masqing on a rh7.0 box

04-09-2002, 01:52 AM

I am playing around with setting up a 7.0 firewall and dialup to the internet on my home lan. I am having some probs setting up masqing for some reason. I went to the /etc/sysctl.conf file and enabled port forwarding (from "0" to "1&quot

as well as ip always defragment. Is there another step I am missing? I havent setup any sort of firewall yet, so come to think of it, thats likely my problem. Well, at least, it was good to sit here and think about it out loud to you guys and gals.

**pbharris** · 04-09-2002, 02:12 AM

hey mountainman, errr hey man!
i used pmfirewall to set up my masqing back in the kernel 2.2 days. it supports the adding of ipmasq stuff. i know it is a lazy way out - but it was quick, it worked and the script is very easy to customize once done.

04-09-2002, 02:37 AM

Yeah, thats what I used last couple of times. I had a brain fart. To much time at work. Im doing what I like to call a split double-shift. I worked from 07 to 2 this morning, and I came back in at 10pm to work till 07 or so (probably around 09) tomorrow and might have to do it again tomorrow night. Sucks that I am salary, but the comp time is decent. I really need to get an IT job... :-/

04-09-2002, 08:49 AM

Well, Im back again. Been up for over 24 now, and things are getting a mite fuzzy. I might even get to go home in another 2 or 3 hours. Sleep.......

**civ1492** · 04-09-2002, 10:09 AM

hi,

if you just need masquerading - this simple script would do, when you have compiled in all iptables modules into the kernel you can comment out the module loading things ..

Code:

EXTIF=&quot;eth0&quot;  #change this to your needed values .. eg ppp0 for modems
INTIF=&quot;eth1&quot;

echo &quot;  External Interface: $EXTIF&quot;
echo &quot;  Internal Interface: $INTIF&quot;

echo &quot; - Verifying that all kernel modules are ok&quot;
/sbin/depmod -a

/sbin/insmod ip_tables
/sbin/insmod ip_conntrack
/sbin/insmod ip_conntrack_ftp
/sbin/insmod iptable_net
/sbin/insmod ip_nat_ftp

echo &quot; Done Loading modules &quot; 

echo &quot; Enable Forwarding + Dynamic adressing&quot;

echo &quot;1&quot; &gt; /proc/sys/net/ipv4/ip_forward
echo &quot;1&quot; &gt; /proc/sys/net/ipv4/ip_dynaddr

echo &quot;  clearing any existing rules and setting default policy..&quot;
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD ACCEPT
$IPTABLES -F FORWARD
$IPTABLES -t nat -F


echo &quot;  Enabling SNAT (MASQUERADE) functionality on $EXTIF&quot;

$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

echo &quot; Done &quot;

**Compunuts** · 04-09-2002, 05:55 PM

Check the PET about Masq stuff.. It has some modules you need to load in the kernel manually in addition to turning on the option in the networking area. It also has some ways to automate it.....

I think it's in PET area of networking .....

04-12-2002, 05:39 PM

I went with MonMotha's Firewall script. Worked like a big ol dog for me. One thing I did find out is that in 7.0 and above of redhat, you have to enable ip_forwarding in /etc/sysctl.conf for it to work.