News and Notice
Mar. 31, 1999. -- AA
- IP Masquerade HOWTO v1.65 is out! Changes include
typo fixes, clarifications of required 2.2.x kernel options, added dynamic PPP IP address
support to the strong firewall section, additional quake II module ports, noted that the
LooseUDP patch is built into later 2.2.x kernels and added more game info in the
compatibility section.
- LooseUDP patch (portfw) is available for
2.0.36 kernel. Instructions are included in the tgz file.
Mar. 23, 1999. -- AA
- Wow! Look at what David had done to the IP
Masquerade HOWTO... A major update with tons of new topics, expanded FAQ
section, and improved firewall rulesets. The current version is v1.62, and it is a
pre-release of v2.0. So, take a look at it, let us know if there is any error, send
us suggestions, and let us know what you think about this new and improved HOWTO.
- If you have any new idea on the IP Masquerade HOWTO and this website, please let us know
by sending email to David A. Ranch and Ambrose Au. We may not be able to use or acknowledge
all your suggestions, but all suggestions will be greatly appreciated. Thank you!
- John Hardin's new Linux VPN
Masquerade page, replacing the old PPTP page. Please also see his Linux
VPN Masquerade HOWTO.
- More updates to come! David will be joining me at this website shortly!
Feb. 7, 1999. -- AA
- Finally, with the release of the Linux 2.2.x series of kernels, the IP Masquerade mini HOWTO is updated. Instruction for setting
up IP Masquerade on Linux 2.2.x is included. Hopefully with David Ranch's help, the HOWTO
can be updated more frequently, and will have more coverage on a variety of ipmasq related
topics.
- I have been pretty bad on replying emails of late, sorry. If you have a problem or
question regarding IP Masquerade or Linux networking in general, please join the ipmasq
mailing list (see below) or related linux newsgroups. David and I very much appreciate
everyone who has sent in suggestions or comments, sorry if we cannot reply to you
personally.
Dec. 19, 1998. -- AA
- After experiementing with the ddns.org URL redirection service
(http://www.ipmasq.ddns.org/) for a week, I find that the service level is less than
satisfying. So I decided to go with another service and the new ipmasq page address is http://ipmasq.cjb.net/. Sorry for the confusion this may
have created, hopefully this will be a stable service (performance is great) so I can
spend my X'mas working on the howto updates.
Other Notice
- If you are having problem with the primary IP Masquerade
Resource page, please try the backup site at http://ipmasq2.cjb.net
- To download any files on this page, please right click on the link
and select the SAVE AS option. For some of the gz files, you may have to
append the .gz extension to it after downloading.
- Please feel free sending comments to Ambrose Au
and David Ranch about the HOWTO and this Resource
page.
Due to personal work load, we cannot promise a reply for all
non-website related questions. Please post your questions to the IP Masquerade mailing
list instead, users and developers on the list may be more capable fo helping with your
problem. Sorry about this, but we don't want to get you a reply after weeks.
|
IP Masquerade for 2.2.x and 2.0.x Kernels
- IP Masquerade mini HOWTO v1.65 (v2.0
Beta), a step-by-step instruction for setting up IP Masquerade on your Linux
box. Version 1.65, last updated on March 29, 1999.
Note: HOWTO translations maintainers please do not update until v2.0 is completed.
- IP Masquerade mini HOWTO, a
step-by-step instruction for setting up IP Masquerade on your Linux box.
Version 1.50, last updated on February 7, 1999.
(It is intended for users using kernels 2.2.x and 2.0.x.
Kernels 1.2.x are not covered. However, you can get some basic concept of IP masquerade
from it.)
To extract TGZ compressed archive on Linux, run tar xvzf targetfile.tgz
- IP Masquerade mini HOWTO in Chinese,
a translation of the HOWTO by Asd L. Chen,
Version 1.20, last updated on November 10, 1997.
- IP Masquerade mini HOWTO in Korean,
a translation of the HOWTO by chahkang@pusan.ac.kr,
doseok@ix.netcom.com, redhands@linux.sarang.net, and smhwang@turing.korea.ac.kr, Version 1.20,
last updated on November 10, 1997.
- IP Masquerade mini HOWTO in Polish,
a translation of the HOWTO by Bartosz
Maruszewski, Version 1.20, last updated on November 10, 1997.
- IP Masquerade mini HOWTO in Spanish,
a translation of the HOWTO by XosÉ Vázquez, Version
1.20, last updated on November 10, 1997.
- IP Masquerade mini HOWTO in French,
a translation of the HOWTO by Etienne Bernard, Version
0.80, last updated on August 17, 1996.
- IP Masquerade mini HOWTO in Japanese,
a translation of the HOWTO by Mizuhara Bun,
Version 0.48, last updated on July 8, 1996.
- I have been contacted by a fellow user on translations to German,
but I am having problem contacting him. Please contact me by email if you are still
interested, I will send you the SGML version of the original HOWTO.
|
Notable Information
This section provides information for IP Masquerade that are probably useful or important
but not yet updated into the HOWTO.
- If you are having problem running IP Masquerade with recent kernels,
please read on:
Since kernel 2.0.30, ip_forward is diabled by default. If you have not compiled the kernel
with this option, you will have to explicitly specify echo "1" > /proc/sys/net/ipv4/ip_forward
to make IP Masquerade to work.
For the 2.2.x kernels, the IP Forwarding is disabled by default. To make IP Masquerade
functional, you have to enable IP forwarding by specifying
echo "1" > /proc/sys/net/ipv4/ip_forward
For Redhat Linux, try setting "FORWARD_IPV4=false" to
"FORWARD_IPV4=true" in
/etc/sysconfig/network
- Some information on TCPDeath caused by ipautofw.
- There is a way to get X working over ip masquerade. A compresser and proxy for the X
protocal called dxpc.
If you setup the dxpc server on the gateway/ipmasq host, then get the dxcp file on the
other system, and run the client from there.
It is also possable to get x to run from anywhere after that by seting the x display to
the server that is running the client.
Thanks to Wembly for supplying this information.
- Regarding using IP Masquerade with DirecPC satellite link and Helius software, Paul
Budnik suggested that the firewall rule ipfwadm -F -p deny prevents the Helius software
from working, so keep that in mind when you are setting up IP Masquerade or IP Firewall on
linux.
- Bug Alert : There is a bug in the 2.0.x masquerade code that
causes improper handling of fragments if the MTU and MRU sizes are set to different
numbers, even if the ALWAYS DEFRAGMENT kernel option is set. You can either apply this MTU patch or set the MTU and MRU on your Internet
connection to be equal. Thanks for John Hardin for the info.
|
Patches for 2.0.x Kernel
To download any files on this page, please For some of the gz files, you may
have to append the .gz extension to it after downloading.
With the newly released Linux kernel 2.0.34,
all the individual (ICMP, timeout, etc.) and bumper patches are obsolete. Upgrading to the
latest stable kernel is highly recommended.
- There is a bug in the 2.0.x masquerade code that causes improper handling of fragments
if the MTU and MRU sizes are set to different numbers, even if the ALWAYS DEFRAGMENT
kernel option is set. You can either apply this MTU
patch or set the MTU and MRU on your Internet connection to be equal. Thanks for John
Hardin for the info.
- Precompiled version of the ipfwadm (12598 bytes). Simply gunzip
and copy this file to /sbin and chmod 755 it. Or if you want to compile it yourself, here
is the Ipfwadm timeout patch.
- PPTP patch to support masquerading for Microsoft
Point-to-point Tunneling Protocol clients. Please see the instruction for details.
Bumper patch section, you only need this if you have kernel 2.0.29
or earlier versions.
- All patches in this section are not being included in any kernel source prior to the
2.0.30 kernel.
- Please read the instruction before applying any patch.
- Nigel's bumper masquerading kernel patches
BETA 2 for kernel 2.0.29 (not necessary for kernel 2.0.30 or later) (18195 bytes),
which includes all patches below. If you have ip_masq_bumper-2.0.28.patch or
ip_masq_bumper-2.0.29.patch, you might want to upgrade to this
ip_masq_bumper6-2.0.29.patch. Please read the instuction before
installation.
- Precompiled version of the ipfwadm (12598 bytes) for use with
the bumper patch. Simply copy this file to /sbin and chmod 755 it.
|
IP Masquerade Mailing List
- IP Masquerade Mailing List
Archive is a vital part of IP Masquerade's success. It's the best resource if
you have any questions or problems about IP Masquerade. Provided by Indyramp Consulting.
Join the Linux IP Masquerading mailing list by sending an email to masq-subscribe@indyramp.com.
Subject and body of the message are IGNORED. This gives you every message on the list
as it comes out. You are welcome to use this form if you need it, but if you can stand the
digest, please choose it instead. The digest puts less of a load on the list servers. Note
that you can only post from an account/address you are subscribed from.
For more commands, email masq-help@tori.indyramp.com.
Join the Linux IP Masquerading DEVELOPERS list and ask the great developers there, by
sending an email to masq-dev-subscribe@tori.indyramp.com
(or for a digest format, use masq-dev-digest-subscribe@tori.indyramp.com).
DON'T ask non IP Masquerade development related questions there!!!!
If you have any problem regarding the mailing list or the mailing list archive, please
contact Robert Novak.
Please check the mailing archive for the solution before posting to the mailing
list.
|
IP Masquerade and Applications
|
IP Masquerade for 1.2.x Kernel
- If you are still using IP Masquerade on kernel 1.2.x, you need the ipfw package, see the
IP Masquerade HOWTO for kernel 1.2.x for details. Ipfwadm will NOT work.
- IP Masquerade HOWTO for kernel 1.2.x contains
information on setting up IP Masquerade with the patches on a Linux 1.2.x system.
- If you're using Linux kernel 1.2.x, please get the MasqPlus
0.5 patch
- Another
source of the MasqPlus 0.5 patch at indyramp.com
|
Other IP Masquerade Info and Links
- Indyramp's IP Masquerading site,
the official IP Masquerade site maintained by Robert Novak.
- IP Masquerade FAQ contains many useful information on IP
Masquerade, but base on kernel 1.2.x.
- Ipfwadm Page contains information about
the package that does the forwarding task, provided by X/OS.
Ipfwadm 2.3 had been released for use on 2.0.x kernels.
- The Indyramp Masquerade ftp site has some
packages and patches for 1.2.x
Note: 57.6kbps EQL connection
- IP Auto Forwarder (20172 bytes), TCP Port Redirector (8802 bytes), and UDP Port Redirector (1399 bytes) are some of the utilities which
may help you to get more out of IP Masquerade. However, use with care since these may
create security holes if not used properly.
- Ipfwadm dotfile module page
provides information on a GUI shell configurator for ipfwadm. "It makes setting up IP
Masquerade and basic firewalling on a small network easier for Linux users." Thanks
to John Hardin.
- A remote management utiltiy for Linux IP Firewall with other features. Check out Masqd Software for Linux Page for
details.
- A page documenting the steps necessary to get CU-SeeMe and IP Masquerade fully functional,
including getting inbound calls, thanks to Michael Owings.
- Some information on setting up IP masquerade on Linux kernel
2.1.x by Toby Reed. This will be included in the howto once it is updated.
- John Hardin's Linux
VPN Masquerade page, replacing the old PPTP page. Please also see his Linux
VPN Masquerade HOWTO.
- A software that provides an alternative
way of dialing up to an ISP than diald does, with other features that diald doesn't
have.
- A single
diskette version of Linux that has enough guts to work as a gateway (using IP
Masquerading), and name server for an entire network. There is a freeware version and a
commercial version.
- An IP Masquerade related page in French.
- A site with the Spanish
version of IP Masquerade howto in html, ps and ascii format.
- Identd designed for IP Masquerade
(version 0.1.1) is updated (even though the version number remains the same), it contains
bug fixes and improved documentation.
- A port forwarding
related page.
- The TCP/IP 32b package for Windows 3.11 that was mentioned in section 3.3 of the howto
can be obtained at ftp://ftp.microsoft.com/bussys/clients/wfw/TCP32B.EXE
- TrinityOS
Documentation. This is a step-by-step setup doc for Linux to setup :- IP MASQ -
advanced IPFWADM rulesets - BIND v8 - PPP - Diald - Dual ethernet nics (for cablemodem
users) - SAMBA support - Sound Support
- A script that implements the
masq rules after your linux box received a dynamic IP from the ISP, provided by Robert
Geer.
- This is not IP Masquerade related, but you may find Virtual
Network Computing by ORL interesting and useful. It is a remote display system which
allows you to view a computing 'desktop' environment not only on the machine where it is
running, but from anywhere on the Internet and from a wide variety of machine
architectures, including any Java capable browsers, WinCE, Win32 systems, DOS, UNIX
systems (X and SVGA lib), etc. A host can be a Linux box (or other flavors of UNIX),
Windows 9x or Windows NT. I find it very impressive and it is GPLed.
- Linux NAT page.
|
IP Masquerade Resource Mirror sites
|