








		     Linux IP Masquerade mini HOWTO 

		     : Ambrose Au ambrose@writeme.com

		    : Asd L. Chen asdchen@ms1.hinet.net

	      v1.20, 10 November 1997 : 19 November 1997



				   Abstract

     ļһ̨ Linux  IP Masquerade
     ܣûע· IP λַߵԾ Linux
     ·



1.  

1.1  

ļһ̨ Linux   IP Masquerade
ܣûע· IP λַߵԾ Linux
·Ļ̫· Linux,
Ҳ࣬ǲӵĵԵ(ppp)
ߣļǿ̫·ߵΪӦİ

     ļʹ 2.0.x  ĵʹ߲οչе 2.1.x
     ģ

1.2  ǰԣ & οѶ

ҷڽµĺϣ 2.x  ģ趨 IP Masguerade
ʱǳȻзݳʴ(FAQ) ʵб(mailing
list)ȻûһⷽרļʵбЩһ˵ļ(HOWTO)
ԣҾ׫дΪһ㣬ϣשΪЩǳ˽ʹ߽ļĻΪĲãҪңܰøã

ļܶԭ Ken Eves ĳʴԼ IP Masquerade
ʵбаѶϢΪرл  Mr. Matthew Driver
ʵбеѶϢ IP Masquerade Լ׫дļ

ҵκѶ©κѶκλĵ
ambrose@writeme.com ޼ۻӰδ˵ļ!

˵ļΪ IP Masquerade  ʱĿָ
ΪҲһλרңֱܻᷢļѶһ㼰͹ۣ
µϢԼѶά IP Masquerade Resource1  ҳҵ
κι IP Masquerade	ļ⣬ IP Masquerade

____________________

1. <URL:http://ipmasq.home.ml.org/>

Linux IP Masquerade mini HOWTO 					      1





Linux IP Masquerade mini HOWTO 					      2



ʵбĵʼңΪҵʱޣ IP Masquerade
ķչǸش⣮

ļµİ汾 IP Masquerade Resource ҵҲ HTML Լ
postscript İ汾:

    http://ipmasq.home.ml.org/

    ο IP Masquerade Resource ӳվ̨б2  ҵӳվ̨

1.3  Ȩ & 

ļȨ Ambrose Au, ѵļ GNU
ͨùȨʽɢ

ļеѶݶѾŬΣIP Masquerade
ʵԵģҲܻ᷸ЩӦԼǲҪļеѶ

û˻ΪʹļеѶɵĵ𻵻ʧҲ˵

     ߲ļݶɵ𺦸

ԭ

This document is copyright(c) 1996 Ambrose Au, and it's a free document. You
can redistribute it under the terms of the GNU General Public License.

The information and other contents in this document are to the best of my
knowledge. However, ip_masq is experimental, and there is chance that I make
mistakes as well; so you should determine if you want to follow the information
in this document.

Nobody is responsible for any damage on your computers and any other losses by
using the information on this document. i.e.

     THE AUTHOR IS NOT RESPONSIBLE FOR ANY DAMAGES INCURRED DUE TO ACTIONS
     TAKEN BASED ON THE INFORMATION IN THIS DOCUMENT.


2.  ֪ʶ

2.1  ʲ IP Masquerade?

IP Masquerade  Linux	չеһ·ܣһ̨ Linux ʹ IP Mas
querade
ߵ·ϣĵԣͬһ·ϻݻߣҲԽӴ·ʹûлʽָ
IP λַ

ʹһЩԿբ(gateway)
ϵͳȡ·ֻ֣ϵͳʹ·ͻ趨õαװ(mas
querade)ϵͳ֮ȫӦûͻõķʽǽ(packet filter

____________________

2. <URL:http://ipmasq.home.ml.org/index.html#mirror>







Linux IP Masquerade mini HOWTO 					      3



firewall)øѣ֮жûд󣩣

2.2  ֿ

IP Masquerade Ȼʵ׶ΣΣĴ 1.3.x
ʼѾڽ֧Ԯ˾ʹĽ

ҳԼԶǩ(telnet)Ѿлرʾ IP Masquerade
(FTP)·̸(IRC) Լ Real Audio
ڿĳЩģϣ·Ѷ (streaming audio)  True
Speech	Լ Internet Wave
ҲһЩʵбеʹⷰԹѶ壮 Ping
½ȡõ·ѶϢЭ(ICMP)޲Ҳ

֧Ԯбο 4.3 ڣ

IP Masquerade ֲͬҵϵͳƽ̨ 'ͻ˻'
ãɹİʹ Unix, Windows95, Windows NT, Windows for Workgroup
(with TCP/IP package), OS/2, Macintosh System's OS with Mac TCP, Mac Open
Transport, DOS with NCSA Telnet package, VAX, Alpha with Linux,  Amiga with
AmiTCP  AS225-stack ϵͳ

2.3  ˭Դ IP Masquerade л?

    ̨· Linux 

    һЩִ TCP/IP ӵ Linux ĵ·ϣԼ/

     Linux һϵݻΪ PPP  SLIP
     ŷԣ

    Щûʽָ IP
     λַЩ￪ʼͳΪ

    ҵȻϣЩػķþ· :)

2.4  ˭Ҫ IP Masquerade?

    Ļǵһ̨(stand-alone) · Linux ִ IP
     Masquerade ûʲ壬

    ӵʽָ IP λַͲҪ IP Masquerade

    ҵȻ㲻ϲʹ(free ride) Ļ

2.5  IP Masquerade ?

 Ken eves  IP Masquerade FAQ:














Linux IP Masquerade mini HOWTO 					      4



       Ǵ󲿷ּ򵥵趨ͼ:

	  SLIP/PPP	   +------------+			  +-------------+
	  to provider	   |  Linux	|	SLIP/PPP	  | Anybox	|
	 <---------- modem1|		|modem2 ----------- modem |		|
	   111.222.333.444 |		|	    192.168.1.100 |		|
			   +------------+			  +-------------+

	       Ĳͼһ̨װִ ip_masquerading   Linux
	   ʹ modem1  SLIP/or/PPP  ·һ
	   ָ IP λַ 111.222.333.444趨 modem2 
	   ǩ벢ʼ SLIP/or/PPP  ᣮ

	       ڶϵͳִ Linux  ϵͳӽ Linux
	   ʼ SLIP/or/PPP  ᣮ·ϲûָ
	   IP  λַʹ 192.168.1.100

	        ip_masquerade  ʵ(routing configured)
	   Anybox  ̨Ը·ͬ
	   ⣩

       ¼ Pauline Middelink:
	   ᵽ ANYBOX Ӧð Linux  բ
	   Ԥ·ֻǸ·ûϵ ANYBOX ܹ
	   裬 Linux  ӦΪҪ͵λַλַ
	   Э(proxy arp) 񣬵λַ趨ļ
	   ġΧ

       ¼ comp.os.linux.networking һƪ沢Լӱ༭
       ô:

       Ҹ ANYBOX ̨ slip  linux  բ
       һ ANYBOX  linux  ʱָµԴ
	 (source port number)Լ ip λַıͷ
	 ԭģȻ SLIP/or/PPP  ޸Ĺķ
	 ·
       һ· linux  ʱָ
	 һȡԭĲԼ ip λַǷŻط
	 ıͷҰѷ ANYBOX 
       ͳԶ֪еĲ

һ IP Masquerading :

ͼʾǵ͵:-


















Linux IP Masquerade mini HOWTO 					      5



	 +----------+
	 |	    |  Ethernet
	 | abox     |::::::
	 |	    |2	  :192.168.1.x
	 +----------+	  :
			  :   +----------+   PPP
	 +----------+	  :  1|  Linux	 |   link
	 |	    |	  ::::| masq-gate|:::::::::// Internet
	 | bbox     |::::::   | 	 |
	 |	    |3	  :   +----------+
	 +----------+	  :
			  :
	 +----------+	  :
	 |	    |	  :
	 | cbox     |::::::
	 |	    |4
	 +----------+


	 <-Internal Network->


ǿ̨ϵͳңԶҷЩ㵽· IP
ܹӣԼһЩԶһҳ·ȤѶĶ
 Linux ϵͳ masq-gate  abox, bbox, cbox
ڲ··αװբ ڲ·ʹָ˽(private)
·λַ class C · 192.168.1.0, Linux ӵλַ
192.168.1.1  ϵͳҲӵд·ϵλַ

̨ abox, bbox Լ cbox (ǿִκҵϵͳ   Windows 95,
Macintosh MacTCP һ̨ Linux ֻҪ˽
IP)ߵ·ϵȥȻαװϵͳբ masq-gate
תеЩ߿ԭαװբ masq-gate
ģһαװߴصתԭȵϵͳ 
ڲ·ϵϵͳֱͨ·ĵ·Ҳ֪ǵϱαװ

2.6   Linux 2.x  ʹ IP Masquerade  

      ** ο IP Masquerade Resource3  ԻѶΪ
     HOWTO ѵģ **

     2.0.x ԭʼʽԴȡ ftp://ftp.funet.fi/pub/Linux/ker
     nel/src/v2.0/

     (ǵģ㽫ϼһЩ֧Ԯĺ.... µȶ汾)

    ģ飬 2.0.0 µİ汾Դȡ
     http://www.pi.se/blox/modules/modules-2.0.0.tar.gz

     (Ҫ modules-1.3.57)


____________________

3. <URL:http://ipmasq.home.ml.org/>







Linux IP Masquerade mini HOWTO 					      6



    趨õ TCP/IP ·

      Linux NET-2 HOWTO4	·ָ(Network Administrator's Guide)
     Network Administrator's Guide5

     Linux ·

      Linux ISP Hookup HOWTO6 , Linux PPP HOWTO Լ Linux PPP-over-ISDN
     mini-HOWTO7

    Ipfwadm 2.3 µİ汾Դȡ

     ftp://ftp.xos.nl/pub/linux/ipfwadm/ipfwadm-2.3.tar.gz  Linux Ipfwadm
     ҳи춰汾Ѷ Linux Ipfwadm page8

    ѡԵؼһЩ IP Masquerade ޲ܣ
     ȡĸѶ IP Masquerade Resources9	(Щ޲е
     2.0.x  )


3.  IP Masquerade 趨

     ˽·κҪѶʹ IP Masquerade
     ֮ǰ˼ܳΪͨ·բ֮ȻҲܳΪһߵ˽·;

3.1  ļ IP Masquerade ֧Ԯ

      ** ο IP Masquerade Resource10  ԻѶΪ
     HOWTO ѵģ **

    ȣҪĵԭʼʽ(ȶġ2.0.0 ϵĺ)

    һαģҪ£ʵϣǳ׶Һ Linux
     Kernel HOWTO

    ʹָ: tar xvzf linux-2.0.x.tar.gz -C /usr/src Ѻĵԭʼʽ
     /usr/src/ x  2.0 ֮޲㼶

      (ȷиΪ linux Ŀ¼)

____________________

4. <URL:http://www.caldera.com/LDP/HOWTO/NET-2-HOWTO.html>

5. <URL:http://linuxwww.db.erau.edu/NAG/>

6. <URL:http://www.caldera.com/LDP/HOWTO/ISP-Hookup-HOWTO.html>

7. <URL:http://www.caldera.com/LDP/HOWTO/mini/PPP-over-ISDN>

8. <URL:http://www.xos.nl/linux/ipfwadm/>

9. <URL:http://ipmasq.home.ml.org/>

10.<URL:http://ipmasq.home.ml.org/>







Linux IP Masquerade mini HOWTO 					      7



    ʵ޲Ϊµ޲ϳϸڲµѶο
     IP Masquerade Resources11

    йرĸһĽο Kernel HOWTO ԼԭʼʽĿ¼
     README 

    Ҫȥѡ:

     ѡҪش YES:











































____________________

11.<URL:http://ipmasq.home.ml.org/>







Linux IP Masquerade mini HOWTO 					      8



	    * Prompt for development and/or incomplete code/drivers
	      CONFIG_EXPERIMENTAL
	      - ⽫ѡʵԵ IP Masquerade ʽ뵽ȥ

	    * Enable loadable module support
	      CONFIG_MODULES
	      - ܹģ

	    * Networking support
	      CONFIG_NET

	    * Network firewalls
	      CONFIG_FIREWALL

	    * TCP/IP networking
	      CONFIG_INET

	    * IP: forwarding/gatewaying
	      CONFIG_IP_FORWARD

	    * IP: firewalling
	      CONFIG_IP_FIREWALL

	    * IP: masquerading (EXPERIMENTAL)
	      CONFIG_IP_MASQUERADE
	      - ȻʵԵģȴ ** 

	    * IP: ipautofw masquerade support (EXPERIMENTAL)
	      CONFIG_IP_MASQUERADE_IPAUTOFW
	      - ʹ

	    * IP: ICMP masquerading
	      CONFIG_IP_MASQUERADE_ICMP
	      - ֧Ԯ ICMP αװѡ

	    * IP: always defragment
	      CONFIG_IP_ALWAYS_DEFRAG
	      - ߶Ƚʹ

	    * Dummy net driver support
	      CONFIG_DUMMY
	      - ʹ

     ע: Щֻ IP Masquerade
     Ҫģ㻹ѡκ趨Ҫѡ

    ֮ᣬӦñ벢װģ:

	  make modules modules_install



    ȻӦ /etc/rc.d/rc.local
     (κΪʵĵ)ϼԱÿʱԶ








Linux IP Masquerade mini HOWTO 					      9



     /lib/modules/2.0.x/ipv4/ ģ:

		  .
		  .
		  .
	  /sbin/depmod -a
	  /sbin/modprobe ip_masq_ftp
	  /sbin/modprobe ip_masq_raudio
	  /sbin/modprobe ip_masq_irc
	  (Լ ip_masq_cuseeme, ip_masq_vdolive ģ飬мʵ޲)
		  .
		  .
		  .


ע: Ҳʹ ip_masq  ֮ǰֶǲҪʹ kerneld
룬ǲе!

3.2  ָ˽· IP λַ

ΪûʽָλַиȷķʽλַЩ

 IP Masquerade FAQ:

з RFC (#1597) йûߵ·ʹʲ IP
λַرΪĿĶģһʹõ 192.168.1.n 
192.168.255.n ֮ 255 Class-C ·

      RFC 1597:

     : ˽λַռ

	   ·λַָ(IANA: Internet Assigned Numbers Authority)
	   Ѿ IP λַռ˽·:

			  10.0.0.0	  -   10.255.255.255
			  172.16.0.0	  -   172.31.255.255
			  192.168.0.0	  -   192.168.255.255

	   ǽƵһΪ "24λԪ"ڶΪ "20λԪ"
	   Ϊ "16λԪ"ע⵽һֻǸ
	   class A  ·룬ڶ 16  class B ·
	   룬һ 255   class C ·룮


ԣҪʹһ class C	·ĻĻӦ 192.168.1.1,
192.168.1.2, 192.168.1.3, ..., 192.168.1.x ֮

192.168.1.1 ͨբ̨ڴ˼· Linux ע
192.168.1.0 Լ 192.168.1.255
ֱΪ·Լ㲥λַǱģĻʹЩλַ











Linux IP Masquerade mini HOWTO 					     10



3.3  

Ϊÿ̨趨ʵ IP
λַ֮⣬ҲӦ趨ʵբһ˵Ƿǳֱ˵ģֻ򵥵
Linux λַ(ͨ 192.168.1.1)Ϊբλַ

ƷԼκ DNS  ϵͳܵӦ Linux
ʹõһҲѡԵؼκβ(domain suffix) 

Щ IP λַ֮ᣬǵʵķ¿

áʹһ Class C  · 192.168.1.1 Ϊ Linux
λַע 192.168.1.0	 192.168.1.255 Ǳģ

3.3.1   Windows 95

  1.  㻹ûаװ·Լʽ

  2.   '̨/·' ȥ

  3.  ·û 'TCP/IP  Э' ӽȥ

  4.  'TCP/IP  'Уѡ'IP  λַ'Ұ IP λַ趨Ϊ
      192.168.1.x,(1<x<255) Ұ·Ϊ 255.255.255.0

  5.  'ͨѶբ'м 192.168.1.x  Ϊբ

  6.  'DNS '/'DNS ŷ'¼ Linux ʹõ DNS (ͨ
      /etc/resolv.conf ҵ)ѡԵؼʵβѰ˳

  7.  Ҫԭȵ趨֪Լʲᣮ

  8.  еĶԻа'ȷ'ϵͳ

  9.  ·ߣPing  linux : 'ʼ/ִ' ping 192.168.1.1

      (ֻ·߲ԣڻ ping 磮)

 10.   windows	Ŀ¼ѡԵؽһ HOSTS
      ʹ·Ļƣ windows  Ŀ¼иΪ
      HOSTS.SAM ġ

3.3.2   Windos for Workgroup 3.11

  1.  㻹ûаװ·Լʽ

  2.  㻹δװ TCP/IP 32b ׼Ļװɣ

  3.   'Main'/'Windows Setup'/'Network Setup',  'Drivers'

  4.   'Network Drivers'  'Microsoft TCP/IP-32 3.11b' ף
      'Setup'










Linux IP Masquerade mini HOWTO 					     11



  5.  趨 IP λַ 192.168.1.x (1 < x < 255), Ȼ趨 Subnet Mask Ϊ
      255.255.255.0 Լ Default Gateway Ϊ 192.168.1.1

  6.  Ҫ 'Automatic DHCP Configuration'  'WINS Server'
      зκζһ Windows NT ж֪ʲᣮ

  7.   'DNS',  3.3.1 СвᵽѶȻᰴ 'OK'
      ť

  8.   'Advanced', ʹ 3.3.1 Сڲʮᵽѡ
      'Enable DNS for Windows Name Resolution'  'Enable LMHOSTS lookup'

  9.  жԻа 'OK' ϵͳ

 10.  Ping һ Linux Բ·:  'File/Run' : ping
      192.168.1.1

      (ֻ·Ӳԣ㻹 ping )

3.3.3  Configuring Windows NT

  1.  㻹ûаװ·Լʽ

  2.   'Main'/'Control Panel'/'Network'

  3.  㻹ûװ TCP/IP Ļ 'Add Software' ѡм TCP/IP
      ЭصĲݣ

  4.   'Network Software and Adapter Cards' ｫ 'Installed Network Software'
      ѡе 'TCP/IP Э' ף

  5.   'TCP/IP Configuration'ѡʵĽʽ磬[1]Novell NE2000
      AdapterȻ趨 IP λַ 192.168.1.x (1 < x < 255)Ȼ趨 Subnet
      Mask Ϊ 255.255.255.0 Լ Default Gateway Ϊ 192.168.1.1

  6.  Ҫ 'Automatic DHCP Configuration'  'WINS Server'
      зκζһ Windows NT ж֪ʲᣮ

  7.   'DNS',  3.3.1 СвᵽѶȻᰴ 'OK'
      ť

  8.   'Advanced', ʹ 3.3.1 Сڲʮᵽѡ
      'Enable DNS for Windows Name Resolution'  'Enable LMHOSTS lookup'

  9.  жԻа 'OK' ϵͳ

 10.  Ping һ Linux Բ·:  'File/Run' : ping
      192.168.1.1

      (ֻ·Ӳԣ㻹 ping )

3.3.4   UNIX ϵеϵͳ










Linux IP Masquerade mini HOWTO 					     12



  1.  㻹δװ·ʵĽʽ±ĺģھɣ

  2.  װ TCP/IP · nettools ׼㻹ûװĻ

  3.   IPADDR Ϊ 192.168.1.x (1 < x < 255), ȻὫ NETMASK Ϊ
      255.255.255.0, GATEWAY Ϊ 192.168.1.1, Լ BROADCAST Ϊ
      192.168.1.255

      磬 Red Hat Linux ϵͳԱ༭ /etc/sysconfig/network-
      scripts/ifcfg-eth0ֱӴ Control Panel 

      ( SunOS, BSDi, Slackware Linux, жͬ...)

  4.  ŷѰβӵ /etc/resolv.conf

  5.  趨Ҫ /etc/networks 

  6.  ʵķ񣬻򵥵¿

  7.   ping ָ: ping 192.168.1.1 ԲԵ gateway ԣ

      (ֻ·Ӳԣ㻹 ping )

3.3.5  ʹ NCSA Telnet ׼ DOS 

  1.  㻹ûаװ·

  2.  ʵķʽ NE2000 ˵Ŀ趨Ϊ IRQ 10
      Ӳλַ 0x300 nwpd 0x60 10 0x300

  3.  һĿ¼Ȼ⿪ NCSA Telnet ׼: pkunzip tel2308b.zip

  4.  ʹֱ༭ config.tel 

  5.  趨 myip=192.168.1.x (1 < x < 255), Լ netmask=255.255.255.0

  6.  ڱУӦ趨 hardware=packet, interrupt=10, ioaddr=60

  7.  ҪһĻ趨Ϊ gatewayҲ Linux :

	   name=default
	   host=yourlinuxhostname
	   hostip=192.168.1.1
	   gateway=1



  8.  ҪһָƷ:

	   name=dns.domain.com ; hostip=123.123.123.123; nameserver=1


      ע:  Linux ʹõ DNS ʵѶȡ









Linux IP Masquerade mini HOWTO 					     13



  9.   config.tel 

 10.  Telnet  Linux Բ·: telnet 192.168.1.1

3.3.6  ִ MacTCP  MacOS 

  1.  㻹ûΪ̫·תװʵʽھ


  2.   MacTCP control panelѡʵ·ʽ(Ethernet, 
      EtherTalk)  'More...' ť

  3.   'Obtain Address:',  'Manually'

  4.   'IP Address:' £ӵѡѡ class CԶԻеݣ

  5.   'Domain Name Server Information:' ʵѶ

  6.   'Gateway Address:' У 192.168.1.1

  7.   'OK' Դ趨 MacTCP control panel ӴУ 'IP
      Address:'  Mac  IP λַ (192.168.1.x, 1 < x < 255)

  8.  ر MacTCP control panel. еĵӴ¿Ǿɣ

  9.   ping һ Linux ·ߣ MacTCP Watcher
      ѳʽ 'Ping' ťȻڵĶԻм Linux
      ĵַ(192.168.1.1)(ֻ·Ӳԣ㻹 ping
      磮)

 10.  ѡԵ System Folder нһ Hosts
      Աʹ·ƣѾ
      System Folder
      ӦûһЩ(ע)ĿԸҪ޸ģ

3.3.7  ִ Open Transport  MacOS ϵͳ

  1.  㻹ûΪ̫·תװʵʽھ

  2.   TCP/IP Control Panel Ȼ Edit ѡѡ 'User Mode
      ...'ȷʹģʽ 'Advanced' Ȼᰴ 'OK' ť

  3.   File ѡѡ 'Configurations...'ѡ 'Default' ò 'Dupli
      cate...' ť 'Duplicate Configuration' Իм 'IP Masq'
      (֪Ǹõ)ܻ˵ 'Deafault copy'
      ʲģȻᰴ 'OK' ťԼ 'Make Active' ť

  4.   'Connect via:' ʽѡѡ 'Ethernet'

  5.   'Configure:'
      ʽѡѡʵĿ㲻֪ӦѡʲᣬӦѡ
      'Default' Ȼ뿪õ 'Manually'










Linux IP Masquerade mini HOWTO 					     14



  6.   'IP Address:'  Mac  IP λַ (192.168.1.x, 1 < x < 255)

  7.   'Subnet mask:'  255.255.255.0

  8.   'Router address:'  192.168.1.1 

  9.   'Name server addr.:' ŷ IP λַ

 10.   'Implicit Search Path:'  'Starting domain name'
      ·( 'microsoft.com')

 11.  ĲѡԵģȷֵܵصĴΪ㲻ȷ¿հףҪѡҪĻȥЩλеκѶĿǰ֪ûа취
      TCP/IP ԻӴиϵͳҪʹǰѡһ "Hosts"
      ֪ĻҺȤ˽⣮·Ҫ 802.3 ܵĻѡ
      '802.3'

 12.   'Options...' ȷ TCP/IP ãʹ 'Load only when needed'
      ѡִв TCP/IP
      ӦóʽζδĻ㽫ֲѡ 'Load only when needed'
      /ļЧܣѡĿʹ TCP/IP
      ЭǱʹãѡˣTCP/IP
      ЭԶҪʱ벢ڲҪʱͷţͷŵĹ̿ʹļѣ

 13.   ping һ Linux ·ߣ MacTCP Watcher
      ѳʽ 'Ping' ťȻڵĶԻм Linux
      ĵַ(192.168.1.1)(ֻ·Ӳԣ㻹 ping
      磮)

 14.   System Folder нһ Hosts
      Աʹ·ƣѾδ
      System Folder
      еĻӦûһЩ(ע)ĿԸҪ޸ģûеĻԴһ
      MacTCP ϵͳȡأԼһ(ѭ Unix  /etc/hosts ʽ
      RFC 1035 ĵ 33 ҳ)һ㽨 TCP/IP control
      panel 'Select Hosts File...' ťȻ Hosts 

 15.  رնԻл File ѡѡ 'Close'  'Quit' Ȼᰴ 'Save'
      Դĸı䣮

 16.  ЩıЧ¿Ҳ޺

3.3.8  ʹ DNS  Novell ·

  1.  㻹ûΪ̫·תװʵʽھ

  2.   <URL:ftp.novell.com/pub/updates/unixconn/lwp5> ȡ tcpip16.exe

  3.

	   ༭ c:\nwclient\startnet.bat

      : (here is a copy of mine)










Linux IP Masquerade mini HOWTO 					     15



	   SET NWLANGUAGE=ENGLISH
	   LH LSL.COM
	   LH KTC2000.COM
	   LH IPXODI.COM
	   LH tcpip
	   LH VLM.EXE
	   F:



  4.

	   ༭ c:\nwclient\net.cfg

      : (ʽΪģ i.e. NE2000)

	   Link Driver KTC2000
		   Protocol IPX 0 ETHERNET_802.3
		   Frame ETHERNET_802.3
		   Frame Ethernet_II
		   FRAME Ethernet_802.2

	   NetWare DOS Requester
		      FIRST NETWORK DRIVE = F
		      USE DEFAULTS = OFF
		      VLM = CONN.VLM
		      VLM = IPXNCP.VLM
		      VLM = TRAN.VLM
		      VLM = SECURITY.VLM
		      VLM = NDS.VLM
		      VLM = BIND.VLM
		      VLM = NWP.VLM
		      VLM = FIO.VLM
		      VLM = GENERAL.VLM
		      VLM = REDIR.VLM
		      VLM = PRINT.VLM
		      VLM = NETX.VLM

	   Link Support
		   Buffers 8 1500
		   MemPool 4096

	   Protocol TCPIP
		   PATH SCRIPT	   C:\NET\SCRIPT
		   PATH PROFILE    C:\NET\PROFILE
		   PATH LWP_CFG    C:\NET\HSTACC
		   PATH TCP_CFG    C:\NET\TCP
		   ip_address	   xxx.xxx.xxx.xxx
		   ip_router	   xxx.xxx.xxx.xxx



  5.  Ὠ









Linux IP Masquerade mini HOWTO 					     16



	   c:\bin\resolv.cfg

      :

	   SEARCH DNS HOSTS SEQUENTIAL
	   NAMESERVER 207.103.0.2
	   NAMESERVER 207.103.11.9



  6.  ϣЩĳЩʹ Novell ·аУ Netware 3.1x  4.x
      ã

3.3.9   OS/2 Warp

  1.  㻹ûΪ̫·תװʵʽھ

  2.  㻹ûװ TCP/IP ͨѶЭĻھװ

  3.   Programms/TCP/IP (LAN) / TCP/IP 趨

  4.   'Network' λ TCP/IP λַ趨 netmask (255.255.255.0)

  5.   'Routing' λ 'Add'.  Type λ趨Ϊ 'default'  'Router
      Address' λм Linux  IP λַ (192.168.1.1).

  6.   'Hosts' λ趨 Linux ʹͬ DNS (ŷ)λַ

  7.  ر TCP/IP ̨ڽлش yes.

  8.  ϵͳ

  9.   ping  Linux Բ·ã 'OS/2 Ӵ' ϼ
      'ping 192.168.1.1'. յ ping һоû⣮

3.3.10	ϵͳ

ӦðͬСڣȤдҵϵͳãϸĽָʾ
ambrose@writeme.com.

3.4   IP ת(Forwarding)ķʽ

ĿǰΪֹӦѾװúԼҪ׼Ҳģ飮ͬʱ
IP λַբԼDNS Ҳȫ趨ɣ

ڣΨһʣҪʹ ipfwadm תʵķʵĻ:

     **
     ಻ͬķʽɣеĽӶ˵ãвͬ⣬ڲο
     4.4 ڼ ipfwadm ֲᣮ **

     ipfwadm -F -p deny
     ipfwadm -F -a m -S yyy.yyy.yyy.yyy/x -D 0.0.0.0/0









Linux IP Masquerade mini HOWTO 					     17



 x	·Ϊ֮һ yyy.yyy.yyy.yyy ·λַ

     netmask	     | x  | Subnet
     ~~~~~~~~~~~~~~~~|~~~~|~~~~~~~~~~~~~~~
     255.0.0.0	     | 8  | Class A
     255.255.0.0     | 16 | Class B
     255.255.255.0   | 24 | Class C
     255.255.255.255 | 32 | Point-to-point

磬һ class C ·ϣҵ:

     ipfwadm -F -p deny
     ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0

Ϊ bootp  ûкϷ IP's
ͻ˲֪λַαװ/ǽִ bootp ŷ˱ deny
֮ǰִָ:

     ipfwadm -I -a accept -S 0/0 68 -D 0/0 67 -W bootp_clients_net_if_name -P udp

ҲԷֱÿ̨趨磬 192.168.1.2  192.168.1.8
ܹȡ·ʹõĻҵ:

     ipfwadm -F -p deny
     ipfwadm -F -a m -S 192.168.1.2/32 -D 0.0.0.0/0
     ipfwadm -F -a m -S 192.168.1.8/32 -D 0.0.0.0/0

⣬·ȡֵ 192.168.1.0/255.255.255.0

Ĵĵһָ

     ipfwadm -F -p masquerade


ҪԤ跽ʽ(policy)Ϊαװ(masquerading) 
Բٿǵĵ·(routing) ˽ֱܹӴ(tun
nel)բԴαװǵ!

һΣ԰Щ /etc/rc.local κһȽϲ rc
ÿҪ IP Masquerade ʱִֶ֮

Ķ 4.4  й Ipfwadm ϸָ

3.5   IP Masquerade

ЩᣬԿʱˣȷ Linux
·ͨģ

һЩ'·!!!'
ϵҳǷܼҽһγʱʹ IP
λַҪƣΪ DNS  趨пܲȷ

磬ʹ http://152.2.254.81/mdw/linux.html ȡ Linux ļƻҳ
http://sunsite.unc.edu/mdw/linux.html








Linux IP Masquerade mini HOWTO 					     18



㿴Ưķ(ע: LDP ҳûз? :P)ṧϲ! !
ʹԿȻ telnet, ftp, RealAudio, True
SpeechԼκ IP Masquerade ֧ԮĶ

ĿǰΪֹһ趨Ϸ⣬ЩʱȫͬЩ趨


4.   IP Masquerade ⼰֧Ԯ

4.1  IP Masquerade 

ĳЩЭ޷ masquerading
ʹãΪǲǼйزŵһЩ飬λַŵ 
ЩЭҪ masquerading ʽｨضĴʽʹ

4.2  ϵͳķ(incoming services)

Masquerading ȫܴķ (incoming services)
ֻмٷǣȫ masquerading
޹أʵǱ׼ķǽʽ

㲢Ҫ߶ȵİȫԼ򵥵ص(redirect)Щ
мֲͬķ  ʹһֻ޸Ĺ redir
ʽ(ϣֻʽܴܿ sunsite   mirrors ȡ)
ϣܹϵͳķĳ̶ֳȵ(authorisation)
 redir Ķ(0.7 or above) ʹ TCP wrappers  Xinetd
ض IP λַͨʹĹߣTIS
ǽ߼Ѱҹ߼Ѷĺõط

ڿ IP Masquerade Resource12  ҵ

4.3  ֧ԮĿͻԼ趨ע

     ** бٱάˣɾ Linux IP masquerading
     Ӧóʽο13   IP Masquerade Resource14
     ȡýһϸڣ **

һ˵ʹôЭ(TCP) ʹ߶Э
(UDP)ӦóʽӦö κιӦóʽ IP Masquerade
ݵĽ飬ʾ⣬ݷ Lee Nevo ά  Linux IP masquerading
Ӧóʽ15  ҳ

4.3.1  ʹõĿͻ

һͻ

____________________

12.<URL:http://ipmasq.home.ml.org>

13.<URL:http://masqapps.home.ml.org>

14.<URL:http://ipmasq.home.ml.org/>

15.<URL:http://masqapps.home.ml.org>







Linux IP Masquerade mini HOWTO 					     19



      HTTP
	    ֧Ԯƽ̨ҳ

      POP & SMTP
	    ֧Ԯƽ̨ʼ

      Telnet
	    ֧Ԯƽ̨Զǩҵ

      FTP
	    ֧Ԯƽ̨ ip_masq_ftp.o
	    ģ(վ̨ϸֿͻ壻ĳЩʹ ws_ftp32
	    վ̨ȴʹ netscape )

      Archie
	    ֧Ԯƽ̨Ѱ( archie ͻ嶼֧Ԯ)

      NNTP (USENET)
	    ֧Ԯƽ̨·

      VRML
	    Windows (֧Ԯƽ̨)ʵ

      traceroute
	    Ҫ UNIX ϵеƽ̨ĳЩֿ޷

      ping
	    ƽ̨ ICMP ޲

      anything based on IRC
	    ֧Ԯƽ̨ ip_masq_irc.o ģ

      Gopher client
	    ֧Ԯƽ̨

      WAIS client
	    ֧Ԯƽ̨

ýͻ

      Real Audio Player
	    Windows, ·Ѷ ip_masq_raudio ģ

      True Speech Player 1.1b
	    Windows, ·Ѷ

      Internet Wave Player
	    Windows, ·Ѷ

      Worlds Chat 0.9a
	    Windows, ͻŷ彻̸(3D chat) ʽ

      Alpha Worlds
	    Windows, Windows, ͻŷ彻̸(3D chat) ʽ








Linux IP Masquerade mini HOWTO 					     20



      Powwow
	    Windows,
	    ԵװͨѶбˣǿ㽻̸ǲܺ㣮

      CU-SeeMe
	    ֧Ԯƽ̨ cuseeme	ģ飬ϸϸ  IP Mas
	    querade Resource16

      VDOLive
	    Windows,  vdolive  ޲

ע: ʹбˣʹ ipautofw ׼ĳЩͻ IPhone Լ
Powwow ܻǿ( 4.6  )

ͻ

      NCSA Telnet 2.3.08
	    DOS,  telnet, ftp, ping  ȵȵһ׼

      PC-anywhere for windows 2.0
	    MS-Windows,  TCP/IP Զң PC
	    ֻΪͻ˶˵²

      Socket Watch
	    ʹ ntp  ·ʱЭ

      Linux net-acct package
	    Linux, ·ʺŹ׼

4.3.2  ޷ʹõĿͻ



      Intel Internet Phone Beta 2
	    ϵֻܵ()

      Intel Streaming Media Viewer Beta 1
	    ޷ŷ

      Netscape CoolTalk
	    ޷ӶԷ

      talk,ntalk
	    ⽫  Ҫ׫дһݺĴʽ

      WebPhone
	    Ŀǰ޷(˲Ϸλַ)

      X
	    ûвԹ˽һ X
	    ʽ޷ masquerading

____________________

16.<URL:http://ipmasq.home.ml.org/>







Linux IP Masquerade mini HOWTO 					     21



	    ʽ֮һⲿʽһķʽʹ ssh
	    ΪᲢʹڲ X ִ!

4.3.3  ѲԹΪƽ̨/ҵϵͳ



    Linux

    Solaris

    Windows 95

    Windows NT (both workstation and server)

    Windows For Workgroup 3.11 (with TCP/IP package)

    Windows 3.1 (with Chameleon package)

    Novel 4.01 Server

    OS/2 (including Warp v3)

    Macintosh OS (with MacTCP or Open Transport)

    DOS (with NCSA Telnet package, DOS Trumpet works partially)

    Amiga (with AmiTCP or AS225-stack)

    VAX Stations 3520 and 3100 with UCX (TCP/IP stack for VMS)

    Alpha/AXP with Linux/Redhat

    SCO Openserver (v3.2.4.2 and 5)

    IBM RS/6000 running AIX

    (˭Թƽ̨?)

4.4  IP Firewall Administration (ipfwadm)

һṩ ipfwadm	ʹָ

һڹ̶ PPP λַ֮ PPP
ķǽ/αװϵͳʹõ趨(trusted) Ϊ 192.168.255.1, PPP
Ѿ޸ĹԱⷸ :) ҷֱгÿһ(incoming)Լͳ(outgo
ing)ץ·(stuffed routing) Լ/αװ(masquerad
ing)ȵЩ IP spoofing ɣͬʱκûȷĶǽֹ!














Linux IP Masquerade mini HOWTO 					     22



     #!/bin/sh
     #
     # /etc/rc.d/rc.firewall,  ǽã rc.local ִУ
     #

     PATH=/sbin:/bin:/usr/sbin:/usr/bin

     # ãȴһʱȻеķǽ
     # ϣǽʮ֮Զرվȡмеע⣮
     # (sleep 600; \
     # ipfwadm -I -f; \
     # ipfwadm -I -p accept; \
     # ipfwadm -O -f; \
     # ipfwadm -O -p accept; \
     # ipfwadm -F -f; \
     # ipfwadm -F -p accept; \
     # ) &

     # αװբ趨Լ趨ܾĲ(policy)ʵ
     # ԤĲûʲϵΪԭȾϣܾԼ¼й
     ipfwadm -I -f
     ipfwadm -I -p deny
     # αװբı(local) 棬·Ļκ
     # ط
     ipfwadm -I -a accept -V 192.168.255.1 -S 192.168.0.0/16 -D 0.0.0.0/0
     # αװբԶ(remote)棬·ĻIP spoofing
     # ܾ
     ipfwadm -I -a deny -V your.static.PPP.address -S 192.168.0.0/16 -D 0.0.0.0/0 -o
     # αװբԶ˽棬κԴ̶ (permanent) PPP
     # λַ
     ipfwadm -I -a accept -V your.static.PPP.address -S 0.0.0.0/0 -D your.static.PPP.address/32
     # (loopback)
     ipfwadm -I -a accept -V 127.0.0.1 -S 0.0.0.0/0 -D 0.0.0.0/0
     # ׽йκĽ뷽ʽᱻܾ¼ϧû
     # ¼õѡԴ
     ipfwadm -I -a deny -S 0.0.0.0/0 -D 0.0.0.0/0 -o

     # ͳαװբ趨Լ趨ܾĲ(policy)ʵ
     # ԤĲûʲϵΪԭȾϣܾԼ¼й
     ipfwadm -O -f
     ipfwadm -O -p deny
     # ؽ棬κԴͳ·
     ipfwadm -O -a accept -V 192.168.255.1 -S 0.0.0.0/0 -D 192.168.0.0/16
     # Զ˽ͳ·stuffed routing ܾ
     ipfwadm -O -a deny -V your.static.PPP.address -S 0.0.0.0/0 -D 192.168.0.0/16 -o
     # ·ĻԶ˽ͳstuffed masqueradingܾ
     ipfwadm -O -a deny -V your.static.PPP.address -S 192.168.0.0/16 -D 0.0.0.0/0 -o
     # ·ĻԶ˽ͳstuffed masqueradingܾ
     ipfwadm -O -a deny -V your.static.PPP.address -S 0.0.0.0/0 -D 192.168.0.0/16 -o
     # κԶ˽ͳĶ
     ipfwadm -O -a accept -V your.static.PPP.address -S your.static.PPP.address/32 -D 0.0.0.0/0
     # (loopback)
     ipfwadm -O -a accept -V 127.0.0.1 -S 0.0.0.0/0 -D 0.0.0.0/0
     # ׽йκͳʽᱻܾ¼ϧû








Linux IP Masquerade mini HOWTO 					     23



     # ¼õѡԴ
     ipfwadm -O -a deny -S 0.0.0.0/0 -D 0.0.0.0/0 -o

     # αװբת趨Լ趨ܾĲ(policy)ʵ
     # ԤĲûʲϵΪԭȾϣܾԼ¼й
     ipfwadm -F -f
     ipfwadm -F -p deny
     # αװ·Ļӱؽͳκεط
     ipfwadm -F -a masquerade -W ppp0 -S 192.168.0.0/16 -D 0.0.0.0/0
     # ׽йκתͷʽᱻܾ¼ϧû
     # ¼õѡԴ
     ipfwadm -F -a deny -S 0.0.0.0/0 -D 0.0.0.0/0 -o

ʹ -I, -O  -F
ƵĳضڵǵЩɨĶ -a
"(append)"ĿǰеĹκƱȫ(global)֮ǰ֣(ûԹ)
:-

ʹ -I
򣮿ٶĵֹֻ·ĻǽȻԴȡ"ֹ"Ľڵ㣮Ȼϣ

     ... start of -I rules ...
     # ܾ¼ؽ棬·Ļͨ 204.50.10.13
     ipfwadm -I -a reject -V 192.168.255.1 -S 192.168.0.0/16 -D 204.50.10.13/32 -o
     # ؽ棬·Ļͨκεط
     ipfwadm -I -a accept -V 192.168.255.1 -S 192.168.0.0/16 -D 0.0.0.0/0
     ... end of -I rules ...

ʹ -O ΪȾαװֹǽȡֹĽڵ㣮

     ... start of -O rules ...
     # ܾ¼ͳ 204.50.10.13 
     ipfwadm -O -a reject -V your.static.PPP.address -S your.static.PPP.address/32 -D 204.50.10.13/32 -o
     # κԶ˽ͳĶ
     ipfwadm -O -a accept -V your.static.PPP.address -S your.static.PPP.address/32 -D 0.0.0.0/0
     ... end of -O rules ...

ʹ -F 򣮿ܱ -I
ȻֹֻαװĻ(ڲĻ)ǽȻȡýֹĽڵ㣮

     ... start of -F rules ...
     # ܾ¼ PPP  ͳ· 204.50.10.13 ϣ
     ipfwadm -F -a reject -W ppp0 -S 192.168.0.0/16 -D 204.50.10.13/32 -o
     # αװؽ·ͳκεطϣ
     ipfwadm -F -a masquerade -W ppp0 -S 192.168.0.0/16 -D 0.0.0.0/0
     ... end of -F rules ...

ҪиضĹ 192.168.0.0/16 ͨ 204.50.11.0,
⺭ȫУ

һϵķԶԽ趨ʹ -W eth0 ȡ -V
192.168.255.1ʹ -W ppp0  ȡ -V
your.static.PPP.address˵ѡҪ









Linux IP Masquerade mini HOWTO 					     24



4.5  IP Masquerade Լʽ(Demand-Dial-Up)

  1.  ·趨Զ·  diald demand
      ׼ǺܰĹߣ

  2.  Ҫ趨 diald, 鿴 Setting Up Diald for Linux Page17  ҳ

  3.  һ diald Լ IP masq  趨ɣκοͻ˻ web, tel
      net   ftp ߣ

  4.  Diald ⵽ϵͳȻᲦӵ ISP ߣ

  5.  һ߽ᷢʱ(timeout)
      Σʹʽݻ޿ɱģ ݻԼ PPP
      ѵʱ佫ʹĿͻ岻ͣ ʹ ISDN
      ǿԱģֻǽͻеĳɣ

4.6  IPautofw תͳʽ

IPautofw18  һ Linux masquerading ʹõһ TCP  UDP
תͳʽһʹҪ UDP  ׼ʱҪض ip_masq
ģ飻ip_masq_raudio, ip_masq_cuseeme,... Ipautofw
Ըһ㻯ķʽתͰЩӦóʽضģ鶼ת͵κ̬ûȷعɰȫϵ©


5.  

5.1  

     ** 벻Ҫ͵ʼ IP Masquerade
     ⣮춸˹ĸ޷֤ظз website ص⣮
     뽫͵ IP Masquerade mailing list19
     (ѵԴ)ܱǸҲȼڲյţ
     **

    IP Masquerade Resource page20  Ӧ㹻Ѷ趨 IP Masquerade

     IP masquerade  ʵб()

     ҪĵĻķΪ "subscribe" ()ʼ masq-
     request@indyramp.com

     ҪȡĵĻķΪ "unsubscribe" ()ʼ masq-
     request@indyramp.com


____________________

17.<URL:http://home.pacific.net.sg/~harish/diald.config.html>

18.<URL:ftp://ftp.netis.com/pub/members/rlynch/ipautofw.tar.gz>

19.<URL:http://ipmasq.home.ml.org/index.html#mailinglist>

20.<URL:http://ipmasq.home.ml.org/>







Linux IP Masquerade mini HOWTO 					     25



     ҪʹʵбЭ˵ĻķΪ "archive help" 
     "archive dir" ()ʼ masq-request@indyramp.com

    IP masquerade ʵб21  йȥ͵ʵбѶϢ

    ļ Linux IP Masquerade mini HOWTO22  for kernel 2.x (ʹ 1.3.x
     or 2.x ĺ)

    IP Masquerade HOWTO for kernel 1.2.x23  ʹñȽϾɵĺ

    IP masquerade FAQ24  ЩһԵѶ

    X/OS Ipfwadm page25   ipfwadm
     ׼ԭʼʽ룬ִеļԼѶ

     Lee Nevo άҳ  Linux IP masquerading Ӧóʽ26
     ṩʾ뼼ʹӦóʽ IP Masquerade 

    LDP Network Administrator's Guide27  ֳ趨·ıҪѶ

    Linux NET-2 HOWTO28  Ҳ Linux  ·õѶ

    Linux ISP Hookup HOWTO29  Լ Linux PPP HOWTO30  ΰ Linux
     ·Ѷ

    Linux Ethernet-Howto31  й趨ִ̫··ܰѶԴ

    Ҳܶ Linux Firewalling and Proxy Server HOWTO32  Ȥ


____________________

21.<URL:http://www.indyramp.com/masq/list/>

22.<URL:http://ipmasq.home.ml.org/ipmasq-HOWTO.html>

23.<URL:http://ipmasq.home.ml.org/ipmasq-HOWTO-1.2.x.txt>

24.<URL:http://www.indyramp.com/masq/ip_masquerade.txt>

25.<URL:http://www.xos.nl/linux/ipfwadm/>

26.<URL:http://masqapps.home.ml.org>

27.<URL:http://linuxwww.db.erau.edu/NAG/>

28.<URL:http://www.caldera.com/LDP/HOWTO/NET-2-HOWTO.html>

29.<URL:http://www.caldera.com/LDP/HOWTO/ISP-Hookup-HOWTO.html>

30.<URL:http://www.caldera.com/LDP/HOWTO/PPP-HOWTO.html>

31.<URL:http://www.caldera.com/LDP/HOWTO/Ethernet-HOWTO.html>

32.<URL:http://www.caldera.com/LDP/HOWTO/Firewall-HOWTO.html>







Linux IP Masquerade mini HOWTO 					     26



    Linux Kernel HOWTO33  ָĵĹ

     Linux HOWTOs34  	Kernel HOWTO

     USENET Ⱥ: comp.os.linux.networking

5.2  л

     Gabriel Beitler, gbeitler@aciscorp.com

      on providing section 3.3.8 (setting up Novel)

    Ed Doolittle, dolittle@math.toronto.edu

     on suggestion to -V option in ipfwadm command for improved security

    Matthew Driver, mdriver@cfmeu.asn.au

     on helping extensively on this HOWTO, and providing section 3.3.1 (setting
     up Windows 95)

    Ken Eves, ken@eves.com

     on the FAQ that provides invaluable information for this HOWTO

    Ed. Lott, edlott@neosoft.com

     for a long list of tested system and software

    Nigel Metheringham, Nigel.Metheringham@theplanet.net

     on contributing his version of IP Packet Filtering and IP Masquerading
     HOWTO, which make this HOWTO a better and technical in-depth document

     section 4.1, 4.2, and others

    Keith Owens, kaos@ocs.com.au

     on providing an excellent guide on ipfwadm section 4.2

     on correction to ipfwadm -deny option which avoids a security hole, and
     clarified the status of ping over IP Masquerade

    Rob Pelkey, rpelkey@abacus.bates.edu

     on providing section 3.3.6 and 3.3.7 (setting up MacTCP and Open Trans
     port)



____________________

33.<URL:../Kernel-HOWTO.html>

34.<URL:http://www.caldera.com/LDP/HOWTO/HOWTO-INDEX-3.html>







Linux IP Masquerade mini HOWTO 					     27



    Harish Pillay, h.pillay@ieee.org

     on providing section 4.5 (dial-on-demand using diald)

    Mark Purcell, purcell@rmcs.cranfield.ac.uk

     on providing section 4.6 (IPautofw)

    Ueli Rutishauser, rutish@ibm.net

     on providing section 3.3.9 (setting up OS/2 Warp)

    John B. (Brent) Williams, forerunner@mercury.net

     on providing section 3.3.7 (setting up Open Transport)

    Enrique Pessoa Xavier, enrique@labma.ufrj.br

     on the bootp setup suggestion

    developers of IP Masquerade for this great feature


	      Delian Delchev, delian@wfpa.acad.bg

	      Nigel Metheringham, Nigel.Metheringham@theplanet.net

	      Keith Owens, kaos@ocs.com.au

	      Jeanette Pauline Middelink, middelin@polyware.iaf.nl

	      David A. Ranch, trinity@value.net

	      Miquel van Smoorenburg, miquels@q.cistron.nl

	      Jos Vos, jos@xos.nl

	      (֪)



    ͻ鵽ʵбϵʹߣرЩļϵĴԼ֧Ԯδ֧ԮĿͻ˵ģ

    ûаĳЩʹ͸ҵѶҸеǸ˶Ľ뷨͵ֻû㹻ʱȥȷҲСĶˣ
     Ŭ͸ҵѶļлͣҲϣ½ҵ

5.3  ο

    Ken Eves  IP masquerade ʴ

    Indyramp Consulting ֮ IP masquerade ʵб

    X/OS  Ipfwadm  ҳ









Linux IP Masquerade mini HOWTO 					     28



    · Linux HOWTOs





























































Linux IP Masquerade mini HOWTO 					     29





































































				   CONTENTS



1.  ..................................................................... 1
   1.1   ................................................................ 1
   1.2 ǰԣ & οѶ ................................................ 1
   1.3 Ȩ &  .......................................................... 2

2. ֪ʶ ................................................................. 2
   2.1 ʲ IP Masquerade? ................................................ 2
   2.2 ֿ ................................................................. 3
   2.3 ˭Դ IP Masquerade л? ....................................... 3
   2.4 ˭Ҫ IP Masquerade? .............................................. 3
   2.5 IP Masquerade ? .......................................... 3
   2.6  Linux 2.x  ʹ IP Masquerade   ........................... 5

3. IP Masquerade 趨 ..................................................... 6
   3.1 ļ IP Masquerade ֧Ԯ .................................... 6
   3.2 ָ˽· IP λַ ............................................... 9
   3.3   ....................................................... 10
   3.4  IP ת(Forwarding)ķʽ ...................................... 16
   3.5  IP Masquerade .................................................. 17

4.  IP Masquerade ⼰֧Ԯ ..................................... 18
   4.1 IP Masquerade  ................................................ 18
   4.2 ϵͳķ(incoming services) ................................... 18
   4.3 ֧ԮĿͻԼ趨ע ........................ 18
   4.4 IP Firewall Administration (ipfwadm)  ............................... 21
   4.5 IP Masquerade Լʽ(Demand-Dial-Up) ........................ 24
   4.6 IPautofw תͳʽ ............................................... 24

5.  .................................................................... 24
   5.1  ................................................................ 24
   5.2 л ................................................................ 26
   5.3 ο  ........................................................... 27




















				       i


