Academic Tutorials

English | French | Portugese | German | Italian
Home Advertise Payments Recommended Websites Interview Questions FAQs
News Source Codes E-Books Downloads Jobs Web Hosting

IP Masquerading Intorduction
IP Masquerading Setting Up
IP Masquerading Setting Up - Part 2
IP Masquerading Easy Links
IP Masquerading Linux Networking
IP Masquerading Network Address
IP Masquerading IPCHAINS 101
IP Masquerading IP_MASQ 101
IP Masquerading Setting Up The Router
IP Masquerading Caveats

HTML Tutorials
HTML Tutorial
XHTML Tutorial
CSS Tutorial
TCP/IP Tutorial
CSS 1.0
CSS 2.0
XML Tutorials
XML Tutorial
XSL Tutorial
XSLT Tutorial
DTD Tutorial
Schema Tutorial
XForms Tutorial
XSL-FO Tutorial
XML DOM Tutorial
XLink Tutorial
XQuery Tutorial
XPath Tutorial
XPointer Tutorial
RDF Tutorial
SOAP Tutorial
WSDL Tutorial
RSS Tutorial
WAP Tutorial
Web Services Tutorial
Browser Scripting
JavaScript Tutorial
VBScript Tutorial
DHTML Tutorial
HTML DOM Tutorial
WMLScript Tutorial
E4X Tutorial
Server Scripting
ASP Tutorial
PERL Tutorial
SQL Tutorial
ADO Tutorial
Apple Script
PL/SQL Tutorial
SQL Server
.NET (dotnet)
.Net Mobile
C# : C Sharp
SVG Tutorial
Flash Tutorial
Media Tutorial
SMIL Tutorial
Photoshop Tutorial
Gimp Tutorial
Gnuplot Programming
GIF Animation Tutorial
Scientific Visualization Tutorial
Web Building
Web Browsers
Web Hosting
W3C Tutorial
Web Building
Web Quality
Web Semantic
Web Careers
Weblogic Tutorial
Web Site Hosting
Domain Name
Java Tutorials
Java Tutorial
JSP Tutorial
Servlets Tutorial
Struts Tutorial
EJB Tutorial
JMS Tutorial
JMX Tutorial
Programming Langauges
C Tutorial
C++ Tutorial
Visual Basic Tutorial
Data Structures Using C
Assembly Language
Forth Programming
Lisp Programming
Data Warehousing
CGI Programming
Emacs Tutorial
Soft Skills
Communication Skills
Time Management
Project Management
Team Work
Leadership Skills
Corporate Communication
Negotiation Skills
Database Tutorials
Operating System
Software Testing
SAP Module
Business Warehousing
SAP Basis
Material Management
Sales & Distribution
Human Resource
Customer Relationship Management
Production and Planning
Networking Programming
Corba Tutorial
Networking Tutorial
Microsoft Office
Microsoft Word
Microsoft Outlook
Microsoft PowerPoint
Microsoft Publisher
Microsoft Excel
Microsoft Front Page
Microsoft InfoPath
Microsoft Access
Financial Accounting
Managerial Accounting
Network Sites

Ipchains: Easy Links To The Net

Previoushome Next

Ipchains: Easy Links to the Net



Multiple Machines, A Single Connection

Now that the Internet has become a ubiquitous presence in our society, it seems only reasonable that every machine should have Internet access. And with a couple of Ethernet cards, some well-chosen software, and a little bit of brainpower, many people can manage to share a single Internet connection among more than one PC, whether that connection be a PPP dial-up connection, a DSL line, or a cable modem.

In this case, the well-chosen software is ipchains. As described by its author, Paul Russell, ipchains "is an update to [and hopefully an improvement upon] the 2.0 Linux packet-filtering code, for the 2.2 Linux kernel." In a nutshell, it's a pretty neat way to make a firewall out of a 2.2 kernel Linux box, as well as providing access for multiple PCs using a single Internet connection. In this article, we will be talking about how to setup IP masquerading, allowing transparent proxying to the Internet.

In order to get started with ipchains, you're going need a Linux box (in this case, we'll be using a freshly installed Slackware 4.0 distribution), preferably two NIC cards (one can be a PPP dialup interface), a copy ofipchains, and probably a copy of the source code for your kernel. Chances are most distributions of Linux should come preinstalled with ipchains;. A copy of the Linux kernel source may already be installed in /usr/src/linux. . At the time of this writing, the latest version of ipchains is 1.3.9 and the latest 2.2 kernel is 2.2.13. If you're trying to set up ipchains on Linux 2.0, you're going to need quite a bit more kernel configuration prior to setting up ipchains, a process that is outside the scope of this article. For the purpose of this article, we're going to assume you're doing everything as root, since most things here require it anyway.


Kernel Changes

Before you can actually set up ipchains, you may have to recompile your kernel to support IP masquerading. But fear not! Some distributions nowadays may already have IP masquerading enabled in their kernels. In our distribution of Slackware 4.0, the IP masquerading settings were already enabled in the 2.2.6 kernel built and included with the distribution. If you want to check to see if you already have IP masquerading enabled, simply check for the existence of the /proc/sys/net/ipv4/ip_forward file:

# cd /proc/sys/net/ipv4
# ls -la ip_forward
-rw-r--r-- 1 root root 0 Oct 24 23:36 ip_forward

The ip_forward file size being 0 is normal. If this file exists, your kernel is already set to do IP masquerading. If you don't see this, you're going to have to recompile your kernel. Recompiling your kernel isn't a terribly easy task, and we won't cover every step here (check your system documentation for more information). In brief, you will want to enable the following options:

Prompt for development and/or incomplete code/drivers (CONFIG_EXPERIMENTAL)
Enable loadable module support (CONFIG_MODULES)
Networking support (CONFIG_NET)
Packet socket (CONFIG_PACKET)
Kernel/User netlink socket (CONFIG_NETLINK)
Network firewalls (CONFIG_FIREWALL)
TCP/IP networking (CONFIG_INET)
IP: verbose route monitoring (CONFIG_IP_ROUTE_VERBOSE)
IP: firewalling (CONFIG_IP_FIREWALL)

IP: firewall packet netlink device (CONFIG_IP_FIREWALL_NETLINK)
IP: always defragment (required for masquerading) (CONFIG_IP_ALWAYS_DEFRAG)
IP: optimize as router not host (CONFIG_IP_ROUTER)
IP: TCP syncookie support (not enabled per default) (CONFIG_SYN_COOKIES)
Network device support (CONFIG_NETDEVICES)
/proc filesystem support (CONFIG_PROC_FS)

Remember, as general rule when compiling a new kernel, keep a back-up copy of your old kernel and maybe even a Linux bootdisk.


Starting Ipchains

In order to have IP masquerading configured and started every system boot, create a start-up script or an rc.d script. Every time a system starts up, a set of scripts residing in /etc/rc.d/ are run. In these scripts are essential system services like the telnet daemon, ftp daemon, mount daemon and more. For our setup, eth0 will be connected to the internal network and eth1 will be connected to the Internet. If using a dial-up connection, such as ppp0, make sure to enable the line for dynaddr below.

Here is a sample /etc/rc.d/rc.firewall file, where we'll keep all our IP masquerading startup commands.

/sbin/depmod -a # allows loading of modules into the kernel

# The following are custom modules, which allows use of
# tricky protocols through the firewall. It's general rule
# to use only those really needed.

/sbin/modprobe ip_masq_ftp # to FTP out
/sbin/modprobe ip_masq_raudio # enable RealAudio
/sbin/modprobe ip_masq_irc # enable IRC DCC
/sbin/modprobe ip_masq_quake ports=26000,27000,27910,27960 # Quake I/II/III
/sbin/modprobe ip_masq_cuseeme # CuSeeMe
/sbin/modprobe ip_masq_vdolive # VDO-live

echo "1" > /proc/sys/net/ipv4/ip_forward # Enables IP Forwarding! Important!
echo "1" > /proc/sys/net/ipv4/ip_dynaddr # Do this if on a dialup (ppp0)

/sbin/ipchains -M -S 7200 10 160 # Set timeouts on masquerading sessions.
# Here, 2 hours idle for TCP sessions
# 10 seconds after a TCP FIN is received
# 2 minutes for UDP packets

/sbin/ipchains -P forward DENY # By default, deny packet forwarding
/sbin/ipchains -A forward -s -j MASQ # Enable IP masquerading
# is the subnet of our
# internal network. This must be changed
# to reflect the proper subnet of your
# internal network, otherwise masq'ing
# will fail. Try Daryl's Subnet Calc.

/sbin/ipchains -N infilt # create a new "chain" named infilt
/sbin/ipchains -A input -i eth1 -j infilt # use infilt to check data from eth1
/sbin/ipchains -A infilt -s -l -j DENY
# deny anything from eth1 (the Internet
# interface) that says it's coming
# from the internal network. This will
# help prevent spoofing.

Before adding this to our startup scripts, we will want to test it. To do this, simply execute /etc/rc.d/rc.firewall. If we see no output, it's pretty safe to say that the commands worked. To configure the client side, simply set the default gateway to that of your Linux machine.

There are several tools available to monitor your IP masquerader. One of them is netstat. This tool will give a quick rundown of who is masquerading to where. Output may be similar to something like this:

$ netstat -M
IP masquerading entries
prot expire source destination ports
tcp 46:01.49 ntbox 2806 -> 3306 (63673)
tcp 118:00.35 macintoy 1038 -> 5190 (62427)
tcp 4:36.31 macintoy 55076 -> www (61675)
tcp 119:48.56 ntbox 4337 -> ssh (63658)

Another tool is ipchains -L -v. This will give some overall statistics on the IP masquerading connection, including some basic bandwidth usage reports.

So what's so cool about this? You can maintain a single Internet connection for multiple users on multiple operating systems, using Linux as the gateway to the Internet. Plus, because ipchains and Linux itself are low cost or free, creating and maintaining this setup is much easier, and in many cases more secure, than a more expensive Windows solution.

Be the first one to comment on this page.

  IP-Masquerading eBooks

No eBooks on IP-Masquerading could be found as of now.

 IP-Masquerading FAQs
More Links » »
 IP-Masquerading Interview Questions
More Links » »
 IP-Masquerading Articles

No IP-Masquerading Articles could be found as of now.

 IP-Masquerading News

No News on IP-Masquerading could be found as of now.

 IP-Masquerading Jobs

No IP-Masquerading Articles could be found as of now.

Share And Enjoy:These icons link to social bookmarking sites where readers can share and discover new web pages.
  • blinkbits
  • BlinkList
  • blogmarks
  • co.mments
  • connotea
  • digg
  • Fark
  • feedmelinks
  • Furl
  • LinkaGoGo
  • Ma.gnolia
  • NewsVine
  • Netvouz
  • RawSugar
  • Reddit
  • scuttle
  • Shadows
  • Simpy
  • Smarking
  • Spurl
  • TailRank
  • Wists
  • YahooMyWeb

Previoushome Next

Keywords: Ipchains: Easy Links to the Net, IP-Masquerading, IP-Masquerading, IP-Masquerading tutorial, IP-Masquerading tutorial pdf, history of IP-Masquerading, Custamizing Style Sheet, learn IP-Masquerading

HTML Quizzes
CSS Quiz
CSS 1.0 Quiz
CSS 2.0 Quiz
XML Quizzes
XML Quiz
XSL Quiz
DTD Quiz
Schema Quiz
XForms Quiz
XLink Quiz
XQuery Quiz
XPath Quiz
XPointer Quiz
RDF Quiz
RSS Quiz
WAP Quiz
Web Services Quiz
Browser Scripting Quizzes
JavaScript Quiz
VBScript Quiz
WMLScript Quiz
E4X Quiz
Server Scripting Quizzes
ASP Quiz
SQL Quiz
ADO Quiz
CVS Quiz
Python Quiz
Apple Script Quiz
SQL Server Quiz
PHP Quiz
.NET (dotnet) Quizzes
Microsoft.Net Quiz
ASP.Net Quiz
.Net Mobile Quiz
C# : C Sharp Quiz
VC++ Quiz
Multimedia Quizzes
SVG Quiz
Flash Quiz
Media Quiz
Photoshop Quiz
Gimp Quiz
Matlab Quiz
Gnuplot Programming Quiz
GIF Animation Quiz
Scientific Visualization Quiz
Graphics Quiz
Web Building Quizzes
Web Browsers Quiz
Web Hosting Quiz
W3C Quiz
Web Building Quiz
Web Quality Quiz
Web Semantic Quiz
Web Careers Quiz
Weblogic Quiz
SEO Quiz
Web Site Hosting Quiz
Domain Name Quiz
Java Quizzes
Java Quiz
JSP Quiz
Servlets Quiz
Struts Quiz
EJB Quiz
JMS Quiz
JMX Quiz
Eclipse Quiz
J2ME Quiz
Programming Langauges Quizzes
C Quiz
C++ Quiz
Visual Basic Quiz
Data Structures Using C Quiz
Cobol Quiz
Assembly Language Quiz
Mainframe Quiz
Forth Programming Quiz
Lisp Programming Quiz
Pascal Quiz
Delphi Quiz
Fortran Quiz
OOPs Quiz
Data Warehousing Quiz
CGI Programming Quiz
Emacs Quiz
Gnome Quiz
ILU Quiz
Soft Skills Quizzes
Communication Skills Quiz
Time Management Quiz
Project Management Quiz
Team Work Quiz
Leadership Skills Quiz
Corporate Communication Quiz
Negotiation Skills Quiz
Database Quizzes
Oracle Quiz
MySQL Quiz
Operating System Quizzes
BSD Quiz
Symbian Quiz
Unix Quiz
Internet Quiz
IP-Masquerading Quiz
IPC Quiz
Software Testing Quizzes
Testing Quiz
Firewalls Quiz
SAP Module Quizzes
ERP Quiz
Business Warehousing Quiz
SAP Basis Quiz
Material Management Quiz
Sales & Distribution Quiz
Human Resource Quiz
Netweaver Quiz
Customer Relationship Management Quiz
Production and Planning Quiz
Networking Programming Quizzes
Corba Quiz
Networking Quiz
Microsoft Office Quizzes
Microsoft Word Quiz
Microsoft Outlook Quiz
Microsoft PowerPoint Quiz
Microsoft Publisher Quiz
Microsoft Excel Quiz
Microsoft Front Page Quiz
Microsoft InfoPath Quiz
Microsoft Access Quiz
Accounting Quizzes
Financial Accounting Quiz
Managerial Accounting Quiz
Testimonials | Contact Us | Link to Us | Site Map
Copyright ? 2008. Academic All rights reserved Privacy Policies | About Us
Our Portals : Academic Tutorials | Best eBooksworld | Beyond Stats | City Details | Interview Questions | Discussions World | Excellent Mobiles | Free Bangalore | Give Me The Code | Gog Logo | Indian Free Ads | Jobs Assist | New Interview Questions | One Stop FAQs | One Stop GATE | One Stop GRE | One Stop IAS | One Stop MBA | One Stop SAP | One Stop Testing | Webhosting in India | Dedicated Server in India | Sirf Dosti | Source Codes World | Tasty Food | Tech Archive | Testing Interview Questions | Tests World | The Galz | Top Masala | Vyom | Vyom eBooks | Vyom International | Vyom Links | Vyoms | Vyom World | Important Websites
Copyright ? 2003-2024 Vyom Technosoft Pvt. Ltd., All Rights Reserved.