Advanced Administration

Think Differently. Think MkLinux

IP Masquerading with MkLinux DR3 (Kernel 2.0.36)

Using IP masquerading, you can connect more than one computer to the internet using the same user account, phone line, and modem.

The real IP Masquerade mini HOWTO is available at http://www.ipmasq.cjb.net/. If you haven't visited this site already, this HOWTO is the authoritative source. The following are just some notes based on my own experiences setting up IP masquerading on a PowerMac running MkLinux DR3. Currently I have set up a 7100 running MkLinux to IP masquerade for a PowerCenter 120 running MacOS and MkLinux.

Besides the PowerMac 7100 and a PowerCenter 120 mentioned above, I also have a modem and an Ethernet hub. The latter come in many different configurations. I bought a 10BaseT 4 port hub, and I find it very adquate.

AS THESE ARE JUST MY PERSONAL NOTES, I CANNOT GUARANTEE THAT WHAT WORKED FOR ME WILL WORK FOR YOU. MORE TO THE POINT, YOU MAY HAVE ENTIRELY DIFFERENT NEEDS FROM MY OWN, AND MAY NOT WANT TO FOLLOW MY NOTES! USE AT YOUR OWN RISK!

Before I go on to explain IP masquerading with MkLinux, I will make some assumptions about your setup; namely,

• You are running MkLinux server 2.0.36 (Generic #7).
• PPP is working on the MkLinux (IP Masquerading) box, so you can ping remote servers as well as local computers.
• You can telnet to the MkLinux box from the MacOS box. Useful if you only have one monitor!

If you have come this far, the steps you need to take to enable IP Masquerading is:

1. Install ipfwadm
2. Create IP masquerading scripts

I am only familiar with setting up a MacOS box running Open transport and another MkLinux box as clients of the MkLinux IP Masquerading box. These are discussed in sections 3 and 4. If something doesn't work, I recommend rebooting the server, as this ensures that the initialization scripts get called properly.

1. Install ipfwadm

You will need to install ipwadm, which is available on the MkLinux DR3 CD.

# rpm -U ipfwadm-2.3.0-2B.ppc.rpm

2. Create IP masquerading scripts

   Edit /etc/sysconfig/network to enable networking and IPV4 forwarding.

   # vi /etc/sysconfig/network
   NETWORKING=yes
   FORWARD_IPV4=true
   HOSTNAME=servername

   Next, edit /etc/rc.d/rc.local to set firewalling policies at bootup.

   # vi /etc/rc.d/rc.local
   # enable IP Masquerading
   echo "ip_masq 192.168.3.1"

   # Incoming, local machines including loopback, okay
   ipfwadm -I -f
   ipfwadm -I -a accept -V 127.0.0.1 -D0.0.0.0/0
   ipfwadm -I -a accept -V 192.168.3.1 -D0.0.0.0/0
   ipfwadm -I -a accept -V 192.168.3.2 -D0.0.0.0/0
   # more generally,
   #ipfwadm -I -a accept -V 192.168.255.1 -S192.168.0.0/24 -D0.0.0.0/0
   
   # Forwarding, flush and set policy of deny.
   /sbin/ipfwadm -F -p deny
   /sbin/ipfwadm -F -a m -S192.168.3.0/24 -D0.0.0.0/0
   
   rc.local is a shell script that gets run at boot time. To run the script immediately, as root, type

   # ./rc.local

   Make sure you haven't made any syntactical errors. Note that if you are using different IP numbers and/or different network addresses, the syntax of ipfwadm may change. Refer to the IP Masquerade mini HOWTO for more information about this.

   Enter the DNS addresses of your ISP in /etc/resolv.conf. The following addreses are for illustration purposes only!

   # cd /etc
   # vi resolv.conf

   domain myisp.net
   nameserver 207.217.126.88
   nameserver 207.217.120.89

   Make sure /etc/host.conf looks like this:

   # cd /etc
   # vi host.conf
   order hosts,bind

   Finally, reboot.

3. Setup MacOS 8.5 with Open Transport as a host

   On the MkLinux IP masquerading machine, edit etc/hosts.

   # cd /etc/
   # vi hosts
   
   127.0.0.1 localhost servername
   192.168.3.1 servername
   192.168.3.2 macclient

   On the client Mac, Open the tcp/ip control panel. If the current connection method is ppp, change it to Ethernet. The IP address should say something like 192.168.3.2, subnet mask 255.255.255.0, and router address 192.168.3.1.

   Start NCSA telnet and start a ppp session. I recommend using the ppp-on and ppp-off scripts.

   Once the connection is up, you should be able to browse the Internet from MacOS. You should also be able to use Fetch for ftp transfers and receive and send email.

4. Setting up MkLinux as a host

   Edit /etc/sysconfig/network on the client machine to enable networking and IPV4 forwarding.

   # vi /etc/sysconfig/network
   NETWORKING=yes
   FORWARD_IPV4=true
   HOSTNAME=server
   GATEWAY=192.168.3.1

   Make sure the /etc/hosts file for both MkLinux machines are configured correctly. For example, the /etc/hosts file for the IP masquerading server now looks like this:

   # cat /etc/hosts
   127.0.0.1 localhost servername
   192.168.3.1 servername
   192.168.3.2 macclient
   192.168.3.3 linuxclient

   The /etc/hosts file on the client MkLinux machine looks like this:

   # cat /etc/hosts
   127.0.0.1 localhost linuxclient
   192.168.3.3 linuxclient
   192.168.3.1 servername

   The configuration of /etc/resolv.conf needs to be the same as the the MkLinux IP Masquerading machine.

   # cd /etc
   # vi resolv.conf

   domain myisp.net
   nameserver 207.217.126.88
   nameserver 207.217.120.89

   Make sure /etc/host.conf looks like this:

   # cd /etc
   # vi host.conf

   order hosts,bind

Home | About | News | FAQ | Getting Started | Using MkLinux | Advanced Admin