IP Masquerading


I want to share my internet, using my linux box as a gateway.
I have Mandrake 8.0.
My internet connection is a ADSL PPPoE connection.
I use the Roaring Penguin 2.8 PPPoE driver.
Configuration :
     Demand value : no
     DNS : Provided by ISP
     Firewall : 0 - None
     Starts automatic at boot.

I have to NIC's :
eth0: Connected to the Windows 98SE Computer.
IP=, SubnetMask:

eth1: Connected to the modem
IP=, subnet

Both cards are static IP and are started at boot.
ppp0 has a dynamic IP.

The internet connection works perfectly.

The win 98SE pc has 1 NIC, IP=, subnet
Its Default Gateway is set to
Its DNS is <- The DNS servers of my ISP.
We can ping eachother, she can FTP me, and see my Website (on
So the Network functions perfectly.

Internet sharing has worked, but I can't recall how to set it up. (I reinstalled linux)
Im sure that the Win98SE machine is configured correctly

What I want :

Explain me in simple and complete steps how to set up IP Masquerading from my linux box,
starting from this situation.
I know that this is a difficult question as it involves networking between Linux,Internet,and Windows.

Because this question is hars, and will probably take some efford to answer i'l give 200 points, and I'm willing to increase this should it prover hard to solve.

Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

vreddypatilConnect With a Mentor Commented:
First I say your question is not fully clear
to me, I assumed following topology.

You have to use both ip masq. and linux
virtual server. to access you windows m/c's
Here, I assume the follwoing picture for you.    eth0 of [C](          
Windoze m/c [A]----|
                   |              ppp0E
                   |--Linux G/w[C]-----
                |               Dynamic IP.
Some other m/c[B]--|
  xyz IP        eth1 of [C]

I assume here you have required package installed
and kernel configuration has been done properly.

Assume your internet side address you got on
linux m/c as say

Now you have to execute following commands at
your Linux box

Linux#echo 1 > /proc/sys/net/ipv4/ip_forward

This is set IP forwarding ON on your linux m/c.

Linux# ipchains -A forward -J MASQ -S -d

Now you have add a virtual server.

Linux# ipvsadm -A -t195.238.2.200:21 -Swrr

On above command 21 is for to acess FTP server
of windoze m/c. Change port address to 80 if
you want acess web server running on win m/c.

Now add a real server

Linux# ipvsadm -a -t 195.238.200:21 -R -m

Now at your windoze m/c default g/w should be and DNS entries as provided by the

Now yor windoze m/c can be acessed from outside
using your PPPE0 address

The other scenario where your windoze m/c want access
internet is pretty simple

Linux#ipchains -A forward -i eth0 -s -j MASQ

For more details see

Vitrual serever

for Masquerading


Hope this helps


If you have ipchains, or you can install it, you can type the following command to allow masqurading of the private network

ipchains -A forward -s -j MASQ

and that should enable masqurading for you.

Good Luck,

Would you mind telling me the different between forward and Masquerading?

If I want to share the broadband connection, do I necessary to have 2 LAN card?

It is because I can do this on Win98 SE.
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Difference between forward and Masquerading:
A Packet arrives which is not sent to me and I know how to FORWARD it to its proper destination.
If I send out this packet and claim it is sent by me I MASQUERADE the real source of the packet. But then I have the responsibility to remember to whom to send the answer if I receive one.

Your other Problem:

If your Connection works properly do this:
"ipchains -P forward MASQ"   (This enables Masquerading)
"echo 1 >/proc/sys/net/ipv4/ip_forward"  (Enables forwarding)

Then set your Linux box as the default Gateway for your windows box.

Voila. Should Work.
do you mean forward=routing and masquerade=NAT?
that's about the difference.
But masquerading is not EXACTLY NAT. but similar
What are the differernce between masq. and NAT?
XTermAuthor Commented:
Well, first off all thanks for all the helpfull comments, but remember your dealing with a (1)Linux newbie and (2)An extreme networking newbie.
Well, I've got time now to test everything, im going to switch to Redhat 7.1 because Mandrake is driving me nuts; every time i try to touch my IP adresses, or do something with "Enable forwarding" i can't connect anymore to the internet and i have to reinstall. No doubt its me doing something stupid, but im really sick of reinstalling after every attempt to chenge something.
Im going to install RedHat now, not touching anything of network, installing my pppoe driver and connect. Then i'll follow your comments exactly and see what it does.

Thanks, ill let you know what it does!
Hey Xterm!

I also have the same problem and use up a lot of time to deal with it.

I already following a lot of how to document, however, I cannot connect to internet using "adsl-start" command when I add new rule to the ipchains.

XTermAuthor Commented:

I know what you mean, if you try to configure ipchains, you can no longer connect to the internet, i don't knwo why, i solve it with a reinstall :(
Well people, i installed SuSE 7.1, so that will the distro used in this question.
Also, i don't have much time, cause im getting a MSI turboRAID pro mobo today !!!, this does means full reinstall/repartitioning, i'll be back in a day or two.
XTermAuthor Commented:
Well, i found it.
I want to divide the points amongst you, how do i do this ?
Hi, XTerm, we can help you split these points...

YOU HAVE POINTS AWAITING your comments and/or Proposed Answer here.


RE. point splits:
In order to split points, this process is used:
Let us know which expert you intend to award in the primary question and the points you wish to grant.  We will then reduce the value of the original question to that value and you accept that expert's comment or Proposed Answer within that question.  Then please do the following for each additional expert you wish to award points:
Within that same topic area, post a new question for each expert at the point value you wish to grant.
Topic = Points for __expertname__
In the comments section please include the Question Link (QID number).
It is ideal that you also post this information in the original question, and include the new Question Link so they can quickly and easily find it, and an audit trail is maintained.
That's all there is to it.  The experts will then either add comments for you to convert to the Accepted Answer to then grade and close, or will Propose an Answer for you to then accept to grade and close.
These links are very helpful on site-related processes and Questions/Answers:
Thank you.
Community Support Moderator @ Experts Exchange
I am using red hat 7.2 now.
However, I need to upgrade the pppoe to connect to internet using adsl-start.
Hi all.

XTerm ->  I changed the question value here to half, refunding 125 points to you.  Please now accept one here and post a new question in this same topic area for the other expert and the additional 125 points.

Entitle it..... Points for __Expertname__ and in comments, paste the URL.


Moondancer - EE Moderator
Force Accepted

Community Support Moderator @Experts Exchange
All Courses

From novice to tech pro — start learning today.