FC4 IP Masquerading

[Tim]

On Wed, 2005-10-26 at 00:28 +1000, Tony Crouch wrote:

> I have spent the last few days trying to set up an IP masquerading
> situation on my home LAN (which only consists of my FC4 notebook and my
> windows XP desktop). I have gone through all the sites and read all
> about IP tables, but alas I still can't get it setup.
> 
> The IPs' of my two machines are:
> Notebook (aka: masquerading box) : 192.168.0.1
> Desktop : 192.168.0.2
> 
> My firewall has been turned off within: "Desktop --> System Settings -->
> Security Level".

Turn it back on.  Make your ethernet a trusted device to allow things
that are blocked to the untrusted device (ppp0).  The services you allow
through the firewall refer to the untrusted device.  You don't have to
tick them off to allow them to the trusted device (eth0).

Alternatively, you can use a script to set your rules.  I do this, it
allows me to make changes that'll be enacted every boot, that I can't do
using the "security level" tool.  My script ends like this:

## Set up masquerading to allow internal machines access to outside network:
iptables --table nat --append POSTROUTING --out-interface ppp+ --jump MASQUERADE

I can't see a way to do that from the "security level" tool used to
configure iptable rules (ticking the "masquerade" options in it don't
seem to do anything).

> I connect to the Internet via a ppp (dial-up) connection and as a result
> my external or ISP granted IP varies every time.
> 
> Can anyone offer some support / help / advice for this?

Look at /etc/sysctl.conf and set part of it like the following (it's
initially set to zero, meaning disabled):

# Controls IP packet forwarding
net.ipv4.ip_forward = 1

-- 
Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.