-
IP Masquerade Resource page Will have all the current information for setting up IP Masquerade on 2.0.x, 2.2.x, and even old 1.2 kernels!
-
IP Masquerade mailing list Archives contains the recent messages sent to the mailing lists.
-
David Ranch's Linux page including the TrinityOS Linux document and current versions of the IP-MASQ-HOWTO.. Topics such as IP MASQ, strong IPFWADM/IPCHAINS rulesets, PPP, Diald, Cablemodems, DNS, Sendmail, Samba, NFS, Security, etc. are covered.
- The
IP Masquerading Applications page: A comprehensive list of applications that work or can be tuned to work through a Linux IP masquerading server.
- For people setting up IP Masq on MkLinux, email Taro Fukunaga at
tarozax@earthlink.net for a copy of his short MkLinux version of this HOWTO.
-
IP masquerade FAQ has some general information
- Paul Russel's
http://www.rustcorp.com/linux/ipchains/ doc and its possibly older backup at
Linux IPCHAINS HOWTO. This HOWTO has lots of information for IPCHAINS usage, as well as source and binaries for the ipchains tool.
-
X/OS Ipfwadm page contains sources, binaries, documentation, and other information about the
ipfwadm
package
- Check out the
GreatCircle's Firewall mailing list for a great resource for strong firewall rulesets.
- The
LDP Network Administrator's Guide is a MUST for the beginner Linux administrator trying to set up a network.
- The
Linux NET-3 HOWTO is also another comprehensive document on how to setup and configure Linux networking.
-
Linux ISP Hookup HOWTO and
Linux PPP HOWTO gives you information on how to connect your Linux host to the Internet
-
Linux Ethernet-Howto is a good source of information about setting up a LAN running over Ethernet.
- You may also be interested in
Linux Firewalling and Proxy Server HOWTO
-
Linux Kernel HOWTO will guide you through the kernel compilation process
- Other
Linux HOWTOs such as Kernel HOWTO
- Posting to the USENET newsgroup:
comp.os.linux.networking
The
Linux IP Masquerade Resource is a website dedicated to Linux IP Masquerade information also maintained by David Ranch and Ambrose Au. It has the latest information related to IP Masquerade and may have information that is not being included in the HOWTO.
You may find the Linux IP Masquerade Resource at the following locations:
In Alphabetical order:
- Gabriel Beitler, gabrielb@voicenet.com
on providing section 3.3.8 (setting up Novell)
- Juan Jose Ciarlante, irriga@impsat1.com.ar
on contributing his work on his IPMASQADM port forward tool, his work on the 2.1.x and 2.2.x kernel code, the original LooseUDP patch, etc.
- Steven Clarke, steven@monmouth.demon.co.uk
on contributing his IPPORTFW IP port forwarder tool
- Andrew Deryabin, djsf@usa.net
on contributing his ICQ MASQ module
- Ed Doolittle, dolittle@math.toronto.edu
on suggestion to -V
option in ipfwadm
command for improved security
- Matthew Driver, mdriver@cfmeu.asn.au
on helping extensively on this HOWTO, and providing section 3.3.1 (setting up Windows 95)
- Ken Eves, ken@eves.com
on the FAQ that provides invaluable information for this HOWTO
- John Hardin, jhardin@wolfenet.com
for his PPTP and IPSEC forwarding tools
- Glenn Lamb, mumford@netcom.com
for the LooseUDP patch
- Ed. Lott, edlott@neosoft.com
for a long list of tested system and software
- Nigel Metheringham, Nigel.Metheringham@theplanet.net
on contributing his version of IP Packet Filtering and IP Masquerading HOWTO, which make this HOWTO a better and technical in-depth document
section 4.1, 4.2, and others
- Keith Owens, kaos@ocs.com.au
on providing an excellent guide on ipfwadm section 4.2
on correction to ipfwadm -deny
option which avoids a security hole, and clarified the status of ping
over IP Masquerade
- Michael Owings, mikey@swampgas.com
on providing section for CU-SeeMe and Linux IP-Masquerade Teeny How-To
- Rob Pelkey, rpelkey@abacus.bates.edu
on providing section 3.3.6 and 3.3.7 (setting up MacTCP and Open Transport)
- Harish Pillay, h.pillay@ieee.org
on providing section 4.5 (dial-on-demand using Diald)
- Mark Purcell, purcell@rmcs.cranfield.ac.uk
on providing section 4.6 (IPautofw)
- David Ranch, dranch@trinnet.net
help updating and maintaining this HOWTO and the Linux IP Masquerade Resource Page, the TrinityOS document
, ..., too many to list here :-)
- Paul Russell, rusty@rustcorp.com.au
for all his work on IP CHAINS, IP Masquerade kernel patches, etc
- Ueli Rutishauser, rutish@ibm.net
on providing section 3.3.9 (setting up OS/2 Warp)
- Fred Viles, fv@episupport.com
for his patches for proper port forarding of FTP.
- John B. (Brent) Williams, forerunner@mercury.net
on providing section 3.3.7 (setting up Open Transport)
- Enrique Pessoa Xavier, enrique@labma.ufrj.br
on the BOOTp setup suggestion
- All the people on the IP-MASQ email list, masq@tiffany.indyramp.com
for their help and support for all the new Linux MASQ users.
- Other code and documentation developers of IP Masquerade for this great feature
- Delian Delchev, delian@wfpa.acad.bg
- David DeSimone (FuzzyFox), fox@dallas.net
- Jeanette Pauline Middelink, middelin@polyware.iaf.nl
- Miquel van Smoorenburg, miquels@q.cistron.nl
- Jos Vos, jos@xos.nl
- And more who I may have failed to mention here (please let me know)
- All users sending feedback and suggestion to the mailing list, especially the ones who reported errors in the document and the clients that are supported and not supported
- We apologize if we have omitted any important names, not included information that some fellow users have sent us yet, etc. There are many suggestions and ideas sent but there isn't have enough time to verify and integrate these changes. Both Ambrose Au and David Ranch are trying their best to incorporate all the information sent to me into the HOWTO. I thank you for the effort, and I hope you understand our situation.
- Original IP masquerade FAQ by Ken Eves
- IP masquerade mailing list archive by Indyramp Consulting
- IP Masquerade WWW site by Ambrose Au
- Ipfwadm page by X/OS
- Various networking related Linux HOWTOs
- Some topics covered in TrinityOS by David Ranch
- TO do - HOWTO:
- Add the scripted IPMASQADM example to the Forwarders section. Also confirm the syntax.
- Add a little section on having multiple subnets behind a MASQ server
- Confirm the IPCHAINS ruleset and make sure it is consistant with the IPFWADM ruleset
TO DO - WWW page:
- Update all PPTP urls from lowrent to ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html
- Update the PPTP patch on the masq site
- Update the portfw FTP patch
Changes from 1.76 to 1.77 - 7/26/99
- Fixed a typo in the Port fowarding section that used "ipmasqadm ipportfw
-C" instead of "ipmasqadm portfw -f"
Changes from 1.75 to 1.76 - 7/19/99
- Updated the "ipfwadm: setsockopt failed: Protocol not available" message in the FAQ to be more clear instead of making the user hunt for the answer in the Forwarders section.
- Fixed incorrect syntax in section 6.7 for IPMASQADM and "portfw"
Changes from 1.72 to 1.75 - 6/19/99
- Fixed the quake module port setup order for the weak IPFWADM & IPCHAINS ruleset and the strong IPFWADM ruleset as well.
- Added a user report about port forwarding ICQ 4000 directly in and using ICQ's default settings WITHOUT enabling the "Non-Sock" proxy setup.
- Updated the URLs for the IPMASQADM tool
- Added references to Taro Fukunaga, tarozax@earthlink.net for his MkLinux port of the HOWTO
- Updated the blurb about Sonny Parlin's FWCONFIG tool to note new IPCHAINS support
- Noted that Fred Vile's patch for portfw'ed FTP access is ONLY available for the 2.0.x kernels
- Updated the 2.2.x kernel step with a few clarifications on the Experiemental tag
- Added Glen Lamb's name to the credits for the LooseUDP patch
- Added a clarification on installing the LooseUDP patch that it should use "cat" for non-compressed patches.
- Fixed a typo in the IPAUTO FAQ section
- I had the DHCP client port numbers reversed for the IPFWADM and IPCHAINS rulesets. The order I had was if your Linux server was a DHCP SERVER.
- Added explict /sbin path to all weak and strong ruleset examples.
- Made some clarifications in the strong IPFWADM section regarding Dynamic IP addresses for PPP and DHCP users. I also noted that the strong rulesets should be re-run when PPP comes up or when a DHCP lease is renewed.
- Added reference in the 2.2.x requirements, updated the ICQ FAQ section, and added Andrew Deryabin to credits section for his ICQ MASQ module.
- Added some clarifcation in the FAQ section why the 2.1.x and 2.2.x kernels went to IPCHAINS.
- Added a little FAQ section on Microsoft File/Print/Domain services (Samba) through a MASQ server. I also added a URL to a Microsoft Knowledge base document for more details.
- Added clarification in the FAQ section that NO Debian distribution supports IP masq out of the box.
- Updated the supported MASQ distributions in the FAQ section.
- Added to the Aliased NIC section of the FAQ that you CANNOT masq out of an aliased interface.
- Wow.. never caught this before but the "ppp-ip" variable in the strong ruleset section is an invalid variable name! It has been renamed to "ppp_ip"
- In both the IPFWADM and IPCHAINS simple ruleset setup areas, I had a commented out section on enabling DHCP traffic. Problem is, it was below the final reject line! Doh! I moved both up a section.
- In the simple IPCHAINS setup, the #ed out line for DHCP users, I was using the IPFWADM "-W" command instead of IPCHAINS's "-i" parameter.
- Added a little blurb to the Forwarders section the resolution to the famous "ipfwadm: setsockopt failed: Protocol not available" error. This also includes a little /proc test to let people confirm if IPPORTFW is enabled in the kernel. I also added this error to a FAQ section for simple searching.
- Added a Strong IPCHAINS ruleset to the HOWTO
- Added a FAQ section explaining the "kernel: ip_masq_new(proto=UDP): no free ports." error.
- Added an example of scripting IPMASQADM PORTFW rules
- Updated a few of the Linux Documentation Project (LDP) URLs
- Added Quake III support in the module loading sections of all the rc.firewall rulesets.
- Fixed the IPMASQADM forwards for ICQ
- 1.72 - 4/14/99 - Dranch: Added a large list of Windows NAT/Proxy alternatives with rough pricing and URLs to the FAQ.
- 1.71 - 4/13/99 - Dranch: Added IPCHAINS setups for multiple internal MASQed networks. Changed the ICQ setup to use ICQ's default 60 second timeout and change IPFWADM/IPCHAINS timeout to 160 seconds. Updated the MASQ and MASQ-DEV email list and archive subscription instructions.
- 1.70 - 3/30/99 - Dranch: Added two new FAQ sections that cover SMTP/POP-3 timeout problems and how to masquerade multiple internal networks out different external IP addresses with IPROUTE2.
- 1.65 - 3/29/99 - Dranch: Typo fixes, clarifications of required 2.2.x kernel options, added dynamic PPP IP address support to the strong firewall section, additional quake II module ports, noted that the LooseUDP patch is built into later 2.2.x kernels and its from Glenn Lamb and not Dan Kegel, added more game info in the compatibility section.
- 1.62 - Dranch: Make the final first-draft changes to the doc and now announce it the the MASQ email list.
- 1.61 - Dranch: Make editorial changes, cleaned things up and fixed some errors in the Windows95 and NT setups.
- 1.58 - Dranch: Addition of the port forwarding sections; LooseUDP setup; Ident servers for IRC users, how to read firewall logs, deleted the CuSeeme Mini-HOWTO since it is rarely used.
- 1.55 - Dranch: Complete overhaul, feature and FAQ addition, and editing sweep of the v1.50 HOWTO. Completed the 2.2.x kernel and IPCHAINS configurations. Did a conversion from IPAUTOFW to IPPORTFW for the examples that applied. Added many URLs to various other documentation and utility sites. There are so many changes.. I hope everyone likes it. Final publishing of this new rev of the HOWTO to the LDP project won't happen until the doc is looked over and approved by the IP MASQ email list (then v2.00).
- 1.50 - Ambrose: A serious update to the HOWTO and the initial addition of the 2.2.0 and IPCHAINS configurations.
- 1.20 - Ambrose: One of the more recent HOWTO versions that solely dealt with < 2.0.x kernels and IPFWADM.