How to get your lan on the internet

3 Mar 1997 11:17:19 -0000 

Debians:

Following is a description of the steps I took to implement  ip masquerading 
via a firewall. This allows computers on a lan to access the internet via a 
dynamically allocated PPP link.  In a nutshell, it facilitates the 
functionality inherent within a class B internet domain without having a class 
B domain.

B-E-A-W-R-E if you do this, there is the potential that some external entity, 
human or otherwise could infest your computer, network or nodes causing 
accidental or malicious damage. Check your deamons. 

Special thanks to Terry Dawson for his HOWTO ( Debian Doc file NET-2-HOWT0) 
entitled Linux NET-2/3-HOWTO v3.5 Dated January 16, 1996. Even though this doc 
is a little out dated, it got me on the right track.

1.  Make certain IP firewall and masquerading are configure into you Linux 
kernel (go to /usr/src/linux and read. I included everything that has to to 
with networking into the kernel and not as a module)
2.  Make sure your ip link to your ISP  is running properly.
3.  Set the default route of all nodes on your lan to your Linux box using the 
ip address of your network interface. ( you don't know the ip address of your 
ISP interface because its dynamic). 
4.  If your Linux box has its DNS running you can use it or else use your ISPs 
DNS.
5.  Type in /etc/init.d/ppp stop
6.  edit /etc/init.d/network and append the following line.  
       ipfwadm -F -a accept -m -P all -S XXX.XXX.XXX.0/24 -D 0.0.0.0/  Where    
       XXX.XXX.XXX is your network ip address or the first three octets of your 
 lan 
       interface
7.   Type in /etc/init.d/ppp start
8.  Ping only seems to work from the Linux host even though all protocols are 
enabled (ICMP, TCP, UDP), so from a host on your lan, telnet, or set your 
browser to your favorite location.
9.  To view your active firewall list rules enter ipfwadm -Fl
10.  To view your active masquerading list enter ipfwadm -Ml (*NOTE*: by 
default masquerades have a time out value and will only show up in a listing if 
any are present. You have to move some traffic through your Linux box.

Cool eh!



Peter Iannarelli                                        Live hard, die young, 
that way you make a 
                                                                gook looking 
corpse .

Reply via email to