IP Masquerading

Posted on 2001-06-26
Medium Priority
Last Modified: 2010-03-18

I want to share my internet, using my linux box as a gateway.
I have Mandrake 8.0.
My internet connection is a ADSL PPPoE connection.
I use the Roaring Penguin 2.8 PPPoE driver.
Configuration :
     Demand value : no
     DNS : Provided by ISP
     Firewall : 0 - None
     Starts automatic at boot.

I have to NIC's :
eth0: Connected to the Windows 98SE Computer.
IP=, SubnetMask:

eth1: Connected to the modem
IP=, subnet

Both cards are static IP and are started at boot.
ppp0 has a dynamic IP.

The internet connection works perfectly.

The win 98SE pc has 1 NIC, IP=, subnet
Its Default Gateway is set to
Its DNS is <- The DNS servers of my ISP.
We can ping eachother, she can FTP me, and see my Website (on
So the Network functions perfectly.

Internet sharing has worked, but I can't recall how to set it up. (I reinstalled linux)
Im sure that the Win98SE machine is configured correctly

What I want :

Explain me in simple and complete steps how to set up IP Masquerading from my linux box,
starting from this situation.
I know that this is a difficult question as it involves networking between Linux,Internet,and Windows.

Because this question is hars, and will probably take some efford to answer i'l give 200 points, and I'm willing to increase this should it prover hard to solve.

Question by:XTerm
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
  • 2
  • +4

Expert Comment

ID: 6230757

If you have ipchains, or you can install it, you can type the following command to allow masqurading of the private network

ipchains -A forward -s -j MASQ

and that should enable masqurading for you.

Good Luck,


Accepted Solution

vreddypatil earned 500 total points
ID: 6232286
First I say your question is not fully clear
to me, I assumed following topology.

You have to use both ip masq. and linux
virtual server. to access you windows m/c's
Here, I assume the follwoing picture for you.    eth0 of [C](          
Windoze m/c [A]----|
                   |              ppp0E
                   |--Linux G/w[C]-----
                |               Dynamic IP.
Some other m/c[B]--|
  xyz IP        eth1 of [C]

I assume here you have required package installed
and kernel configuration has been done properly.

Assume your internet side address you got on
linux m/c as say

Now you have to execute following commands at
your Linux box

Linux#echo 1 > /proc/sys/net/ipv4/ip_forward

This is set IP forwarding ON on your linux m/c.

Linux# ipchains -A forward -J MASQ -S -d

Now you have add a virtual server.

Linux# ipvsadm -A -t195.238.2.200:21 -Swrr

On above command 21 is for to acess FTP server
of windoze m/c. Change port address to 80 if
you want acess web server running on win m/c.

Now add a real server

Linux# ipvsadm -a -t 195.238.200:21 -R -m

Now at your windoze m/c default g/w should be and DNS entries as provided by the

Now yor windoze m/c can be acessed from outside
using your PPPE0 address

The other scenario where your windoze m/c want access
internet is pretty simple

Linux#ipchains -A forward -i eth0 -s -j MASQ

For more details see

Vitrual serever

for Masquerading


Hope this helps


Expert Comment

ID: 6234119
Would you mind telling me the different between forward and Masquerading?

If I want to share the broadband connection, do I necessary to have 2 LAN card?

It is because I can do this on Win98 SE.
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.


Expert Comment

ID: 6241505
Difference between forward and Masquerading:
A Packet arrives which is not sent to me and I know how to FORWARD it to its proper destination.
If I send out this packet and claim it is sent by me I MASQUERADE the real source of the packet. But then I have the responsibility to remember to whom to send the answer if I receive one.

Your other Problem:

If your Connection works properly do this:
"ipchains -P forward MASQ"   (This enables Masquerading)
"echo 1 >/proc/sys/net/ipv4/ip_forward"  (Enables forwarding)

Then set your Linux box as the default Gateway for your windows box.

Voila. Should Work.

Expert Comment

ID: 6241687
do you mean forward=routing and masquerade=NAT?

Expert Comment

ID: 6241690
that's about the difference.
But masquerading is not EXACTLY NAT. but similar

Expert Comment

ID: 6241994
What are the differernce between masq. and NAT?

Author Comment

ID: 6242061
Well, first off all thanks for all the helpfull comments, but remember your dealing with a (1)Linux newbie and (2)An extreme networking newbie.
Well, I've got time now to test everything, im going to switch to Redhat 7.1 because Mandrake is driving me nuts; every time i try to touch my IP adresses, or do something with "Enable forwarding" i can't connect anymore to the internet and i have to reinstall. No doubt its me doing something stupid, but im really sick of reinstalling after every attempt to chenge something.
Im going to install RedHat now, not touching anything of network, installing my pppoe driver and connect. Then i'll follow your comments exactly and see what it does.

Thanks, ill let you know what it does!

Expert Comment

ID: 6244933
Hey Xterm!

I also have the same problem and use up a lot of time to deal with it.

I already following a lot of how to document, however, I cannot connect to internet using "adsl-start" command when I add new rule to the ipchains.


Author Comment

ID: 6252040

I know what you mean, if you try to configure ipchains, you can no longer connect to the internet, i don't knwo why, i solve it with a reinstall :(
Well people, i installed SuSE 7.1, so that will the distro used in this question.
Also, i don't have much time, cause im getting a MSI turboRAID pro mobo today !!!, this does means full reinstall/repartitioning, i'll be back in a day or two.

Author Comment

ID: 6266515
Well, i found it.
I want to divide the points amongst you, how do i do this ?

Expert Comment

ID: 6877048
Hi, XTerm, we can help you split these points...

YOU HAVE POINTS AWAITING your comments and/or Proposed Answer here.


RE. point splits:
In order to split points, this process is used:
Let us know which expert you intend to award in the primary question and the points you wish to grant.  We will then reduce the value of the original question to that value and you accept that expert's comment or Proposed Answer within that question.  Then please do the following for each additional expert you wish to award points:
Within that same topic area, post a new question for each expert at the point value you wish to grant.
Topic = Points for __expertname__
In the comments section please include the Question Link (QID number).
It is ideal that you also post this information in the original question, and include the new Question Link so they can quickly and easily find it, and an audit trail is maintained.
That's all there is to it.  The experts will then either add comments for you to convert to the Accepted Answer to then grade and close, or will Propose an Answer for you to then accept to grade and close.
These links are very helpful on site-related processes and Questions/Answers:
Thank you.
Community Support Moderator @ Experts Exchange

Expert Comment

ID: 6878730
I am using red hat 7.2 now.
However, I need to upgrade the pppoe to connect to internet using adsl-start.

Expert Comment

ID: 6882787
Hi all.

XTerm ->  I changed the question value here to half, refunding 125 points to you.  Please now accept one here and post a new question in this same topic area for the other expert and the additional 125 points.

Entitle it..... Points for __Expertname__ and in comments, paste the URL.


Moondancer - EE Moderator

Expert Comment

ID: 8276225
Force Accepted

Community Support Moderator @Experts Exchange

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

719 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question