Linuxip disguise (IPMasquerade)

Linuxip disguise (IPMasquerade)-Linux Enterprise Application-Linux server application information. The following is a detailed description. It is a network function provided by linux. The biggest advantage is that some machines without formal IP addresses are connected to the Internet through a valid IP address, such: use a linux machine to dial up the internet and bring the entire LAN to the internet.

For example, if there is a linux machine 192.168.100.10 on the LAN 192.168.100.0, after dialing the Internet, you can use the following command to implement IP Masquerade:

# Cause all hosts on the 192.168.100/24 network to be masqueraded.

Ipfwadm-F-p deny
Ipfwadm-F-a m-S 192.168.100.0/24-D 0.0.0.0/0

Add support for other protocols, such:

Modprobe ip_masq_ftp
Modprobe ip_masq_raudio
Modprobe ip_masq_irc

In this way, IP address Masquerade can be implemented.

However, pay attention to the following points:

1. Check whether the kernel supports IP Masquerade. slackware3.5 and redhat5.1 are supported by default.

CONFIG_EXPERIMENTAL
CONFIG_NET
CONFIG_FIREWALL
CONFIG_INET
CONFIG_IP_FORWARD
CONFIG_IP_FIREWALL
CONFIG_IP_MASQUERADE
CONFIG_IP_ALWAYS_DEFRAG

For more information, see kernel-HOWTO.

2. Set FORWARD_IPV4 of/etc/sysconfig/network in redhat to yes.

3. Before configuration, the linux machine should be able to ping the LAN and INTERNET.

If not, check the route settings.

Route add-net 192.168.100.0 netmask 255.255.255.0 eth0
Route add default ppp0

4. In ipfwadm, 24 is the corresponding number of netmask, as follows:

Netmask | x | Subnet
~~~~~~~~~~~~ | ~ ~ | ~~~~~~~~~~~~~~~
255.0.0.0 | 8 | Class
255.255.0.0 | 16 | Class B
255.255.255.0 | 24 | Class C
255.255.255.255 | 32 | Single Machine

5. The TCP/IP gateway of other machines in the LAN should be set to the IP address of the linux machine, and the DNS Server can be set to the IP address of any available DNS server, such as 202.96.0.133.