[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] offline viewing (ip-masq script)

To: Sheflug <sheflug [at] vuw.ac.nz>
Subject: Re: [Sheflug] offline viewing (ip-masq script)
From: Barrie Bremner <nospam [at] ecosse.net>
Date: Wed, 20 Sep 2000 01:32:04 +0100
List-help: <http://www.sheflug.co.uk>
List-owner: <mailto:sheflug-admins [at] vuw.ac.nz>
List-post: <mailto:sheflug [at] vuw.ac.nz>
List-subscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=subscribe>
List-unsubscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=unsubscribe>
Reply-to: "Sheflug" <sheflug [at] vuw.ac.nz>
Sender: nospam [at] rata.vuw.ac.nz
Sender: sheflug-bounce [at] vuw.ac.nz

ross wrote:

> 
> secondly..... the ip-masquarading how-to says that
> 
> "You can also try setting echo "1" > /proc/sys/net/ipv4/ip_dynaddr
>  kernel option to help with this initial setup."
> 
> i'm not entirely sure what to do with this? which file am i supposed to modify
> with this line?
> 
> anyone had any experiance with this?
> 

 I've messed about with IP Masq'ing for a year or so now, and it's
pretty smooooove.

 I'll probably get bits wrong below, but it's in the right area :)

 Just as a bit of background, /proc/sys/net/ipv4 is a virtual filesystem
to dynamically control kernel behaviour relating to IP (v4 - there is a
v6 section too, but I know nothing about it).
 You can control timeouts, control responses to pings/broadcasts and the
like, turn on SYN cookie testing and a whole bunch of basic IP security
stuff.
 Try listing /proc/sys/net/ipv4 - the 'file' names are fairly
descriptive.

 As well as setting up ipchains to do the IP masq'ing (see the how-to
and/or post here) you need to tell the kernel itself to do certain
things by echoing a 1 to turn on the function. Sometimes passing a 2
will give verbose logging, but not with all functions.

 OK, after all that the answer:

 Put the line in question in one of your /etc/rc.d/ scripts.

 On my system, I have a separate /etc/rc.d/rc.firewall script which sets
up ip masq'ing, tells the system that it has a dynamic address (with
your echo "1" > /proc/sys/net/ipv4/ip_dynaddr), and turns on fragmenting
of packets.
 After that (ideally it would be before the ip masq'ing) it sets up a
firewall.

 Wherever you turn on your ip masq'ing, stick in the dynaddr line
straight after it.

 Baz.
--
Barrie J. Bremner

Email:     TheEnglishman [at] ecosse.net
           (PGP public key available at pgp.mit.edu)

URL:       http://www.geocities.com/thefatenglishman

Telephone: UK 01672 811246
Mobile:    UK 07968 792975

 Help Micro$oft wipe out piracy - get Linux.
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.

Follow-Ups:
- Re: [Sheflug] offline viewing (ip-masq script)
  - From: ross <ross.h [at] ntlworld.com>

References:
- RE: [Sheflug] offline viewing
  - From: "darkstar" <darkstar.freenix [at] btinternet.com>
- RE: [Sheflug] offline viewing (ip-masq script)
  - From: ross <ross.h [at] ntlworld.com>

Prev by Date: RE: [Sheflug] offline viewing (ip-masq script)
Next by Date: Re: [Sheflug] [OT, slightly] Parallel port network interfaces?
Prev by thread: RE: [Sheflug] offline viewing (ip-masq script)
Next by thread: Re: [Sheflug] offline viewing (ip-masq script)
Index(es):
- Date
- Thread