Setting up Linux to be a Masquerading Firewall

PLEASE UNDERSTAND WHAT YOU ARE DOING BEFORE YOU START THIS. SAVE YOUR EXISTING CONFIGURATION FILES BEFORE CHANGING THEM. Please read my disclaimer about such things.

In the event that I've incorrectly stated something here, please let me know. My E-mail address is below.

You have Linux running with your Cable or DSL ISP and need to have some connectivity for other machines at your place, but refuse to pay the $10/month for an extra IP address. This is where Linux pays for itself!

This document assumes (sic) that you know what's going on with networks and Linux. Additional documentation can be found in the Linux Kernel Source tree in the Documentation/Configure.help file.

Although the word firewall is used in this document, it does not mean that the machines behind the firewall are completely safe from Internet attacks. All this document is providing is the setup of Linux to forward packets from machines behind it to the Internet at large without sucking up another registered IP address. Documents on Linux security can be found at www.linux.org, Secure Linux Page and many other fine places on the 'net.

There are a few caveats to go into first.

All this can be done by hand (once the interfaces are configured) without rebooting the system.

Once things are in place you should be able to do things like:

NOTE: You need to use passive ftp unless your masquerading firewall is running a 2.1.x vintage (or later) kernel with the ip_masq_ftp.o module compiled in.



Disclaimer

Valid HTML 4.0!

-Paul
kronenpj@netzero.net
Last modified: Sun Nov 4 8:41:06 EST 2000