[ TechnoCage | Caskey | linux ]

IP Masquerading under RedHat 5.1

If you use RedHat 6.x

I see many people asking how to configure IP Masquerading under redhat and so I figured I'd just write the instructions down here.

Steps

1. Install RedHat 5.1+

2. Configure your ethernet

3. Configure your dialup

4. Edit /etc/sysconfig/network

5. Ping yourself

6. Run ipfwadm

7. Ping yourself again

8. Edit /etc/rc.d/init.d/network

Install RedHat 5.1+

While these directions will probably work for RedHat 4.2, I'm not going to test it. If it does work, send me a message. As for how to install redhat, that's more than I'm going to get into here.

Configure your ethernet

Once you have your ethernet card driver working...

Your internal network should use one of the two 'protected' ip spaces set aside by IANA for private networks. I use 10.0.0.0 as it is a class A network and gives me plenty of room to grow. Set up your linux box as 10.0.0.1 and your windows box as 10.0.0.2. (Netmasks for both are 255.0.0.0)

Configure your windows box to use the linux box's IP address as it's gateway. You will have to reboot widows at this point.

From your linux box, run ping 10.0.0.2. You should see a response every second or so from your windows machine. Use CTRL-C to break out of ping.

From your windows box, run PING.EXE 10.0.0.1. Again, you should see a response. Windows ping quits automatically after four pings.

You now have an installed linux box and a windows machine running on the 10.0.0.0/8 network and able to properly communicate. Good job!

Configure your dialup

Using the many available information sources, configure your linux box to properly dial into your ISP via PPP.

Edit /etc/sysconfig/network

Redhat reads in the file /etc/sysconfig/network when booting to determine whether or not to set up packet forwarding in the kernel. In the file the following must appear: FORWARD_IPV4=true.

Now, reboot your linux box.

Ping yourself

Repeat the ping tests from the ethernet setup section.

At this point, you want to call up your ISP. Check that your PPP link is up and everything seems normal. Repeat the ping tests on your local network. Really, go do it, then come back.

If your linux box can ping the world and your windows machine, and your windows machine can ping your linux box then things are going great. run /sbin/ifconfig on your linux box to determine your ppp adaptor's IP address. Once you have your IP address, go to the windows machine and try to ping it. It should fail.

Run ipfwadm

The magic comes in when we run ipfwadm. First, however, run cat /proc/sys/net/ipv4/ip_forwarding. You should get a 1 If you get 0 then something is broken. Go back to the section on /etc/sysconfig/network. If it does work. Then run the following two commands.

• /sbin/ipfwadm -F -p deny
• /sbin/ipfwadm -F -a m -S 10.0.0.0/8 -D 0/0

Ping yourself again

Now, go back to your windows box and try to ping your external IP address. If that works then you are 9/10ths of the way there.

Edit /etc/rc.d/init.d/network

Finally, edit /etc/rc.d/init.d/network and put the two ipfwadm lines from above right before the line that reads:

touch /var/lock/subsys/network

This will ensure that the masquerading is configured every time you boot.

Congratulations

You're done.

Reboot everything to see that it comes up correctly.