Although I've never set up masquerading myself, since nobody else has
responded, and since it's easy to answer some of the questions, here goes:
First of all, read the IP-Masquerade-HOWTO (it's on RedHat's Documentation
CD-rom, for example).
I assume eth0 is what you use to talk to the outside world, and eth1 will
be what you use to talk to your internal network. In that case, you have to
setup the second NIC on your server. Use, for example, netcfg, click on
"Interfaces", and set up eth1 like eth0 except with IP address, say,
192.168.0.1. From the "Routing" option of netcfg check "Network Packet
Forwarding" (that probably will change /etc/sysconfig/network so that it has
FORWARD_IPV4="yes"). This may make "echo 1 > /proc/sys/net/ipv4/ip_forward"
unnecessary. But according to the HOWTO you may want
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
For your firewall, you probably want commands like:
ipchains -A input -i eth1 -s 192.168.0.0/24 -j ACCEPT
ipchains -A input -i eth1 -p udp -s 0/0 67 -d 0/0 68 -j ACCEPT
ipchains -A input -i eth0 -s 192.168.0.0/24 -j DENY
ipchains -A forward -i eth0 -s 192.168.0.0/24 -j MASQ
I don't know why (or whether) the 2nd command is needed, but it's in the
HOWTO.
On the client machines, use netcfg to give them each a different
internal IP address (say, 192.168.0.2, 192.168.0.3, ...). I expect you
want their nameserver(s) to be the same as the one(s) used by the machine
connected to the outside world, and their default gateway (from the
"Routing" option of netcfg) to be 192.168.0.1. That way when one of the
internal machines wants to know what IP number corresponds to an IP name,
it sends its request through 192.168.0.1, which forwards the request to
the nameserver and forwards the reply to the internal machine. Of course,
the DNS doesn't know the correspondence between machine names and IP
numbers for your internal network, but each of your own machines can be
given the information with the "Hosts" option of netcfg. So far as DHCP
is concerned, I don't know how you get the nameserver. But if DHCP puts
the nameserver(s) in /etc/resolv.conf of the computer connected to the
rest of the world, the same one(s) should work for your internal network,
at least until your provider changes them. Or maybe if no nameservers are
specified, the system is clever enough to send a request to 192.168.0.1,
and your server is then clever enough to know it should resolve the
question using its DNS?
On Mon, 19 Aug 2002, Howard Hoover wrote:
> Question from a Linux newbie. I'm trying to setup internet connection
> sharing under RedHat 7.1 (version 7.1 was included on CD in the back of a
> book I'm reading to learn Linux). Anyway, my textbook refers to internet
> connection sharing as IP Masquerading and discusses the Linux command
> "ipchains". The example on how to setup this feature displays the following
> commands:
>
> ipchains -P forward DENY
> ipchains -A forward -j MASQ
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> I can't seem to get this to work on my small home LAN. To make sure its not
> a permissions issue, I login as "root" when I enter the commands. My RedHat
> box has two ethernet NIC's. One NIC connected to a cable modem (which is up
> and running on the internet). The other NIC is connected to a hub and the
> rest of my internal LAN.
>
> One area the textbook glosses over is the IP configuration of the LAN NIC.
> My cable modem NIC receives IP configuration by DHCP - nothing to configure.
> I read where the NIC for the LAN is supposed to use a private IP address
> (I'm using 192.168.0.1) but, what about Gateway and DNS? My book doesn't
> explain this well. And where to you go in RH 7.1 to change IP configuration
> on a NIC anyway? Is there a point-and-click GUI, or do you edit a
> configuration file somewhere?
>
> Thanks in advance. I'm really looking forward to the day I break my
> Microsoft addiction.
>
> Howard
>
>
>
>
> _______________________________________________
> Seawolf-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/seawolf-list
>
--
Steven Yellin
_______________________________________________
Seawolf-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/seawolf-list
