Using IP Masquerading to Share an Internet Connection

Using IP Masquerading to Share an Internet Connection

Linux supports a feature called IP masquerading, which enables you to connect an Ethernet LAN with a private IP address to the Internet. This occurs through a Linux PC (with an officially assigned IP address) that has a connection to the Internet. The Linux PC may be connected to the Internet by dial-up PPP or some other high-speed connection, such as DSL or cable modem.

To enable and use IP masquerading, perform the following steps:

  1. Make sure the Red Hat Linux PC has an Internet connection and a network connection to your LAN. Typically, the Linux PC has two network interfaces-an Ethernet card for the LAN and a dial-up PPP connection to the Internet (through an ISP).

  2. Make sure that all other systems on your LAN use the Linux PC as the default gateway for TCP/IP networking. Use the same ISP-provided DNS addresses on all systems.

  3. Enable IP forwarding in the kernel by typing the following command:

    echo "1" > /proc/sys/net/ipv4/ip_forward

    This is necessary because IP forwarding is disabled by default. To ensure that IP forwarding is enabled when you reboot your system, place this command in the /etc/rc.d/rc.local file.

  4. Run /sbin/iptables-the IP packet filter administration program-to set up the rules that enable the Linux PC to masquerade for your LAN. For example, to enable masquerading for a LAN via the Linux PC's ppp0 network interface, you can use the following command:

    /sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

    You can also add packet filtering to ensure that no new connections can come in through the ppp0 interface. The following two commands turn on this packet filtering:

    /sbin/iptables -A INPUT -i ppp0 -m state --state NEW,INVALID -j DROP
    /sbin/iptables -A FORWARD -i ppp0 -m state --state NEW,INVALID -j DROP

    If you want the IP masquerading set up at system startup, you should place these commands in the /etc/rc.d/rc.local file.

You may find IP masquerading a convenient way to provide Internet access to a small LAN (for example, a LAN at home or in the office). With IP masquerading on the Linux PC, everyone in your family or small business can access the Internet from any of the other PCs on the LAN.