Re: IP Masquerading

8 Sep 1997 11:25:07 -0000 

"Michael Legart" <[EMAIL PROTECTED]> writes:

> > Now I'm working on IP Masquerading (finally!) and in the HOWTO, there is a 
> > command called "ipfwadm". I can't figure out what package it is under (and 
> > it curently doesn't exist on my system)
> 
> A little question ... do you have to use ipfwadn to use ip 
> masquerading ? - It is for use on a network, just for a weekend (at a 
> little party)

You could probably write the commands into /proc/net/forward yourself,
but the only way I can think of to work out how to format them is to
look at either the kernel or ipfwadm source code.

It's really quite simple.  I put the following in /etc/init.d/ipfwadm
and ran update-rc.d on it.  It probably doesn't do exactly what it
should, but it works for me.  My "local network" is my old computer
(192.168.117.1) and the one I'm using now (192.168.117.2).

-----
#! /bin/sh
#
# ipfwadm
#
# Set up and bring down IP firewalling and masquerading.

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
NAME=ipfwadm
DESC="IP firewalling and masquerading"

test -x /sbin/ipfwadm || exit 0

set -e

case "$1" in
  start)
    echo -n "Starting $DESC: "
      # Forwarding: local network to anywhere, masqueraded.
      ipfwadm -F -p deny
      ipfwadm -F -f
      ipfwadm -F -a m -S 192.168.117.0/24 -D 0.0.0.0/0
      # Input sanity checks:
      #   Lose packets from local network on PPP connection.
      #   Lose packets from 127.*, except 127.0.0.1 on lo.
      #     (Hmm. Do I have to do this explicitly?)
      ipfwadm -I -f
      ipfwadm -I -a d -S 192.168.117.0/24 -D 0.0.0.0/0 -W ppp0
      ipfwadm -I -a a -S 127.0.0.1/32 -D 127.0.0.1/32 -W lo
      ipfwadm -I -a d -S 127.0.0.0/8 -D 0.0.0.0/0
    echo done.
    ;;
  stop)
    echo -n "Stopping $DESC: "
      ipfwadm -F -f
      ipfwadm -I -f
    echo done.
    ;;
  *)
    echo "Usage: /etc/init.d/$NAME {start|stop}"
    exit 1
    ;;
esac

exit 0
-----

-- 
      Carey Evans  <*>  http://home.clear.net.nz/pages/c.evans/

kernel: Warning: possible SYN flooding. Sending cookies. 
kernel: validated probe(100007f, 100007f, 11557, 5010, -1645409555) 


--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
[EMAIL PROTECTED] . Trouble? 
e-mail to [EMAIL PROTECTED] .

Reply via email to