Hi I have two machine, one Windows NT box and a Linux box (which is connected to the www via a modem) and these two machine are connected directly via ethernet. I am trying to set up my Linux box so I can get access to the www from the Windows NT box via the Linux box. So far I have enabled IP Forwarding in the rc.config file. I am really unsure what to do now to get this to work - I have read countless linux documents about setting up masquerading but the examples don't seem to comply with Suse. Do I have to enable the firewall to get this working ? are there others things I have to set ? Any help would be great. Thanks Dan
Hi Dan, it depends on which Kernel-version you use. If you use 2.4 you need iptables. Exactly this point was discussed during the last days (I'm sure on this 'cause it was me who asked about Masquerading *g*). If you use 2.2 or earlier you need ipchains. Which syntax should be used has been written in my first post about this. If you don't have it anymore, tell me. I can write it again. Back to the roots of your question: IP-forwarding alone is not enough. You need Masquerading because the (ethernet-)IP of your Windozebox is a private IP and not able to be routed over the internet. So the linux-box has to change the sender-IP of the packets to his official IP (granted from your provider, most likely to be a dynamic one) in order to enable answer-packets to find the way back to you. Then your router (the linux-box acts exactly like a router) send the answers back to your windozebox. This is what masquerading means. Again, tell your kernelversion and we can tell you the syntax. Stephan -----Ursprüngliche Nachricht----- Von: Dan Banyard [mailto:dan@www.edentify.com.au] Gesendet: Mittwoch, 9. Januar 2002 04:20 An: suse-security@suse.com Betreff: [suse-security] IP Forwarding - HELP Hi I have two machine, one Windows NT box and a Linux box (which is connected to the www via a modem) and these two machine are connected directly via ethernet. I am trying to set up my Linux box so I can get access to the www from the Windows NT box via the Linux box. So far I have enabled IP Forwarding in the rc.config file. I am really unsure what to do now to get this to work - I have read countless linux documents about setting up masquerading but the examples don't seem to comply with Suse. Do I have to enable the firewall to get this working ? are there others things I have to set ? Any help would be great. Thanks Dan -- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Hi Dan,
it depends on which Kernel-version you use. If you use 2.4 you need iptables. Exactly this point was discussed during the last days (I'm sure on this 'cause it was me who asked about Masquerading *g*). If you use 2.2 or earlier you need ipchains. Which syntax should be used has been written in my first post about this. If you don't have it anymore, tell me. I can write it again. Back to the roots of your question: IP-forwarding alone is not enough. You need Masquerading because the (ethernet-)IP of your Windozebox is a
IP and not able to be routed over the internet. So the linux-box has to change the sender-IP of the packets to his official IP (granted from your provider, most likely to be a dynamic one) in order to enable answer-packets to find the way back to you. Then your router (the linux-box acts exactly like a router) send the answers back to your windozebox. This is what masquerading means. Again, tell your kernelversion and we can tell you the syntax.
Stephan
-----Ursprüngliche Nachricht----- Von: Dan Banyard [mailto:dan@www.edentify.com.au] Gesendet: Mittwoch, 9. Januar 2002 04:20 An: suse-security@suse.com Betreff: [suse-security] IP Forwarding - HELP
Hi
I have two machine, one Windows NT box and a Linux box (which is connected to the www via a modem) and these two machine are connected directly via ethernet.
I am trying to set up my Linux box so I can get access to the www from the Windows NT box via the Linux box. So far I have enabled IP Forwarding in the rc.config file. I am really unsure what to do now to get this to work - I have read countless linux documents about setting up masquerading but
2.4 IPTables supports IPTables, IPChains and IPfwadm rulesets (hint:
ipchains.o, ipfwadm.o).
Kurt Seifried, kurt@seifried.org
A15B BEE5 B391 B9AD B0EF
AEB0 AD63 0B4E AD56 E574
http://www.seifried.org/security/
----- Original Message -----
From: "OKDesign oHG Security Administrator"
examples don't seem to comply with Suse. Do I have to enable the firewall to get this working ? are there others things I have to set ?
Any help would be great.
Thanks
Dan
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
-- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com
Ok, Kurt, of course you are right. IPChains can also be used with kernel 2.4. But since I know about IPTables (this is 3 days *sigh*) I prefer this as it seems to provide more functionality than ipchains does. I dind't express myself clearly, so you you are right to correct me. Stephan -----Ursprüngliche Nachricht----- Von: Kurt Seifried [mailto:listuser@seifried.org] Gesendet: Mittwoch, 9. Januar 2002 07:40 An: OKDesign oHG Security Administrator; Dan Banyard Cc: suse-security@suse.com Betreff: Re: [suse-security] IP Forwarding - HELP 2.4 IPTables supports IPTables, IPChains and IPfwadm rulesets (hint: ipchains.o, ipfwadm.o). Kurt Seifried, kurt@seifried.org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://www.seifried.org/security/
participants (3)
-
Dan Banyard
-
Kurt Seifried
-
OKDesign oHG Security Administrator