Shaya Potter said: > All my experience with linux networking has either been plain lans or > just setting up PPP. I am sure I need to role my own kernel with things > like IP mascarading, but do I also need firewalling and ip-forwarding.
There is a IP-Masquerading mini-HOWTO on suniste.unc.edu, I believe. You need to compile a kernel with "CONFIG_EXPERIMENTAL=y", "CONFIG_FIREWALL=y", "CONFIG_IP_FORWARD=y", "CONFIG_IP_FIREWALL=y", and "CONFIG_IP_MASQUERADE=y". Then, setup the masquerading with: # default policy deny forwarding (to prevent any packets from "escaping" /sbin/ipfwadm -F -p deny # allow forwarding on the local net (in case you have any PPP connections # via null-modem or modem) /sbin/ipfwadm -F -a accept -S localnet/24 -D localnet/24 # masquerade anything from the localnet /sbin/ipfwadm -F -a masquerade -S localnet/24 -D 0.0.0.0/0 # to allow ftp to work (there are also irc and realaudio modules) /sbin/modprobe ip_masq_ftp # add this if you have any microslop boxes (there is a bug in them which # will bring your ISP connection up every 7-10minutes if you don't add this) /sbin/ipfwadm -I -a deny -S localnet/24 netbios-ns -D <this_host> domain -P udp -- Scott Barker Linux Consultant [EMAIL PROTECTED] http://www.cuug.ab.ca:8001/~barkers/ (under construction) [ I try to reply to all e-mail within 3 days. If you don't ] [ get a response by then, I probably didn't get your e-mail. ] [ Unsolicited commercial and junk e-mail will be proof-read for US$100 ] "Learning from one's own experience is even more impractical if the injury is a very serious one. In the extreme case of a fatal accident, of course, the learning experience might be profound, but the learning curve is abruptly truncated." - Victor Goldberg (1974) -- TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to [EMAIL PROTECTED] . Trouble? e-mail to [EMAIL PROTECTED]
