Solved

IP Masquerading

Posted on 2001-06-26
15
353 Views
Last Modified: 2010-03-18
Hello

I want to share my internet, using my linux box as a gateway.
I have Mandrake 8.0.
My internet connection is a ADSL PPPoE connection.
I use the Roaring Penguin 2.8 PPPoE driver.
Configuration :
     Demand value : no
     DNS : Provided by ISP
     Firewall : 0 - None
     Starts automatic at boot.

I have to NIC's :
eth0: Connected to the Windows 98SE Computer.
IP=192.168.0.1, SubnetMask: 255.255.255.0

eth1: Connected to the modem
IP=10.0.0.10, subnet 255.255.255.0

Both cards are static IP and are started at boot.
ppp0 has a dynamic IP.

The internet connection works perfectly.

The win 98SE pc has 1 NIC, IP=192.168.0.2, subnet 255.255.255.0
Its Default Gateway is set to 192.168.0.1.
Its DNS is 195.238.2.21/22 <- The DNS servers of my ISP.
We can ping eachother, she can FTP me, and see my Website (on 192.168.0.1).
So the Network functions perfectly.

Internet sharing has worked, but I can't recall how to set it up. (I reinstalled linux)
Im sure that the Win98SE machine is configured correctly

What I want :

Explain me in simple and complete steps how to set up IP Masquerading from my linux box,
starting from this situation.
I know that this is a difficult question as it involves networking between Linux,Internet,and Windows.

Because this question is hars, and will probably take some efford to answer i'l give 200 points, and I'm willing to increase this should it prover hard to solve.

Thanks
0
Comment
Question by:XTerm
  • 5
  • 3
  • 2
  • +4
15 Comments
 
LVL 3

Expert Comment

by:tdaoud
ID: 6230757

If you have ipchains, or you can install it, you can type the following command to allow masqurading of the private network

ipchains -A forward -s 192.168.0.0/255.255.0.0 -j MASQ

and that should enable masqurading for you.

Good Luck,

Tarik
0
 
LVL 1

Accepted Solution

by:
vreddypatil earned 125 total points
ID: 6232286
Hi,
First I say your question is not fully clear
to me, I assumed following topology.

You have to use both ip masq. and linux
virtual server. to access you windows m/c's
Here, I assume the follwoing picture for you.

192.168.0.2/24    eth0 of [C](192.168.0.1/24)          
Windoze m/c [A]----|
                   |              ppp0E
                   |--Linux G/w[C]-----
                |               Dynamic IP.
Some other m/c[B]--|
  xyz IP        eth1 of [C] 10.0.0.10/24

 
I assume here you have required package installed
and kernel configuration has been done properly.

Assume your internet side address you got on
linux m/c as say 195.238.2.200/24.

Now you have to execute following commands at
your Linux box

Linux#echo 1 > /proc/sys/net/ipv4/ip_forward

This is set IP forwarding ON on your linux m/c.

Linux# ipchains -A forward -J MASQ -S 192.168.0.0/24 -d 0.0.0.0/0

Now you have add a virtual server.


Linux# ipvsadm -A -t195.238.2.200:21 -Swrr

On above command 21 is for to acess FTP server
of windoze m/c. Change port address to 80 if
you want acess web server running on win m/c.


Now add a real server

Linux# ipvsadm -a -t 195.238.200:21 -R 192.168.0.2:21 -m

Now at your windoze m/c default g/w should be
192.168.0.1 and DNS entries as provided by the
ISP.

Now yor windoze m/c can be acessed from outside
using your PPPE0 address


The other scenario where your windoze m/c want access
internet is pretty simple

Linux#ipchains -A forward -i eth0 -s 192.168.0.0/24 -j MASQ


For more details see

Vitrual serever
http://www.linuxvirtualserver.org/
and
http://www.linuxvirtualserver.org/VS-NAT.html

for Masquerading

http://www.linuxdoc.org/HOWTO/IP-Masquerade-HOWTO-3.html#ss3.3


Hope this helps

0
 
LVL 7

Expert Comment

by:cstsang
ID: 6234119
Would you mind telling me the different between forward and Masquerading?

If I want to share the broadband connection, do I necessary to have 2 LAN card?

It is because I can do this on Win98 SE.
0
 

Expert Comment

by:NHBoehm
ID: 6241505
Difference between forward and Masquerading:
A Packet arrives which is not sent to me and I know how to FORWARD it to its proper destination.
If I send out this packet and claim it is sent by me I MASQUERADE the real source of the packet. But then I have the responsibility to remember to whom to send the answer if I receive one.

Your other Problem:

If your Connection works properly do this:
"ipchains -P forward MASQ"   (This enables Masquerading)
"echo 1 >/proc/sys/net/ipv4/ip_forward"  (Enables forwarding)

Then set your Linux box as the default Gateway for your windows box.

Voila. Should Work.
0
 
LVL 7

Expert Comment

by:cstsang
ID: 6241687
do you mean forward=routing and masquerade=NAT?
0
 

Expert Comment

by:NHBoehm
ID: 6241690
that's about the difference.
But masquerading is not EXACTLY NAT. but similar
0
 
LVL 7

Expert Comment

by:cstsang
ID: 6241994
What are the differernce between masq. and NAT?
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 2

Author Comment

by:XTerm
ID: 6242061
Well, first off all thanks for all the helpfull comments, but remember your dealing with a (1)Linux newbie and (2)An extreme networking newbie.
Well, I've got time now to test everything, im going to switch to Redhat 7.1 because Mandrake is driving me nuts; every time i try to touch my IP adresses, or do something with "Enable forwarding" i can't connect anymore to the internet and i have to reinstall. No doubt its me doing something stupid, but im really sick of reinstalling after every attempt to chenge something.
Im going to install RedHat now, not touching anything of network, installing my pppoe driver and connect. Then i'll follow your comments exactly and see what it does.

Thanks, ill let you know what it does!
0
 
LVL 7

Expert Comment

by:cstsang
ID: 6244933
Hey Xterm!

I also have the same problem and use up a lot of time to deal with it.

I already following a lot of how to document, however, I cannot connect to internet using "adsl-start" command when I add new rule to the ipchains.

0
 
LVL 2

Author Comment

by:XTerm
ID: 6252040
cstsang,

I know what you mean, if you try to configure ipchains, you can no longer connect to the internet, i don't knwo why, i solve it with a reinstall :(
Well people, i installed SuSE 7.1, so that will the distro used in this question.
Also, i don't have much time, cause im getting a MSI turboRAID pro mobo today !!!, this does means full reinstall/repartitioning, i'll be back in a day or two.
0
 
LVL 2

Author Comment

by:XTerm
ID: 6266515
Well, i found it.
I want to divide the points amongst you, how do i do this ?
0
 
LVL 1

Expert Comment

by:Moondancer
ID: 6877048
Hi, XTerm, we can help you split these points...

YOU HAVE POINTS AWAITING your comments and/or Proposed Answer here.

http://www.experts-exchange.com/questions/Q.20098586.html

RE. point splits:
In order to split points, this process is used:
 
Let us know which expert you intend to award in the primary question and the points you wish to grant.  We will then reduce the value of the original question to that value and you accept that expert's comment or Proposed Answer within that question.  Then please do the following for each additional expert you wish to award points:
 
Within that same topic area, post a new question for each expert at the point value you wish to grant.
 
Topic = Points for __expertname__
 
In the comments section please include the Question Link (QID number).
 
It is ideal that you also post this information in the original question, and include the new Question Link so they can quickly and easily find it, and an audit trail is maintained.
 
That's all there is to it.  The experts will then either add comments for you to convert to the Accepted Answer to then grade and close, or will Propose an Answer for you to then accept to grade and close.
 
These links are very helpful on site-related processes and Questions/Answers:
http://www.experts-exchange.com/jsp/cmtyQuestAnswer.jsp
http://www.experts-exchange.com/jsp/cmtyHelpDesk.jsp
 
Thank you.
 
Moondancer
Community Support Moderator @ Experts Exchange
0
 
LVL 7

Expert Comment

by:cstsang
ID: 6878730
I am using red hat 7.2 now.
However, I need to upgrade the pppoe to connect to internet using adsl-start.
0
 
LVL 1

Expert Comment

by:Moondancer
ID: 6882787
Hi all.

XTerm ->  I changed the question value here to half, refunding 125 points to you.  Please now accept one here and post a new question in this same topic area for the other expert and the additional 125 points.

Entitle it..... Points for __Expertname__ and in comments, paste the URL.

Thanks,

Moondancer - EE Moderator
0
 

Expert Comment

by:SpideyMod
ID: 8276225
Force Accepted

SpideyMod
Community Support Moderator @Experts Exchange
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Red Hat Satellite 6.1 how can I set up a PXE boot ? 2 91
Problem to telnet 23 162
Linux SSH Error 9 68
Linux on a Dell PowerEdge 720 3 104
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now