sslug-teknik team mailing list archive
-
sslug-teknik team
-
Mailing list archive
-
Message #06754
Re: Masquerading i kerne 2.2.3?
Når du har sat kernen op skal du gruge IPCHAINS, prøv at se min config fra
/etc/rc.d/rc.local,
Jeg har ikke lige selv styr på hvordan den virker, men det køre ihvert fald
:)
mvh
-Jacob Kolding
#!/bin/sh
#
# rc.firewall - Initial SIMPLE IP Masquerade test for 2.1.x and
2.2.xkernels using IPCHAINS
#
# Load all required IP MASQ modules
#
# NOTE: Only load the IP MASQ modules you need. All current IPMASQ
modules
# are shown below but are commented out from loading.
# Needed to initially load modules
#
/sbin/depmod -a
# Supports the proper masquerading of FTP file transfers using thePORT
method
#
/sbin/modprobe ip_masq_ftp
# Supports the masquerading of RealAudio over UDP. Without thismodule,
# RealAudio WILL function but in TCP mode. This can cause
areduction
# in sound quality
#
#/sbin/modprobe ip_masq_raudio
# Supports the masquerading of IRC DCC file transfers
#
#/sbin/modprobe ip_masq_irc
# Supports the masquerading of Quake and QuakeII for multiple usersbehind
the Linux MASQ server
#
#/sbin/modprobe ip_masq_quake
# Supports the masquerading of the CuSeeme video conferencing software
#
#/sbin/modprobe ip_masq_cuseeme
#Supports the masquerading of the VDO-live video conferencing software
#
#/sbin/modprobe ip_masq_vdolive
#CRITICAL: Enable IP forwarding since it is disabled by default since
#
# Redhat Users: you may try changing the options
in/etc/sysconfig/network from:
#
# FORWARD_IPV4=false
# to
# FORWARD_IPV4=true
#
echo "1" > /proc/sys/net/ipv4/ip_forward
# Dynamic IP users:
#
# If you get your IP address dynamically from SLIP, PPP, or DHCP,enable
this following
# option. This enables dynamic-ip address hacking in IP manMASQ,
making the life
# with Diald and similar programs much easier.
#
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
# MASQ timeouts
#
# 2 hrs timeout for TCP session timeouts
# 10 sec timeout for traffic after the TCP/IP "FIN" packet isreceived
# 60 sec timeout for UDP traffic (MASQ'ed ICQ users must enable a30sec
firewall timeout in ICQ itself)
#
ipchains -M -S 7200 10 60
# Enable simple IP forwarding and Masquerading
#
# NOTE: The following is an example for an internal LAN address inthe
192.168.0.x
# network with a 255.255.255.0 or a "24" bit subnet mask.
#
# Please change this network number and subnet mask to matchyour
internal LAN setup
#
ipchains -P forward DENY
ipchains -A forward -s 194.194.194.0/24 -j MASQ
# DHCP: For people who receive their external IP address from eitherDHCP
or BOOTP
# such as ADSL or Cablemodem users, it is necessary to use
thefollowing
# before the deny command. The "bootp_client_net_if_name"should
be replaced
# the name of the link that the DHCP/BOOTP server will put
anaddress on to?
# This will be something like "eth0", "eth1", etc.
#
# This example is currently commented out.
#
#
#ipchains -A input -j ACCEPT -w bootp_clients_net_if_name -s 0/0 68 -d0/0
67 -p udp
Tommy Eriksen wrote:
> Hejsa,
>
> Jeg har fået smidt en kerne 2.2.3 på min gateway, men har nu problemer med
> min IP-masquedaring. Hvordan sætter jeg den op med de nye værktøjer? (Den
> skal bare masq'e alt fra 192.168.0.0)
>
> Mvh.
> Tommy Eriksen
> tn8or@xxxxxxxxxxxxxxxxx
>
> Fuldtids nørd
> Ejer af to cykler og en kommode
> Ven med sin hund
> Halvdelen af folkene bag Linux-siderne på http://www.the-coffeeshop.dk
#!/bin/sh
#
# rc.firewall - Initial SIMPLE IP Masquerade test for 2.1.x and 2.2.xkernels using IPCHAINS
#
# Load all required IP MASQ modules
#
# NOTE: Only load the IP MASQ modules you need. All current IPMASQ modules
# are shown below but are commented out from loading.
# Needed to initially load modules
#
/sbin/depmod -a
# Supports the proper masquerading of FTP file transfers using thePORT method
#
/sbin/modprobe ip_masq_ftp
# Supports the masquerading of RealAudio over UDP. Without thismodule,
# RealAudio WILL function but in TCP mode. This can cause areduction
# in sound quality
#
#/sbin/modprobe ip_masq_raudio
# Supports the masquerading of IRC DCC file transfers
#
#/sbin/modprobe ip_masq_irc
# Supports the masquerading of Quake and QuakeII for multiple usersbehind the Linux MASQ server
#
#/sbin/modprobe ip_masq_quake
# Supports the masquerading of the CuSeeme video conferencing software
#
#/sbin/modprobe ip_masq_cuseeme
#Supports the masquerading of the VDO-live video conferencing software
#
#/sbin/modprobe ip_masq_vdolive
#CRITICAL: Enable IP forwarding since it is disabled by default since
#
# Redhat Users: you may try changing the options in/etc/sysconfig/network from:
#
# FORWARD_IPV4=false
# to
# FORWARD_IPV4=true
#
echo "1" > /proc/sys/net/ipv4/ip_forward
# Dynamic IP users:
#
# If you get your IP address dynamically from SLIP, PPP, or DHCP,enable this following
# option. This enables dynamic-ip address hacking in IP manMASQ, making the life
# with Diald and similar programs much easier.
#
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
# MASQ timeouts
#
# 2 hrs timeout for TCP session timeouts
# 10 sec timeout for traffic after the TCP/IP "FIN" packet isreceived
# 60 sec timeout for UDP traffic (MASQ'ed ICQ users must enable a30sec firewall timeout in ICQ itself)
#
ipchains -M -S 7200 10 60
# Enable simple IP forwarding and Masquerading
#
# NOTE: The following is an example for an internal LAN address inthe 192.168.0.x
# network with a 255.255.255.0 or a "24" bit subnet mask.
#
# Please change this network number and subnet mask to matchyour internal LAN setup
#
ipchains -P forward DENY
ipchains -A forward -s 194.194.194.0/24 -j MASQ
# DHCP: For people who receive their external IP address from eitherDHCP or BOOTP
# such as ADSL or Cablemodem users, it is necessary to use thefollowing
# before the deny command. The "bootp_client_net_if_name"should be replaced
# the name of the link that the DHCP/BOOTP server will put anaddress on to?
# This will be something like "eth0", "eth1", etc.
#
# This example is currently commented out.
#
#
#ipchains -A input -j ACCEPT -w bootp_clients_net_if_name -s 0/0 68 -d0/0 67 -p udp
References
