Taken by David Kramer
BOSTON LINUX AND UNIX; IP MASQUERADING AND FIREWALLS 06/17/98 ---------------------------------------------------- PHONY RANGES 10.1.X.X 192.168.X.X MEDIA ONE- DOWN=1.5MB/S UP=300K REDHAT>=5, KERNEL HAS EVERYTHING. YOU NEED IPFWD GATEWAY FIREWALL PACKET LOGGING IP MASQ IPAUTOFW- FORWARD TO MACHINES INSIDE FIREWALL ICMP MASQ- GOOD, BUT HARD TO WORK TRANSPARENT PROXY SUPPORT EXPERIMENTAL, NOT MANDATORY ALWAYS DEFRAGMENT PACKETS FIXES MTU MISMATCH AND REASSEMBLES PACKETS ELSE ITS POSSIBLE FOR SUBPACKETS TO GET THRU IP ACCOUNTING- NICE DROP SOURCE-ROUTED FRAMES VERY IMPORTANT LOOK UP. MAKE SURE YOU TURN IT ON ELSE FORGED PACKETS FROM OUTSIDE APPEAR INSIDE CREATE A SCRIPT LIKE RC.FIREWALL, HAVE INIT.D START IT UP YOU CAN RUN THIS BEFORE NETWORK UP, JUST DONT DNS IPFWADM -I -F =FLUSH CURRENT INPUT RULES IPFWADM -O -F =FLUSH CURRENT OUTPUT RULES IPFWADM -I -F =DENY EVERYTHING THROW OUT CLASS B THROW OUT INTERNAL ADDRESES FROM EXTERNAL INTERFACE ALLOW INTERNAL OUT TO ANYWHERE ALLOW EXTERNAL THROUGH PROXY TO INTERNAL ALLOW EXTERNAL TO PORTS/IP'S ON FIREWALL ALLOW TRAFFIC ON 127.0.0.1 BLOCK NETBIOS IN TO OUT, OUT TO IN NETBIOS:MS INTERNET BROWSER SET UP MASQUERADING CEEUCEEME? LOG DENIED STUFF AS AN EXPERIMENT. WILL LIFF UP YOUR HARD DRIVE REJECT TELLS THE SENDER NO CAN DO DENY JUST EATS THE PACKETS ** BBCC WHATEVER WRONG. EQL -LOAD BALANCING ACROSS <=4 NET CONNECTIONS PPTP (NT REMOTE ACCES) VERY BREAKABLE KINTERARTEN CRYPTOGRAPHY CRYP:"IF US LETS YOU EXPORT IT, YOU DON'T WANT TO USE IT" FUN THINGS TO TRY DYNAMICALLY-LOADBLE-ONLY MODULES IPMASQ_* ---------------------------------------------------- ---------------------------------------------------- ---------------------------------------------------- JC@EDDIE.MIT.EDU JOHN CHAMBERS ---------------------------------------------------- REFERENCES ---------------------------------------------------- WWW.PCQUEST.COM MAY 98 ISSUE STEP BY STEP SUNSITE LDP CABLEMODEM MINI-HOWTO WWW.ROOTSHELL.COM HTTP://WWW.POBOX.COM/~EMK <----- SPEAKER SUNSITE FIREWALL HOWTO "SHARE THE NET" IPFWD ON A FLOPPY LINUX ROUTER PROJECT S.U.S.E. GERMAN VERSION OF LINUX CALDERA IS RAY NOORDA EX-CEO OF NOVELL THEY SELL LINUX-BASED NOVELL SERVER REPLACEMENT WWW.FRESHMEAT.NET: LINUX APPS LINUX STANDARD BASE: COMMON SYSTEM CALLS/WIDGETS BETWEEN VARIOUS LINUX DISTRIBUTIONS AND VERS. APPLIXWARE STAR OFFICE LAOLA (MSWORD->HTML PERL SCRIPT)"*************** LINUXCONF******* CONFIGURES ALL LINUX CONF FILES VGOOD DOSEMU VERY GOOD VNC VIRTUAL NETWORK COMPUTER REMOTE CONTROL MACHINES OLLIVETTI CROSS-PLATFORM ***I ONLY NEED ONE LINUX BOX NEXT MONTH 1-390 PLAN9 AND INFERNO RUFUS.W3.ORG ALL RPM'S TONY CALLABRESE3 DAYS SOAP AT END, NO BUBBLES PATTY