Ah... you have to set up IP Masquerading. One of the best things in
(IMHO) about linux is it's ip masquerading. I've attached a little simple
masquerading routine.. it'll work but is not secure as a firewall at all.
I would look into the docs for ipchains and the linux firewall howto for
more information.
hope this helps,
steve
On Wed, 15 Mar 2000, Jason Buhro wrote:
> Hello, I have question that I'm sure most of you have encountered already:
> How do you forward IP?
>
> I currently have eth0 set to my static DSL settings, and I receive internet
> eth1 is set to 192.168.0.1 at subnet 255.255.255.0, I also have the default
> gat6eway set to the one my DSL is set to and ip forwarding is enabled under
> the routing section of network configuration in the X control panel. My
> test (outside) machine is ip:192.168.0.2 at 255.255.255.0 sub, both
> computerters can ping eachother, but I have had
> no success with the outside world from the test machine.
> thanks, Jason.
>
>
> ---------------------------------------------------------------------------
> Send administrative requests to [EMAIL PROTECTED]
>
#!/bin/sh
#
# rc.firewall - Initial SIMPLE IP Masquerade test for 2.1.x and 2.2.x kernels
using IPCHAINS
#
# Load all required IP MASQ modules
#
# NOTE: Only load the IP MASQ modules you need. All current IP MASQ modules
# are shown below but are commented out from loading.
# Needed to initially load modules
#
/sbin/depmod -a
# Supports the proper masquerading of FTP file transfers using the PORT method
#
/sbin/modprobe ip_masq_ftp
# Supports the masquerading of RealAudio over UDP. Without this module,
# RealAudio WILL function but in TCP mode. This can cause a reduction
# in sound quality
#
/sbin/modprobe ip_masq_raudio
# Supports the masquerading of IRC DCC file transfers
#
#/sbin/modprobe ip_masq_irc
# Supports the masquerading of Quake and QuakeWorld by default. This modules is
# for for multiple users behind the Linux MASQ server. If you are going to
play
# Quake II and/or Quake I/II on other server ports, use the second example.
#
#Quake I / QuakeWorld (ports 26000 and 27000)
/sbin/modprobe ip_masq_quake
#
#Quake I / QuakeWorld / and Quake II (ports 26000, 27000, 27910)
# /sbin/modprobe ports=ip_masq_quake 26000,27000,27910
# Supports the masquerading of the CuSeeme video conferencing software
#
#Supports the masquerading of the VDO-live video conferencing software
#
/sbin/modprobe ip_masq_vdolive
#CRITICAL: Enable IP forwarding since it is disabled by default since
#
# Redhat Users: you may try changing the options in
/etc/sysconfig/network from:
#
# FORWARD_IPV4=false
# to
# FORWARD_IPV4=true
#
# echo "1" > /proc/sys/net/ipv4/ip_forward
# Dynamic IP users:
#
# If you get your IP address dynamically from SLIP, PPP, or DHCP, enable this
following
# option. This enables dynamic-ip address hacking in IP MASQ, making the
life
# with Diald and similar programs much easier.
#
#echo "1" > /proc/sys/net/ipv4/ip_dynaddr
# MASQ timeouts
#
# 2 hrs timeout for TCP session timeouts
# 10 sec timeout for traffic after the TCP/IP "FIN" packet is received
# 60 sec timeout for UDP traffic (MASQ'ed ICQ users must enable a 30sec firewall
timeout in ICQ itself)
#
# ipchains -M -S 7200 10 60
# Enable simple IP forwarding and Masquerading
#
# NOTE: The following is an example for an internal LAN address in the
192.168.0.x
# network with a 255.255.255.0 or a "24" bit subnet mask.
#
# Please change this network number and subnet mask to match your
internal LAN setup
#
ipchains -P forward DENY
ipchains -A forward -s 192.168.0.0/24 -j MASQ
#
/sbin/modprobe ip_masq_cuseeme
#Supports the masquerading of the VDO-live video conferencing software
#
/sbin/modprobe ip_masq_vdolive
#CRITICAL: Enable IP forwarding since it is disabled by default since
#
# Redhat Users: you may try changing the options in
/etc/sysconfig/network from:
#
# FORWARD_IPV4=false
# to
# FORWARD_IPV4=true
#
# echo "1" > /proc/sys/net/ipv4/ip_forward
# Dynamic IP users:
#
# If you get your IP address dynamically from SLIP, PPP, or DHCP, enable this
following
# option. This enables dynamic-ip address hacking in IP MASQ, making the
life
# with Diald and similar programs much easier.
#
#echo "1" > /proc/sys/net/ipv4/ip_dynaddr
# MASQ timeouts
#
# 2 hrs timeout for TCP session timeouts
# 10 sec timeout for traffic after the TCP/IP "FIN" packet is received
# 60 sec timeout for UDP traffic (MASQ'ed ICQ users must enable a 30sec firewall
timeout in ICQ itself)
#
# ipchains -M -S 7200 10 60
# Enable simple IP forwarding and Masquerading
#
# NOTE: The following is an example for an internal LAN address in the
192.168.0.x
# network with a 255.255.255.0 or a "24" bit subnet mask.
#
# Please change this network number and subnet mask to match your
internal LAN setup
#
ipchains -P forward DENY
ipchains -A forward -s 192.168.0.0/24 -j MASQ
# DHCP: For people who receive their external IP address from either DHCP or
BOOTP
# such as ADSL or Cablemodem users, it is necessary to use the following
# before the deny command. The "bootp_client_net_if_name" should be
replaced
# the name of the link that the DHCP/BOOTP server will put an address on
to?
# This will be something like "eth0", "eth1", etc.
#
# This example is currently commented out.
#
#
#ipchains -A input -j ACCEPT -w bootp_clients_net_if_name -s 0/0 68 -d 0/0 67 -p
udp
