Fedora IP Masquerading
Alexander Dalloz
alexander.dalloz at uni-bielefeld.de
Mon Jan 5 01:10:11 UTC 2004
Am So, den 04.01.2004 schrieb Rich Stanford um 19:25:
> My firewall script does it for me with a simple line:
>
> echo 1 > /proc/sys/net/ipv4/ip_forward
>
> Now, granted this works with a firewall script that I wrote and use myself to
> protect my system: a single Linux box (currently RH9) serves as a router
> and firewall for 5 internal machines (2 WinXP, 3 Linux).
>
> Rich
[ shnipped original posting due to bad top-posting :( ]
Rich,
you are wrong. Setting the kernel register ip_forward to 1 does nothing
what is called masquerading. It only lets pass IP traffic from one
device to another through the kernel. It has no masquerading
functionality at all.
Btw. that setting should be better set in /etc/sysctl.conf, if it is not
already there.
If you want masquerading then you need an iptables rule like:
iptables -A POSTROUTING -o ppp0 -j MASQUERADE
where ppp0 in this example is the outgoing interface.
Alexander
--
Alexander Dalloz | Enger, Germany
PGP key valid: made 13.07.1999
PGP fingerprint: 2307 88FD 2D41 038E 7416 14CD E197 6E88 ED69 5653
More information about the fedora-list
mailing list