Masquarade

**friskydrifter** · 06-18-2002, 07:14 AM

ok hhhhheeeeellllllllpppppp! lol

got a linux box with red hat 7.3 that connects to the internet via a dial up modem. It has 2 network cards with a windows machine connected to each one. How can i get them to share the internet connection through the linux box with masquarading (think thats how u spell it).

Ive checked the how to's and stuff but im going around in circles with iptables and cant seem to be getting ahead here ???. Do I HAVE to have a firewall running to masquarade?.
I do want a firewall though so if i have to thats cool!

Anyway a few simple steps is sort of what im looking for (if thats possible)

Cheers Frisky

JimH · 06-18-2002, 03:31 PM

I will get back to this sometime today. I have to leave right now.

Jim H

**friskydrifter** · 06-19-2002, 05:08 AM

No problem Jim ,theres no great rush, but i would like some help eventually. And hahaha i realized i can't spell Masquerade.
;D
Frisky

JimH · 06-19-2002, 03:24 PM

Alright post the local ip addresses you are using for the linux box and the two windows boxes before we do anything.

Jim H

**friskydrifter** · 06-20-2002, 07:15 AM

No prob, its the same network that i discussed with u before.

Linux server - 2 eth cards
eth0 = 192.168.0.1
eth1 = 192.168.1.1
ppp0 = whatever the isp gives me

Connected to eth0 is a windows machine = 192.168.0.2
Connected to eth1 is a windows machine = 192.168.1.2

the default gateways for the windows machines are the eth(X) cards they are connected to.

ALso im running SAMBA. I hope this wont interfere with the Masquerading?

**friskydrifter** · 06-20-2002, 11:41 AM

ppp0 = whatever the isp gives me

Forget that. Its what a friend said it would be, but im not sure what device the modem is, i configured it in kde and it said /dev/ttyS1

whatever?

Bogler · 06-20-2002, 12:12 PM

There's a script on the RedHat site called firewallss.txt and this protects a small network and also Masq's to any machines on a set ip range i.e. all machines with 192.168.1 addresses.

This works well with Masquerading as i have successfully tried. The script would need modifying in order to include your 2 networks but it should wor ok though.

Do a google search for firewallss.txt and have a read.

regards

Bogler

JimH · 06-21-2002, 12:06 AM

Originally Posted by Bogler

There's a script on the RedHat site called firewallss.txt

That is an old ipchains script not iptables, which is MUCH better.

Jim H

JimH · 06-21-2002, 12:16 AM

Originally Posted by friskydrifter

No prob, its the same network that i discussed with u before.

Yeah, I just wanted to confirm the ip address range you were using.

First make sure the ipchains module isn't loaded.

/sbin/lsmod | grep ipchains

If it doesnt return anything it isn't loaded. If it is loaded remove it.

/sbin/rmmod ipchains

Disable ipchains

chkconfig --level 2345 ipchains off

Save this to a file and see if it blows up. :P You must be root.
Don't forget to set the file as executable.

chmod ug+x filename

#!/bin/bash
#WARNING: This is NOT a firewall
#This will enable masquerading ONLY

#Exit if ipchains is running
#You can't run both ipchains & iptables at the same time.
if /sbin/lsmod 2>/dev/null |grep -q ipchains ; then
echo "ipchains is already running. Exiting...."
exit 0
fi

#Check and see if iptables is installed
if [ ! -x /sbin/iptables ]; then
echo "iptables is not installed. Exiting..."
exit 0
fi

#Set script constants

EXTERNAL_DEV="ppp0"
INTERNAL_NET="192.168.0.0/16"

#Flush any existing chains
iptables -F
iptables -t nat -F
iptables -t mangle -F

#Delete any user defined chains
iptables -X
iptables -t nat -X
iptables -t mangle -X

#Set default policies
#With a firewall these would all be set to DROP
iptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT

iptables -t nat -P PREROUTING ACCEPT
iptables -t nat -P OUTPUT ACCEPT
iptables -t nat -P POSTROUTING ACCEPT

iptables -t mangle -P PREROUTING ACCEPT
iptables -t mangle -P OUTPUT ACCEPT

#Enable IP Forwarding
if [ -e /proc/sys/net/ipv4/ip_forward ]; then
echo "1" > /proc/sys/net/ipv4/ip_forward
fi

#Enable dynamic ip addresses
if [ -e /proc/sys/net/ipv4/ip_dynaddr ]; then
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
fi

#Masquerade all outgoing traffic from the internal network
#Note: The "" means carry over the command to the next line
#It is just to make everything neat ;-)
iptables -t nat -A POSTROUTING -o $EXTERNAL_DEV -s $INTERNAL_NET
-j MASQUERADE

#end

You must be connnected to the net before running the script.
We may still have a routing problem.
While you are connected to the net I would like to see the output of:

/sbin/route -n

Jim H

**friskydrifter** · 06-21-2002, 01:50 AM

Jim ure a ledgend!
And yeah i'm using RedHat 7.3 which has the 2.4 kernel (i think) so wanted to use the iptables.
;D
Just reading your script made a bit more sense of the Post and prerouting thingymebobs lol.
I wont have a chance to test this for a few days(always too much to do), but ill send the /sbin/route -n info when i do.

Also i was thinking of getting rid of the GUI's, (I want to know what is happening behind the mask), so how would i set up the modem with the command line? - If thats a bit too much to answer leave it.
I need to search around for a bit more info anyway-heh heh GLO's making me slack :P