MkLinux:Advanced Administration
Think Differently. Think MkLinux
Home | About | News | FAQ-O-Matic | Getting Started | Using MkLinux | Advanced Admin

IP Masquerading with MkLinux DR3 (Kernel 2.0.36)

Taro Fukunaga, tarozax@earthlink.net
v.0.0.2, March 20, 1999

Using IP masquerading, you can connect more than one computer to the internet using the same user account, phone line, and modem.

The real IP Masquerade mini HOWTO is available at http://www.ipmasq.cjb.net/. If you haven't visited this site already, this HOWTO is the authoritative source. The following are just some notes based on my own experiences setting up IP masquerading on a PowerMac running MkLinux DR3. Currently I have set up a 7100 running MkLinux to IP masquerade for a PowerCenter 120 running MacOS and MkLinux.

Besides the PowerMac 7100 and a PowerCenter 120 mentioned above, I also have a modem and an Ethernet hub. The latter come in many different configurations. I bought a 10BaseT 4 port hub, and I find it very adquate.

AS THESE ARE JUST MY PERSONAL NOTES, I CANNOT GUARANTEE THAT WHAT WORKED FOR ME WILL WORK FOR YOU. MORE TO THE POINT, YOU MAY HAVE ENTIRELY DIFFERENT NEEDS FROM MY OWN, AND MAY NOT WANT TO FOLLOW MY NOTES! USE AT YOUR OWN RISK!

Before I go on to explain IP masquerading with MkLinux, I will make some assumptions about your setup; namely,

If you have come this far, the steps you need to take to enable IP Masquerading is:

  1. Install ipfwadm
  2. Create IP masquerading scripts

I am only familiar with setting up a MacOS box running Open transport and another MkLinux box as clients of the MkLinux IP Masquerading box. These are discussed in sections 3 and 4. If something doesn't work, I recommend rebooting the server, as this ensures that the initialization scripts get called properly.

  1. Install ipfwadm
  2. You will need to install ipwadm, which is available on the MkLinux DR3 CD.

    # rpm -U ipfwadm-2.3.0-2B.ppc.rpm

  3. Create IP masquerading scripts

    Edit /etc/sysconfig/network to enable networking and IPV4 forwarding.

    # vi /etc/sysconfig/network
    NETWORKING=yes
    FORWARD_IPV4=true
    HOSTNAME=servername

    Next, edit /etc/rc.d/rc.local to set firewalling policies at bootup.

    # vi /etc/rc.d/rc.local
    # enable IP Masquerading
    echo "ip_masq 192.168.3.1"

    # Incoming, local machines including loopback, okay
    ipfwadm -I -f
    ipfwadm -I -a accept -V 127.0.0.1 -D0.0.0.0/0
    ipfwadm -I -a accept -V 192.168.3.1 -D0.0.0.0/0
    ipfwadm -I -a accept -V 192.168.3.2 -D0.0.0.0/0
    # more generally,
    #ipfwadm -I -a accept -V 192.168.255.1 -S192.168.0.0/24 -D0.0.0.0/0

    # Forwarding, flush and set policy of deny.
    /sbin/ipfwadm -F -p deny
    /sbin/ipfwadm -F -a m -S192.168.3.0/24 -D0.0.0.0/0

    rc.local is a shell script that gets run at boot time. To run the script immediately, as root, type

    # ./rc.local

    Make sure you haven't made any syntactical errors. Note that if you are using different IP numbers and/or different network addresses, the syntax of ipfwadm may change. Refer to the IP Masquerade mini HOWTO for more information about this.

    Enter the DNS addresses of your ISP in /etc/resolv.conf. The following addreses are for illustration purposes only!

    # cd /etc
    # vi resolv.conf

    domain myisp.net
    nameserver 207.217.126.88
    nameserver 207.217.120.89

    Make sure /etc/host.conf looks like this:

    # cd /etc
    # vi host.conf
    order hosts,bind

    Finally, reboot.

  4. Setup MacOS 8.5 with Open Transport as a host

    On the MkLinux IP masquerading machine, edit etc/hosts.

    # cd /etc/
    # vi hosts

    127.0.0.1 localhost servername
    192.168.3.1 servername
    192.168.3.2 macclient

    On the client Mac, Open the tcp/ip control panel. If the current connection method is ppp, change it to Ethernet. The IP address should say something like 192.168.3.2, subnet mask 255.255.255.0, and router address 192.168.3.1.

    Start NCSA telnet and start a ppp session. I recommend using the ppp-on and ppp-off scripts.

    Once the connection is up, you should be able to browse the Internet from MacOS. You should also be able to use Fetch for ftp transfers and receive and send email.

  5. Setting up MkLinux as a host

    Edit /etc/sysconfig/network on the client machine to enable networking and IPV4 forwarding.

    # vi /etc/sysconfig/network
    NETWORKING=yes
    FORWARD_IPV4=true
    HOSTNAME=server
    GATEWAY=192.168.3.1

    Make sure the /etc/hosts file for both MkLinux machines are configured correctly. For example, the /etc/hosts file for the IP masquerading server now looks like this:

    # cat /etc/hosts
    127.0.0.1 localhost servername
    192.168.3.1 servername
    192.168.3.2 macclient
    192.168.3.3 linuxclient

    The /etc/hosts file on the client MkLinux machine looks like this:

    # cat /etc/hosts
    127.0.0.1 localhost linuxclient
    192.168.3.3 linuxclient
    192.168.3.1 servername

    The configuration of /etc/resolv.conf needs to be the same as the the MkLinux IP Masquerading machine.

    # cd /etc
    # vi resolv.conf

    domain myisp.net
    nameserver 207.217.126.88
    nameserver 207.217.120.89

    Make sure /etc/host.conf looks like this:

    # cd /etc
    # vi host.conf

    order hosts,bind


As the contents of this web page is based on the IP Masquerade mini HOWTO by Ambrose Au and David Ranch, it is also redistributable under the terms of the Gnu General Public License.
webmaster


Home | About | News | FAQ | Getting Started | Using MkLinux | Advanced Admin

Contact the web team at mklinux-www@mklinux.org.

Copyright (©) 2001 MkLinux Developers Association. Permission to freely distribute this document is hereby granted, provided that it is distributed at no charge other than normal connect-time charges. All rights other than those specifically granted above are reserved.