Let's turn this thing on so we can get that instant gratification happening. I assume you've got Linux running and your first network card is accessing the Net. Now we need to log in as root and configure the second network card. A good choice for its address is 192.168.1.1, with a netmask of 255.255.255.0. This gives you a full Class C network, which allows for 255 addresses on your internal network. RFC 1597 reserves 192.168.0.0 for intranets, so requests from that range will never be routed to the Internet.I prefer the netcfg interface for configuring network cards. As root, type netcfg. Click on eth1, then edit. Enter the IP and subnet mask I've indicated, select the Activate at Boot Time checkbox, and click Done to get back to the main panel. Click on Activate, then choose Save, and quit the netcfg program. Now try out the /sbin/ifconfig -a command, which will list your network interfaces. Both eth0 and eth1 should be in a UP state.
You're going to want masquerading to start at boot time, so add the following to your /etc/rc.d/rc.local file.
#Turn on IP forwardingecho 1 > /proc/sys/net/ipv4/ip_forward/sbin/ipchains -P forward DENY/sbin/ipchains -A forward -s 192.168.1.0/255.255.255.0 -j MASQ#If you telnet a lot, this will stop your connections from timing out at #inconvenient times. #/sbin/ipchains -M -S 7200 10 60##Uncomment to make life better with dialup connections using dynamic IP addresses.#echo "1" > /proc/sys/net/ipv4/ip_dynaddr##Uncomment these for special services./sbin/insmod ip_masq_ftp#/sbin/insmod ip_masq_quake#/sbin/insmod ip_masq_cuseeme/sbin/insmod ip_masq_raudio#/sbin/insmod ip_masq_quake#/sbin/insmod ip_masq_vdolive#/sbin/insmod ip_masq_irc
Let's examine the special services portion a bit more closely.
Earlier I hinted that complex conversations between the Elbonians (computers) and Dilbert (Linux) might cause problems. FTP is the classic case. Your Web browser will usually use something called passive FTP. This is not a problem because data transfer connections are made from client to server or from Elbonian --> Dilbert --> Pointy-Haired Boss (PHB).
However, your command line or graphical FTP client may try to use active FTP. In this case, data connections are initiated from outside your network (PHB --> Dilbert --> Elbonian), and this just doesn't fly with Masquerade because Dilbert didn't start the conversation! The /sbin/insmod ip_masq_ftp command loads special psychic powers (kernel modules) into Dilbert's brain that allow him to know a few things about these conversations and handle them correctly when they arrive. This will fix the problem with your active FTP client connections. You could also type in passive during your command line FTP session. Or you could hunt around for a passive option in your graphic FTP client.
The other options I've listed but commented out do similar things for other services like RealAudio and Quake.
next page»
