Page 1 of 6 123 ... LastLast
Results 1 to 10 of 52

Thread: Masquarade

  1. #1

    Masquarade

    ok hhhhheeeeellllllllpppppp! lol

    got a linux box with red hat 7.3 that connects to the internet via a dial up modem. It has 2 network cards with a windows machine connected to each one. How can i get them to share the internet connection through the linux box with masquarading (think thats how u spell it).

    Ive checked the how to's and stuff but im going around in circles with iptables and cant seem to be getting ahead here ???. Do I HAVE to have a firewall running to masquarade?.
    I do want a firewall though so if i have to thats cool!

    Anyway a few simple steps is sort of what im looking for (if thats possible)

    Cheers Frisky
    Its better to regret something you have done than to regret something you havent done :P

  2. #2
    JimH
    Guest

    Re:Masquarade

    I will get back to this sometime today. I have to leave right now.

    Jim H

  3. #3

    Re:Masquarade

    No problem Jim ,theres no great rush, but i would like some help eventually. And hahaha i realized i can't spell Masquerade.
    ;D
    Frisky
    Its better to regret something you have done than to regret something you havent done :P

  4. #4
    JimH
    Guest

    Re:Masquarade

    Alright post the local ip addresses you are using for the linux box and the two windows boxes before we do anything.

    Jim H

  5. #5

    Re:Masquarade

    No prob, its the same network that i discussed with u before.

    Linux server - 2 eth cards
    eth0 = 192.168.0.1
    eth1 = 192.168.1.1
    ppp0 = whatever the isp gives me


    Connected to eth0 is a windows machine = 192.168.0.2
    Connected to eth1 is a windows machine = 192.168.1.2

    the default gateways for the windows machines are the eth(X) cards they are connected to.

    ALso im running SAMBA. I hope this wont interfere with the Masquerading?
    Its better to regret something you have done than to regret something you havent done :P

  6. #6

    Re:Masquarade

    ppp0 = whatever the isp gives me
    Forget that. Its what a friend said it would be, but im not sure what device the modem is, i configured it in kde and it said /dev/ttyS1

    whatever?
    Its better to regret something you have done than to regret something you havent done :P

  7. #7
    Bogler
    Guest

    Re:Masquarade

    There's a script on the RedHat site called firewallss.txt and this protects a small network and also Masq's to any machines on a set ip range i.e. all machines with 192.168.1 addresses.

    This works well with Masquerading as i have successfully tried. The script would need modifying in order to include your 2 networks but it should wor ok though.

    Do a google search for firewallss.txt and have a read.

    regards

    Bogler

  8. #8
    JimH
    Guest

    Re:Masquarade

    Quote Originally Posted by Bogler
    There's a script on the RedHat site called firewallss.txt
    That is an old ipchains script not iptables, which is MUCH better.

    Jim H


  9. #9
    JimH
    Guest

    Re:Masquarade

    Quote Originally Posted by friskydrifter
    No prob, its the same network that i discussed with u before.
    Yeah, I just wanted to confirm the ip address range you were using.

    First make sure the ipchains module isn't loaded.

    /sbin/lsmod | grep ipchains

    If it doesnt return anything it isn't loaded. If it is loaded remove it.

    /sbin/rmmod ipchains

    Disable ipchains

    chkconfig --level 2345 ipchains off

    Save this to a file and see if it blows up. :P You must be root.
    Don't forget to set the file as executable.

    chmod ug+x filename


    #!/bin/bash
    #WARNING: This is NOT a firewall
    #This will enable masquerading ONLY

    #Exit if ipchains is running
    #You can't run both ipchains & iptables at the same time.
    if /sbin/lsmod 2>/dev/null |grep -q ipchains ; then
    echo "ipchains is already running. Exiting...."
    exit 0
    fi

    #Check and see if iptables is installed
    if [ ! -x /sbin/iptables ]; then
    echo "iptables is not installed. Exiting..."
    exit 0
    fi

    #Set script constants

    EXTERNAL_DEV="ppp0"
    INTERNAL_NET="192.168.0.0/16"


    #Flush any existing chains
    iptables -F
    iptables -t nat -F
    iptables -t mangle -F

    #Delete any user defined chains
    iptables -X
    iptables -t nat -X
    iptables -t mangle -X

    #Set default policies
    #With a firewall these would all be set to DROP
    iptables -P INPUT ACCEPT
    iptables -P OUTPUT ACCEPT
    iptables -P FORWARD ACCEPT

    iptables -t nat -P PREROUTING ACCEPT
    iptables -t nat -P OUTPUT ACCEPT
    iptables -t nat -P POSTROUTING ACCEPT

    iptables -t mangle -P PREROUTING ACCEPT
    iptables -t mangle -P OUTPUT ACCEPT

    #Enable IP Forwarding
    if [ -e /proc/sys/net/ipv4/ip_forward ]; then
    echo "1" > /proc/sys/net/ipv4/ip_forward
    fi

    #Enable dynamic ip addresses
    if [ -e /proc/sys/net/ipv4/ip_dynaddr ]; then
    echo "1" > /proc/sys/net/ipv4/ip_dynaddr
    fi

    #Masquerade all outgoing traffic from the internal network
    #Note: The "" means carry over the command to the next line
    #It is just to make everything neat ;-)
    iptables -t nat -A POSTROUTING -o $EXTERNAL_DEV -s $INTERNAL_NET
    -j MASQUERADE

    #end

    You must be connnected to the net before running the script.
    We may still have a routing problem.
    While you are connected to the net I would like to see the output of:

    /sbin/route -n

    Jim H

  10. #10

    Re:Masquarade

    Jim ure a ledgend!
    And yeah i'm using RedHat 7.3 which has the 2.4 kernel (i think) so wanted to use the iptables.
    ;D
    Just reading your script made a bit more sense of the Post and prerouting thingymebobs lol.
    I wont have a chance to test this for a few days(always too much to do), but ill send the /sbin/route -n info when i do.

    Also i was thinking of getting rid of the GUI's, (I want to know what is happening behind the mask), so how would i set up the modem with the command line? - If thats a bit too much to answer leave it.
    I need to search around for a bit more info anyway-heh heh GLO's making me slack :P
    Its better to regret something you have done than to regret something you havent done :P

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •