||
|
WIDTH="100%"
|
||
|
BORDER="0"
|
||
|
><TR
|
||
|
><TH
|
||
|
ALIGN="LEFT"
|
||
|
VALIGN="TOP"
|
||
|
COLSPAN="3"
|
||
|
><B
|
||
|
>Revision History</B
|
||
|
></TH
|
||
|
></TR
|
||
|
><TR
|
||
|
><TD
|
||
|
ALIGN="LEFT"
|
||
|
>Revision 0.09</TD
|
||
|
><TD
|
||
|
ALIGN="LEFT"
|
||
|
>2004-07-21</TD
|
||
|
><TD
|
||
|
ALIGN="LEFT"
|
||
|
>Revised by: ts</TD
|
||
|
></TR
|
||
|
><TR
|
||
|
><TD
|
||
|
ALIGN="LEFT"
|
||
|
COLSPAN="3"
|
||
|
></TD
|
||
|
></TR
|
||
|
><TR
|
||
|
><TD
|
||
|
ALIGN="LEFT"
|
||
|
>Revision 0.08</TD
|
||
|
><TD
|
||
|
ALIGN="LEFT"
|
||
|
>2002-07-11</TD
|
||
|
><TD
|
||
|
ALIGN="LEFT"
|
||
|
>Revised by: jpt</TD
|
||
|
></TR
|
||
|
><TR
|
||
|
><TD
|
||
|
ALIGN="LEFT"
|
||
|
COLSPAN="3"
|
||
|
></TD
|
||
|
></TR
|
||
|
><TR
|
||
|
><TD
|
||
|
ALIGN="LEFT"
|
||
|
>Revision 0.07</TD
|
||
|
><TD
|
||
|
ALIGN="LEFT"
|
||
|
>2002-02-27</TD
|
||
|
><TD
|
||
|
ALIGN="LEFT"
|
||
|
>Revised by: jpt</TD
|
||
|
></TR
|
||
|
><TR
|
||
|
><TD
|
||
|
ALIGN="LEFT"
|
||
|
COLSPAN="3"
|
||
|
></TD
|
||
|
></TR
|
||
|
><TR
|
||
|
><TD
|
||
|
ALIGN="LEFT"
|
||
|
>Revision 0.06</TD
|
||
|
><TD
|
||
|
ALIGN="LEFT"
|
||
|
>2001-09-08</TD
|
||
|
><TD
|
||
|
ALIGN="LEFT"
|
||
|
>Revised by: jpt</TD
|
||
|
></TR
|
||
|
><TR
|
||
|
><TD
|
||
|
ALIGN="LEFT"
|
||
|
COLSPAN="3"
|
||
|
></TD
|
||
|
></TR
|
||
|
><TR
|
||
|
><TD
|
||
|
ALIGN="LEFT"
|
||
|
>Revision 0.05</TD
|
||
|
><TD
|
||
|
ALIGN="LEFT"
|
||
|
>2001-09-07</TD
|
||
|
><TD
|
||
|
ALIGN="LEFT"
|
||
|
>Revised by: jpt</TD
|
||
|
></TR
|
||
|
><TR
|
||
|
><TD
|
||
|
ALIGN="LEFT"
|
||
|
COLSPAN="3"
|
||
|
></TD
|
||
|
></TR
|
||
|
><TR
|
||
|
><TD
|
||
|
ALIGN="LEFT"
|
||
|
>Revision 0.04</TD
|
||
|
><TD
|
||
|
ALIGN="LEFT"
|
||
|
>2001-09-01</TD
|
||
|
><TD
|
||
|
ALIGN="LEFT"
|
||
|
>Revised by: jpt</TD
|
||
|
></TR
|
||
|
><TR
|
||
|
><TD
|
||
|
ALIGN="LEFT"
|
||
|
COLSPAN="3"
|
||
|
></TD
|
||
|
></TR
|
||
|
><TR
|
||
|
><TD
|
||
|
ALIGN="LEFT"
|
||
|
>Revision 0.03</TD
|
||
|
><TD
|
||
|
ALIGN="LEFT"
|
||
|
>2001-07-06</TD
|
||
|
><TD
|
||
|
ALIGN="LEFT"
|
||
|
>Revised by: jpt</TD
|
||
|
></TR
|
||
|
><TR
|
||
|
><TD
|
||
|
ALIGN="LEFT"
|
||
|
COLSPAN="3"
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
></DIV
|
||
|
><DIV
|
||
|
><DIV
|
||
|
CLASS="ABSTRACT"
|
||
|
><A
|
||
|
NAME="AEN51"
|
||
|
></A
|
||
|
><P
|
||
|
></P
|
||
|
><P
|
||
|
> All of the authors are available on #debian on irc.opensource.net
|
||
|
</P
|
||
|
><P
|
||
|
> John Tapsell (JohnFlux) is the official maintainer.
|
||
|
</P
|
||
|
><P
|
||
|
> Email me (John Tapsell) for any query, flame, feedback, a date, etc.
|
||
|
</P
|
||
|
><P
|
||
|
> Shamelessly stealing from David Ranch's work - <TT
|
||
|
CLASS="EMAIL"
|
||
|
><<A
|
||
|
HREF="mailto:dranch@trinnet.net"
|
||
|
>dranch@trinnet.net</A
|
||
|
>></TT
|
||
|
>.
|
||
|
</P
|
||
|
><P
|
||
|
> This is NOT a replacement for the IP-Masquerading HOWTO - it is to
|
||
|
complement it, and the two should be read side by side. I do not include
|
||
|
things in here that are covered by the the other HOWTO, nor do I explain
|
||
|
what it all means, or what it is all about. See
|
||
|
<A
|
||
|
HREF="http://ipmasq.cjb.net"
|
||
|
TARGET="_top"
|
||
|
>http://ipmasq.cjb.net</A
|
||
|
>
|
||
|
and the standard Masq-HOWTO for a much better guides.
|
||
|
</P
|
||
|
><P
|
||
|
> This document describes how to enable the Linux IP Masquerade feature
|
||
|
on a given Linux host. IP Masq is a form of Network Address
|
||
|
Translation or NAT that allows internally networked computers that do not
|
||
|
have one or more registered Internet IP addresses to have the ability
|
||
|
to communicate to the Internet via your Linux boxes single Internet IP
|
||
|
address.
|
||
|
</P
|
||
|
><P
|
||
|
> This is all under the GNU Free Documentation License
|
||
|
</P
|
||
|
><P
|
||
|
> <A
|
||
|
HREF="http://www.gnu.org/copyleft/fdl.html"
|
||
|
TARGET="_top"
|
||
|
> http://www.gnu.org/copyleft/fdl.html
|
||
|
</A
|
||
|
>
|
||
|
</P
|
||
|
><P
|
||
|
></P
|
||
|
></DIV
|
||
|
></DIV
|
||
|
><HR></DIV
|
||
|
><DIV
|
||
|
CLASS="TOC"
|
||
|
><DL
|
||
|
><DT
|
||
|
><B
|
||
|
>Table of Contents</B
|
||
|
></DT
|
||
|
><DT
|
||
|
>1. <A
|
||
|
HREF="#INTRO"
|
||
|
>Introduction</A
|
||
|
></DT
|
||
|
><DT
|
||
|
>2. <A
|
||
|
HREF="#SUMMARY"
|
||
|
>Summary: (I like doing summaries first)</A
|
||
|
></DT
|
||
|
><DT
|
||
|
>3. <A
|
||
|
HREF="#INDEPTH"
|
||
|
>Bitmore indepth version</A
|
||
|
></DT
|
||
|
><DT
|
||
|
>4. <A
|
||
|
HREF="#POST-INSTALL"
|
||
|
>Post-install Instructions</A
|
||
|
></DT
|
||
|
><DT
|
||
|
>5. <A
|
||
|
HREF="#FAQ"
|
||
|
>FAQ's - Frequently Asked Compla^H^H^H^H^H^H Questions</A
|
||
|
></DT
|
||
|
></DL
|
||
|
></DIV
|
||
|
><DIV
|
||
|
CLASS="SECT1"
|
||
|
><H1
|
||
|
CLASS="SECT1"
|
||
|
><A
|
||
|
NAME="INTRO"
|
||
|
></A
|
||
|
>1. Introduction</H1
|
||
|
><P
|
||
|
> This is intentionally short and to the point.
|
||
|
</P
|
||
|
><P
|
||
|
> If you have a network, that you want to attach to the outside:
|
||
|
</P
|
||
|
><P
|
||
|
> <DIV
|
||
|
CLASS="MEDIAOBJECT"
|
||
|
><P
|
||
|
><IMG
|
||
|
SRC="network.png"></P
|
||
|
></DIV
|
||
|
>
|
||
|
</P
|
||
|
></DIV
|
||
|
><DIV
|
||
|
CLASS="SECT1"
|
||
|
><HR><H1
|
||
|
CLASS="SECT1"
|
||
|
><A
|
||
|
NAME="SUMMARY"
|
||
|
></A
|
||
|
>2. Summary: (I like doing summaries first)</H1
|
||
|
><P
|
||
|
> Assuming external internet card is eth0, and external IP is 123.12.23.43
|
||
|
and the internal network card is eth1, then:
|
||
|
</P
|
||
|
><TABLE
|
||
|
BORDER="1"
|
||
|
BGCOLOR="#E0E0E0"
|
||
|
WIDTH="100%"
|
||
|
><TR
|
||
|
><TD
|
||
|
><FONT
|
||
|
COLOR="#000000"
|
||
|
><PRE
|
||
|
CLASS="SCREEN"
|
||
|
><TT
|
||
|
CLASS="PROMPT"
|
||
|
>$></TT
|
||
|
> <B
|
||
|
CLASS="COMMAND"
|
||
|
>modprobe ipt_MASQUERADE</B
|
||
|
> # If this fails, try continuing anyway
|
||
|
<TT
|
||
|
CLASS="PROMPT"
|
||
|
>$></TT
|
||
|
> <B
|
||
|
CLASS="COMMAND"
|
||
|
>iptables -F; iptables -t nat -F; iptables -t mangle -F</B
|
||
|
>
|
||
|
<TT
|
||
|
CLASS="PROMPT"
|
||
|
>$></TT
|
||
|
> <B
|
||
|
CLASS="COMMAND"
|
||
|
>iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 123.12.23.43</B
|
||
|
>
|
||
|
<TT
|
||
|
CLASS="PROMPT"
|
||
|
>$></TT
|
||
|
> <B
|
||
|
CLASS="COMMAND"
|
||
|
>echo 1 > /proc/sys/net/ipv4/ip_forward</B
|
||
|
></PRE
|
||
|
></FONT
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
><P
|
||
|
> Or for a dial-up connection:
|
||
|
</P
|
||
|
><TABLE
|
||
|
BORDER="1"
|
||
|
BGCOLOR="#E0E0E0"
|
||
|
WIDTH="100%"
|
||
|
><TR
|
||
|
><TD
|
||
|
><FONT
|
||
|
COLOR="#000000"
|
||
|
><PRE
|
||
|
CLASS="SCREEN"
|
||
|
><TT
|
||
|
CLASS="PROMPT"
|
||
|
>$></TT
|
||
|
> <B
|
||
|
CLASS="COMMAND"
|
||
|
>modprobe ipt_MASQUERADE</B
|
||
|
> # If this fails, try continuing anyway
|
||
|
<TT
|
||
|
CLASS="PROMPT"
|
||
|
>$></TT
|
||
|
> <B
|
||
|
CLASS="COMMAND"
|
||
|
>iptables -F; iptables -t nat -F; iptables -t mangle -F</B
|
||
|
>
|
||
|
<TT
|
||
|
CLASS="PROMPT"
|
||
|
>$></TT
|
||
|
> <B
|
||
|
CLASS="COMMAND"
|
||
|
>iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE</B
|
||
|
>
|
||
|
<TT
|
||
|
CLASS="PROMPT"
|
||
|
>$></TT
|
||
|
> <B
|
||
|
CLASS="COMMAND"
|
||
|
>echo 1 > /proc/sys/net/ipv4/ip_forward</B
|
||
|
></PRE
|
||
|
></FONT
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
><P
|
||
|
> Then to secure it:
|
||
|
</P
|
||
|
><TABLE
|
||
|
BORDER="1"
|
||
|
BGCOLOR="#E0E0E0"
|
||
|
WIDTH="100%"
|
||
|
><TR
|
||
|
><TD
|
||
|
><FONT
|
||
|
COLOR="#000000"
|
||
|
><PRE
|
||
|
CLASS="SCREEN"
|
||
|
><TT
|
||
|
CLASS="PROMPT"
|
||
|
>$></TT
|
||
|
> <B
|
||
|
CLASS="COMMAND"
|
||
|
>iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT</B
|
||
|
>
|
||
|
<TT
|
||
|
CLASS="PROMPT"
|
||
|
>$></TT
|
||
|
> <B
|
||
|
CLASS="COMMAND"
|
||
|
>iptables -A INPUT -m state --state NEW -i ! eth0 -j ACCEPT</B
|
||
|
>
|
||
|
<TT
|
||
|
CLASS="PROMPT"
|
||
|
>$></TT
|
||
|
> <B
|
||
|
CLASS="COMMAND"
|
||
|
>iptables -P INPUT DROP</B
|
||
|
> #only if the first two are succesful
|
||
|
<TT
|
||
|
CLASS="PROMPT"
|
||
|
>$></TT
|
||
|
> <B
|
||
|
CLASS="COMMAND"
|
||
|
>iptables -A FORWARD -i eth0 -o eth0 -j REJECT</B
|
||
|
></PRE
|
||
|
></FONT
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
><P
|
||
|
> Or for a dial-up connection (with eth0 as the internal network card):
|
||
|
</P
|
||
|
><TABLE
|
||
|
BORDER="1"
|
||
|
BGCOLOR="#E0E0E0"
|
||
|
WIDTH="100%"
|
||
|
><TR
|
||
|
><TD
|
||
|
><FONT
|
||
|
COLOR="#000000"
|
||
|
><PRE
|
||
|
CLASS="SCREEN"
|
||
|
><TT
|
||
|
CLASS="PROMPT"
|
||
|
>$></TT
|
||
|
> <B
|
||
|
CLASS="COMMAND"
|
||
|
>iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT</B
|
||
|
>
|
||
|
<TT
|
||
|
CLASS="PROMPT"
|
||
|
>$></TT
|
||
|
> <B
|
||
|
CLASS="COMMAND"
|
||
|
>iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT</B
|
||
|
>
|
||
|
<TT
|
||
|
CLASS="PROMPT"
|
||
|
>$></TT
|
||
|
> <B
|
||
|
CLASS="COMMAND"
|
||
|
>iptables -P INPUT DROP</B
|
||
|
> #only if the first two are succesful
|
||
|
<TT
|
||
|
CLASS="PROMPT"
|
||
|
>$></TT
|
||
|
> <B
|
||
|
CLASS="COMMAND"
|
||
|
>iptables -A FORWARD -i ppp0 -o ppp0 -j REJECT</B
|
||
|
></PRE
|
||
|
></FONT
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
><P
|
||
|
> And thats it! To view the rules do "<B
|
||
|
CLASS="COMMAND"
|
||
|
>iptables -t nat -L</B
|
||
|
>"
|
||
|
</P
|
||
|
></DIV
|
||
|
><DIV
|
||
|
CLASS="SECT1"
|
||
|
><HR><H1
|
||
|
CLASS="SECT1"
|
||
|
><A
|
||
|
NAME="INDEPTH"
|
||
|
></A
|
||
|
>3. Bitmore indepth version</H1
|
||
|
><P
|
||
|
> Compiling the kernel: (Use a 2.4.x kernel or greater)
|
||
|
</P
|
||
|
><P
|
||
|
> You need the following support in the kernel:
|
||
|
</P
|
||
|
><P
|
||
|
></P
|
||
|
><UL
|
||
|
><LI
|
||
|
><P
|
||
|
> Under Networking Options
|
||
|
</P
|
||
|
><P
|
||
|
></P
|
||
|
><UL
|
||
|
><LI
|
||
|
><P
|
||
|
> Network packet filtering (CONFIG_NETFILTER)
|
||
|
</P
|
||
|
></LI
|
||
|
></UL
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> Under Networking Options->Netfilter Configuration
|
||
|
</P
|
||
|
><P
|
||
|
></P
|
||
|
><UL
|
||
|
><LI
|
||
|
><P
|
||
|
> Connection tracking (CONFIG_IP_NF_CONNTRACK)
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> FTP Protocol support (CONFIG_IP_NF_FTP)
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> IP tables support (CONFIG_IP_NF_IPTABLES)
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
>
|
||
|
Connection state match support (CONFIG_IP_NF_MATCH_STATE)
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> Packet filtering (CONFIG_IP_NF_FILTER)
|
||
|
</P
|
||
|
><P
|
||
|
></P
|
||
|
><UL
|
||
|
><LI
|
||
|
><P
|
||
|
> REJECT target support (CONFIG_IP_NF_TARGET_REJECT)
|
||
|
</P
|
||
|
></LI
|
||
|
></UL
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> Full NAT (CONFIG_IP_NF_NAT)
|
||
|
</P
|
||
|
><P
|
||
|
></P
|
||
|
><UL
|
||
|
><LI
|
||
|
><P
|
||
|
> MASQUERADE target support (CONFIG_IP_NF_TARGET_MASQUERADE)
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> REDIRECT target support (CONFIG_IP_NF_TARGET_REDIRECT)
|
||
|
</P
|
||
|
></LI
|
||
|
></UL
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> Packet mangling (CONFIG_IP_NF_MANGLE)
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> LOG target support (CONFIG_IP_NF_TARGET_LOG)
|
||
|
</P
|
||
|
></LI
|
||
|
></UL
|
||
|
></LI
|
||
|
></UL
|
||
|
><P
|
||
|
> First, if the iptable and masq modules are not compiled into the kernel and
|
||
|
not installed, but do exist as modules, we need to install them.
|
||
|
If you insmod ipt_MASQUERADE it will load ip_tables, ip_conntrack and
|
||
|
iptable_nat.
|
||
|
</P
|
||
|
><TABLE
|
||
|
BORDER="1"
|
||
|
BGCOLOR="#E0E0E0"
|
||
|
WIDTH="100%"
|
||
|
><TR
|
||
|
><TD
|
||
|
><FONT
|
||
|
COLOR="#000000"
|
||
|
><PRE
|
||
|
CLASS="SCREEN"
|
||
|
><TT
|
||
|
CLASS="PROMPT"
|
||
|
>$></TT
|
||
|
> <B
|
||
|
CLASS="COMMAND"
|
||
|
>modprobe ipt_MASQERADE</B
|
||
|
></PRE
|
||
|
></FONT
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
><P
|
||
|
> Now either your Intranet is large, or you're just trying to get two or three
|
||
|
machines to work on the internet - it doesn't make much difference either way.
|
||
|
</P
|
||
|
><P
|
||
|
> Okay, I'm assuming that you have no other rules, so do:
|
||
|
</P
|
||
|
><TABLE
|
||
|
BORDER="1"
|
||
|
BGCOLOR="#E0E0E0"
|
||
|
WIDTH="100%"
|
||
|
><TR
|
||
|
><TD
|
||
|
><FONT
|
||
|
COLOR="#000000"
|
||
|
><PRE
|
||
|
CLASS="SCREEN"
|
||
|
><TT
|
||
|
CLASS="PROMPT"
|
||
|
>$></TT
|
||
|
> <B
|
||
|
CLASS="COMMAND"
|
||
|
>iptables -F; iptables -t nat -F; iptables -t mangle -F</B
|
||
|
></PRE
|
||
|
></FONT
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
><P
|
||
|
> If you get an error saying can't find iptables, go find it and install it.
|
||
|
If it says no such table 'nat', recompile the kernel with nat support. If
|
||
|
it says no such table as 'mangle', don't worry about it, it's not necessary
|
||
|
for MASQ'ing. If it says iptables is incompatible with your kernel, go get > 2.4
|
||
|
and compile that with iptables support.
|
||
|
</P
|
||
|
><P
|
||
|
> Then if you have a static ip do (e.g. network card not using DHCP):
|
||
|
</P
|
||
|
><TABLE
|
||
|
BORDER="1"
|
||
|
BGCOLOR="#E0E0E0"
|
||
|
WIDTH="100%"
|
||
|
><TR
|
||
|
><TD
|
||
|
><FONT
|
||
|
COLOR="#000000"
|
||
|
><PRE
|
||
|
CLASS="SCREEN"
|
||
|
><TT
|
||
|
CLASS="PROMPT"
|
||
|
>$></TT
|
||
|
> <B
|
||
|
CLASS="COMMAND"
|
||
|
>iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 123.12.23.43</B
|
||
|
></PRE
|
||
|
></FONT
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
><P
|
||
|
> or for dynamic (e.g. a modem - you have to call a number first):
|
||
|
</P
|
||
|
><TABLE
|
||
|
BORDER="1"
|
||
|
BGCOLOR="#E0E0E0"
|
||
|
WIDTH="100%"
|
||
|
><TR
|
||
|
><TD
|
||
|
><FONT
|
||
|
COLOR="#000000"
|
||
|
><PRE
|
||
|
CLASS="SCREEN"
|
||
|
><TT
|
||
|
CLASS="PROMPT"
|
||
|
>$></TT
|
||
|
> <B
|
||
|
CLASS="COMMAND"
|
||
|
>iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE</B
|
||
|
></PRE
|
||
|
></FONT
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
><P
|
||
|
> Then finally to tell the kernel yes, you really do want to start forwarding
|
||
|
packets: (This only needs to be done once per reboot - but dosen't hurt to
|
||
|
do it lots)
|
||
|
</P
|
||
|
><TABLE
|
||
|
BORDER="1"
|
||
|
BGCOLOR="#E0E0E0"
|
||
|
WIDTH="100%"
|
||
|
><TR
|
||
|
><TD
|
||
|
><FONT
|
||
|
COLOR="#000000"
|
||
|
><PRE
|
||
|
CLASS="SCREEN"
|
||
|
><TT
|
||
|
CLASS="PROMPT"
|
||
|
>$></TT
|
||
|
> <B
|
||
|
CLASS="COMMAND"
|
||
|
>echo 1 > /proc/sys/net/ipv4/ip_forward</B
|
||
|
></PRE
|
||
|
></FONT
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
><P
|
||
|
> Once you have checked this all works (See under Post-install) only allow
|
||
|
masquerading from the internal network - you don't want to allow people on
|
||
|
the internet to use it after all :)
|
||
|
</P
|
||
|
><P
|
||
|
> First, allow any existing connections, or anything related (e.g. ftp server
|
||
|
connecting back to you)
|
||
|
</P
|
||
|
><TABLE
|
||
|
BORDER="1"
|
||
|
BGCOLOR="#E0E0E0"
|
||
|
WIDTH="100%"
|
||
|
><TR
|
||
|
><TD
|
||
|
><FONT
|
||
|
COLOR="#000000"
|
||
|
><PRE
|
||
|
CLASS="SCREEN"
|
||
|
><TT
|
||
|
CLASS="PROMPT"
|
||
|
>$></TT
|
||
|
> <B
|
||
|
CLASS="COMMAND"
|
||
|
>iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT</B
|
||
|
></PRE
|
||
|
></FONT
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
><P
|
||
|
> If this gives an error, then you most likely don't have state tracking in
|
||
|
the kernel - go recompile. Then allow new connections only from our
|
||
|
intranet (local/internal network). Replace the ppp0 with eth0 or
|
||
|
whatever your <EM
|
||
|
>external</EM
|
||
|
> device is. (The ! means anything but)
|
||
|
</P
|
||
|
><TABLE
|
||
|
BORDER="1"
|
||
|
BGCOLOR="#E0E0E0"
|
||
|
WIDTH="100%"
|
||
|
><TR
|
||
|
><TD
|
||
|
><FONT
|
||
|
COLOR="#000000"
|
||
|
><PRE
|
||
|
CLASS="SCREEN"
|
||
|
><TT
|
||
|
CLASS="PROMPT"
|
||
|
>$></TT
|
||
|
> <B
|
||
|
CLASS="COMMAND"
|
||
|
>iptables -A INPUT -m state --state NEW -i ! ppp0 -j ACCEPT</B
|
||
|
></PRE
|
||
|
></FONT
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
><P
|
||
|
> And now deny everything else:
|
||
|
</P
|
||
|
><TABLE
|
||
|
BORDER="1"
|
||
|
BGCOLOR="#E0E0E0"
|
||
|
WIDTH="100%"
|
||
|
><TR
|
||
|
><TD
|
||
|
><FONT
|
||
|
COLOR="#000000"
|
||
|
><PRE
|
||
|
CLASS="SCREEN"
|
||
|
><TT
|
||
|
CLASS="PROMPT"
|
||
|
>$></TT
|
||
|
> <B
|
||
|
CLASS="COMMAND"
|
||
|
>iptables -P INPUT DROP</B
|
||
|
> #only if the first two are succesful</PRE
|
||
|
></FONT
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
><P
|
||
|
> If either of the first two rules failed, then this last rule with prevent
|
||
|
the masquerading from working at all. To undo this rule do
|
||
|
"<B
|
||
|
CLASS="COMMAND"
|
||
|
>iptables -P INPUT ACCEPT</B
|
||
|
>".
|
||
|
</P
|
||
|
></DIV
|
||
|
><DIV
|
||
|
CLASS="SECT1"
|
||
|
><HR><H1
|
||
|
CLASS="SECT1"
|
||
|
><A
|
||
|
NAME="POST-INSTALL"
|
||
|
></A
|
||
|
>4. Post-install Instructions</H1
|
||
|
><P
|
||
|
> And it should all work now. Don't forget to:
|
||
|
</P
|
||
|
><P
|
||
|
></P
|
||
|
><UL
|
||
|
><LI
|
||
|
><P
|
||
|
> Setup all the clients on the internal network to point to the Linux
|
||
|
internal IP address as their gateway.
|
||
|
(In windows right-click network neighbourhood->properties->gateway
|
||
|
then change it to the Linux gateway internal ip.)
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> Setup all the clients to use your ISP's HTTP proxy if they have one,
|
||
|
use a transparent proxy (WARNING - I've heard reports of transparent
|
||
|
proxying to be very slow on very big networks), or run squid on your
|
||
|
new linux gateway. (This is optional, but preferrable for large networks)
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> Be sure to specify a DNS when setting up your clients. Otherwise
|
||
|
you will get errors on the clients saying 'cannot resolve address'
|
||
|
etc. If DNS used to work (URL address worked) but doesn't after
|
||
|
you setup Masquerading, this is because your ISP's/network's DHCP
|
||
|
server can no longer tell you what the DNS address is.
|
||
|
</P
|
||
|
><P
|
||
|
> [Offtopic] I wonder if you could simply send out a dhcp broadcast
|
||
|
that just forwards on the dns server (and http_proxy while you're at
|
||
|
it) without having to setup a dhcp server (or even if you do).
|
||
|
Can someone mail me about this? :)
|
||
|
</P
|
||
|
><P
|
||
|
> Thanks to Richard Atcheson for pointing this out.
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> Now you should start securing it! First turn off forwarding in general:
|
||
|
"<B
|
||
|
CLASS="COMMAND"
|
||
|
>iptables -P FORWARD DROP</B
|
||
|
>", and then learn how to use
|
||
|
iptables and <TT
|
||
|
CLASS="FILENAME"
|
||
|
>/etc/hosts.allow</TT
|
||
|
> and
|
||
|
<TT
|
||
|
CLASS="FILENAME"
|
||
|
>/etc/hosts.deny</TT
|
||
|
> to secure your system. WARNING
|
||
|
- Don't try this mentioned iptables rule until you have the masquerading
|
||
|
working. You have to explicitely allow every packet through that you want
|
||
|
if you are going to set the last rule to be DENY.
|
||
|
(Undo with "<B
|
||
|
CLASS="COMMAND"
|
||
|
>iptables -P FORWARD ACCEPT</B
|
||
|
>")
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> Allow through any services you do want the internet to see.
|
||
|
</P
|
||
|
><P
|
||
|
> For an example, to allow access to your web server do:
|
||
|
</P
|
||
|
><TABLE
|
||
|
BORDER="1"
|
||
|
BGCOLOR="#E0E0E0"
|
||
|
WIDTH="90%"
|
||
|
><TR
|
||
|
><TD
|
||
|
><FONT
|
||
|
COLOR="#000000"
|
||
|
><PRE
|
||
|
CLASS="SCREEN"
|
||
|
><TT
|
||
|
CLASS="PROMPT"
|
||
|
>$></TT
|
||
|
> <B
|
||
|
CLASS="COMMAND"
|
||
|
>iptables -A INPUT --protocol tcp --dport 80 -j ACCEPT</B
|
||
|
>
|
||
|
<TT
|
||
|
CLASS="PROMPT"
|
||
|
>$></TT
|
||
|
> <B
|
||
|
CLASS="COMMAND"
|
||
|
>iptables -A INPUT --protocol tcp --dport 443 -j ACCEPT</B
|
||
|
></PRE
|
||
|
></FONT
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
><P
|
||
|
> To allow ident (For connecting to irc etc) do
|
||
|
</P
|
||
|
><TABLE
|
||
|
BORDER="1"
|
||
|
BGCOLOR="#E0E0E0"
|
||
|
WIDTH="90%"
|
||
|
><TR
|
||
|
><TD
|
||
|
><FONT
|
||
|
COLOR="#000000"
|
||
|
><PRE
|
||
|
CLASS="SCREEN"
|
||
|
><TT
|
||
|
CLASS="PROMPT"
|
||
|
>$></TT
|
||
|
> <B
|
||
|
CLASS="COMMAND"
|
||
|
>iptables -A INPUT --protocol tcp --dport 113 -j ACCEPT</B
|
||
|
></PRE
|
||
|
></FONT
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
></LI
|
||
|
></UL
|
||
|
><P
|
||
|
> To test it:
|
||
|
</P
|
||
|
><P
|
||
|
></P
|
||
|
><UL
|
||
|
><LI
|
||
|
><P
|
||
|
> Try connecting from a client to the web using an IP. Google's IP is
|
||
|
216.239.33.100 (well that's one of them) and you should be able to get a
|
||
|
reply from that. e.g. "<B
|
||
|
CLASS="COMMAND"
|
||
|
>ping 216.239.33.100</B
|
||
|
>"
|
||
|
"<B
|
||
|
CLASS="COMMAND"
|
||
|
>lynx 216.239.33.100</B
|
||
|
>".
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> Try a full out connection by name. e.g. "<B
|
||
|
CLASS="COMMAND"
|
||
|
>ping google.com</B
|
||
|
>"
|
||
|
"<B
|
||
|
CLASS="COMMAND"
|
||
|
>lynx google.com</B
|
||
|
>" or from Internet Explorer / netscape.
|
||
|
</P
|
||
|
></LI
|
||
|
></UL
|
||
|
><P
|
||
|
> Where eth0 is the external Internet card, and 123.12.23.43 is the external
|
||
|
ip of that machine.
|
||
|
</P
|
||
|
></DIV
|
||
|
><DIV
|
||
|
CLASS="SECT1"
|
||
|
><HR><H1
|
||
|
CLASS="SECT1"
|
||
|
><A
|
||
|
NAME="FAQ"
|
||
|
></A
|
||
|
>5. FAQ's - Frequently Asked Compla^H^H^H^H^H^H Questions</H1
|
||
|
><P
|
||
|
></P
|
||
|
><UL
|
||
|
><LI
|
||
|
><P
|
||
|
> How do I list the rules I've got so far?
|
||
|
</P
|
||
|
><P
|
||
|
> - Try
|
||
|
<TABLE
|
||
|
BORDER="1"
|
||
|
BGCOLOR="#E0E0E0"
|
||
|
WIDTH="90%"
|
||
|
><TR
|
||
|
><TD
|
||
|
><FONT
|
||
|
COLOR="#000000"
|
||
|
><PRE
|
||
|
CLASS="SCREEN"
|
||
|
><TT
|
||
|
CLASS="PROMPT"
|
||
|
>$></TT
|
||
|
> <B
|
||
|
CLASS="COMMAND"
|
||
|
>iptables -L</B
|
||
|
>
|
||
|
<TT
|
||
|
CLASS="PROMPT"
|
||
|
>$></TT
|
||
|
> <B
|
||
|
CLASS="COMMAND"
|
||
|
>iptables -t nat -L</B
|
||
|
></PRE
|
||
|
></FONT
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
>
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> It won't resolve IP's! I'm typing 'www.microsoft.com' in and it says
|
||
|
it can't find it!
|
||
|
</P
|
||
|
><P
|
||
|
> - Make sure you add the dns server ip to all the clients.
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
>
|
||
|
It don't work! It doesn't like iptables / NAT / SNAT / MASQ
|
||
|
</P
|
||
|
><P
|
||
|
> - Go get the latest kernel, and compile with iptables and full NAT support.
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> It don't work! The masquerading doesn't work at all! Die scum!
|
||
|
</P
|
||
|
><P
|
||
|
> - Try <B
|
||
|
CLASS="COMMAND"
|
||
|
>echo 1 > /proc/sys/net/ipv4/ip_forward</B
|
||
|
>
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> It don't work! I can't use the network at all and I hate you!
|
||
|
</P
|
||
|
><P
|
||
|
> - Try
|
||
|
<TABLE
|
||
|
BORDER="1"
|
||
|
BGCOLOR="#E0E0E0"
|
||
|
WIDTH="90%"
|
||
|
><TR
|
||
|
><TD
|
||
|
><FONT
|
||
|
COLOR="#000000"
|
||
|
><PRE
|
||
|
CLASS="SCREEN"
|
||
|
><TT
|
||
|
CLASS="PROMPT"
|
||
|
>$></TT
|
||
|
> <B
|
||
|
CLASS="COMMAND"
|
||
|
>iptables -F</B
|
||
|
>
|
||
|
<TT
|
||
|
CLASS="PROMPT"
|
||
|
>$></TT
|
||
|
> <B
|
||
|
CLASS="COMMAND"
|
||
|
>iptables -t nat -F</B
|
||
|
>
|
||
|
<TT
|
||
|
CLASS="PROMPT"
|
||
|
>$></TT
|
||
|
> <B
|
||
|
CLASS="COMMAND"
|
||
|
>iptables -t mangle -F</B
|
||
|
></PRE
|
||
|
></FONT
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
>
|
||
|
</P
|
||
|
><P
|
||
|
> (all rules went bye-bye) then rerun the other iptables rules.
|
||
|
</P
|
||
|
><P
|
||
|
> - Try <B
|
||
|
CLASS="COMMAND"
|
||
|
>iptables -P FORWARD ACCEPT</B
|
||
|
>
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> It still don't work!
|
||
|
</P
|
||
|
><P
|
||
|
> - Hmm, does "<B
|
||
|
CLASS="COMMAND"
|
||
|
>dmesg | tail</B
|
||
|
>" give any errors?
|
||
|
or "<B
|
||
|
CLASS="COMMAND"
|
||
|
>cat /var/log/messages | tail</B
|
||
|
>" ? Like I care tho...
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> I don't get, it just ain't working!
|
||
|
</P
|
||
|
><P
|
||
|
> - I dunno.. but you should be able to:
|
||
|
</P
|
||
|
><TABLE
|
||
|
BORDER="1"
|
||
|
BGCOLOR="#E0E0E0"
|
||
|
WIDTH="90%"
|
||
|
><TR
|
||
|
><TD
|
||
|
><FONT
|
||
|
COLOR="#000000"
|
||
|
><PRE
|
||
|
CLASS="SCREEN"
|
||
|
> 1) From the gateway machine, ping the outside
|
||
|
2) From the gateway ping your internal machines
|
||
|
3) From the internal machines ping the gateway</PRE
|
||
|
></FONT
|
||
|
></TD
|
||
|
></TR
|
||
|
></TABLE
|
||
|
><P
|
||
|
> And this is <EM
|
||
|
>before</EM
|
||
|
> you play with masq'ing
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> Where do I put this stuff?
|
||
|
</P
|
||
|
><P
|
||
|
> - In the <TT
|
||
|
CLASS="FILENAME"
|
||
|
>/etc/network/interfaces</TT
|
||
|
> file, or
|
||
|
firewall.rc. If you put it in the interfaces file, then put
|
||
|
it as a pre-up to the external interface, and have
|
||
|
"<B
|
||
|
CLASS="COMMAND"
|
||
|
>iptables -t nat -F</B
|
||
|
>" as the post-down.
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> How do I get it to only bring the ppp up on demand?
|
||
|
</P
|
||
|
><P
|
||
|
> - Assuming your ISP gateway IP is say 23.43.12.43 for arguments sake, then
|
||
|
append a line like this:
|
||
|
</P
|
||
|
><P
|
||
|
>
|
||
|
<B
|
||
|
CLASS="COMMAND"
|
||
|
>:23.43.12.43</B
|
||
|
>
|
||
|
</P
|
||
|
><P
|
||
|
> to <TT
|
||
|
CLASS="FILENAME"
|
||
|
>/etc/ppp/peers/provider</TT
|
||
|
> at the end.
|
||
|
(this is for dynamic IP - static IP would be
|
||
|
my.<B
|
||
|
CLASS="COMMAND"
|
||
|
>external.ip.number:23.43.12.43</B
|
||
|
> )
|
||
|
</P
|
||
|
><P
|
||
|
> Then at the end of that file add on a newline:
|
||
|
</P
|
||
|
><P
|
||
|
> <B
|
||
|
CLASS="COMMAND"
|
||
|
>demand</B
|
||
|
>
|
||
|
</P
|
||
|
><P
|
||
|
> Pppd will remain in the background to redial the connection on demand
|
||
|
if it's dropped until you do an "<B
|
||
|
CLASS="COMMAND"
|
||
|
>ifdown ppp0</B
|
||
|
>" or
|
||
|
a "<B
|
||
|
CLASS="COMMAND"
|
||
|
>poff</B
|
||
|
>", unless you add
|
||
|
a "<B
|
||
|
CLASS="COMMAND"
|
||
|
>nopersist</B
|
||
|
>" option, in which case pppd will exit after the connection
|
||
|
is up. You can also add on a new line "<B
|
||
|
CLASS="COMMAND"
|
||
|
>idle 600</B
|
||
|
>" to disconnect after 10
|
||
|
mins of idleness.
|
||
|
</P
|
||
|
><P
|
||
|
> </P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> The connection keeps dropping!
|
||
|
</P
|
||
|
><P
|
||
|
> - First, do you have demand dialing? Is it just doing what it is supposed
|
||
|
to?
|
||
|
Check <TT
|
||
|
CLASS="FILENAME"
|
||
|
>/etc/ppp/peers/provider</TT
|
||
|
>, and make sure your dial up works fine
|
||
|
before attempting masq'ing.
|
||
|
</P
|
||
|
><P
|
||
|
> - Secondly, if not, then perhaps, like me, something is going weird, and
|
||
|
you need to fall back to Linux 2.4.3 and see if that works instead.. dunno
|
||
|
why.
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> I hate doing this myself! I want a pre-made script and GUI and stuff.
|
||
|
</P
|
||
|
><P
|
||
|
> - Sure: <A
|
||
|
HREF="http://shorewall.sourceforge.net/"
|
||
|
TARGET="_top"
|
||
|
> http://shorewall.sourceforge.net/</A
|
||
|
>
|
||
|
</P
|
||
|
><P
|
||
|
> Eat your heart out!
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> Do I count Cable modems as static or dynamic IP's?
|
||
|
</P
|
||
|
><P
|
||
|
> - Good question.. might as well make it dynamic.
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> Do I count DHCP network cards as static or dynamic IP's?
|
||
|
</P
|
||
|
><P
|
||
|
> - They are dynamic.
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> How do I handle incomming services?
|
||
|
</P
|
||
|
><P
|
||
|
> - Try forwarding or redirecting the IP ports - again make
|
||
|
sure you firewall this if needed.
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> From the clients, I can ping the linux gateway's external IP
|
||
|
address, but can't access the internet.
|
||
|
</P
|
||
|
><P
|
||
|
> - Okay, try doing "<B
|
||
|
CLASS="COMMAND"
|
||
|
>rmmod iptable_filter</B
|
||
|
>" - more
|
||
|
info on this as I get it.
|
||
|
</P
|
||
|
><P
|
||
|
> - Make sure your not running <EM
|
||
|
>routed</EM
|
||
|
> or
|
||
|
<EM
|
||
|
>gated</EM
|
||
|
> - to check run
|
||
|
"<B
|
||
|
CLASS="COMMAND"
|
||
|
>ps aux | grep -e routed -e gated</B
|
||
|
>".
|
||
|
</P
|
||
|
><P
|
||
|
> - Look at <A
|
||
|
HREF="http://ipmasq.cjb.net"
|
||
|
TARGET="_top"
|
||
|
>http://ipmasq.cjb.net</A
|
||
|
>
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> How can I view the connections establish? Something like netstat..
|
||
|
</P
|
||
|
><P
|
||
|
> - Try cat /proc/net/ip_conntrack
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> I need more squid info and routing and stuff!
|
||
|
</P
|
||
|
><P
|
||
|
> - Try the Advanced Routing HOWTO
|
||
|
http://www.linuxdoc.org/HOWTO/Adv-Routing-HOWTO.html
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> This howto is crap! How do I yell at the guys who wrote this?
|
||
|
</P
|
||
|
><P
|
||
|
> - Go to #debian on irc.opensource.net and find and locate JohnFlux.
|
||
|
- Mail me (JohnFlux) at tapselj0@cs.man.ac.uk
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> This howto is crap! How can I see better versions?
|
||
|
</P
|
||
|
><P
|
||
|
> - Try <A
|
||
|
HREF="http://ipmasq.cjb.net"
|
||
|
TARGET="_top"
|
||
|
>http://ipmasq.cjb.net</A
|
||
|
>
|
||
|
</P
|
||
|
><P
|
||
|
> - Consult the LDP Masq-HOWTO.
|
||
|
</P
|
||
|
></LI
|
||
|
><LI
|
||
|
><P
|
||
|
> What else are you working on?
|
||
|
</P
|
||
|
><P
|
||
|
> Currently I'm writing a guide on linux on anti-missile-missiles-made-simple.
|
||
|
There's no good guides on protecting your system from nuclear attacks
|
||
|
for newbies. People seem to think its rocket science or something..
|
||
|
</P
|
||
|
></LI
|
||
|
></UL
|
||
|
></DIV
|
||
|
></DIV
|
||
|
></BODY
|
||
|
></HTML
|
||
|
>
|