1. Home
  2. Linux systems
  3. Red Hat Linux 9 Professional Secrets

Using IP Masquerading to Share an Internet Connection

Using IP Masquerading to Share an Internet Connection

Linux supports a feature called IP masquerading, which enables you to connect an Ethernet LAN with a private IP address to the Internet. This occurs through a Linux PC (with an officially assigned IP address) that has a connection to the Internet. The Linux PC may be connected to the Internet by dial-up PPP or some other high-speed connection, such as DSL or cable modem.

Start Sidebar
Secret

With IP masquerading enabled, your Red Hat Linux PC acts as a stand-in for any of the other systems on the Ethernet LAN. As with the router setup, the Red Hat Linux PC is designated as the gateway for the Ethernet LAN. However, masquerading involves more than simply forwarding IP packets back and forth between the LAN and the Internet.

When the Red Hat Linux PC masquerades as another system on the LAN, it modifies outgoing packets so that they always appear to originate from the Red Hat Linux PC. When a response to one of the outgoing packets is received, the Red Hat Linux PC performs the reverse task-it modifies the packets so that they appear to come from the Internet, directly to the system that sends the outgoing packet. The result is that each system on the Ethernet LAN appears to have full access to the Internet, even though the Ethernet LAN uses a nonunique, private IP address.

End Sidebar

To enable and use IP masquerading, perform the following steps:

  1. Make sure the Red Hat Linux PC has an Internet connection and a network connection to your LAN. Typically, the Linux PC has two network interfaces-an Ethernet card for the LAN and a dial-up PPP connection to the Internet (through an ISP).

  2. Make sure that all other systems on your LAN use the Linux PC as the default gateway for TCP/IP networking. Use the same ISP-provided DNS addresses on all systems.

  3. Enable IP forwarding in the kernel by typing the following command:

    echo "1" > /proc/sys/net/ipv4/ip_forward

    This is necessary because IP forwarding is disabled by default. To ensure that IP forwarding is enabled when you reboot your system, place this command in the /etc/rc.d/rc.local file.

  4. Run /sbin/iptables-the IP packet filter administration program-to set up the rules that enable the Linux PC to masquerade for your LAN. For example, to enable masquerading for a LAN via the Linux PC's ppp0 network interface, you can use the following command:

    /sbin/iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE

    You can also add packet filtering to ensure that no new connections can come in through the ppp0 interface. The following two commands turn on this packet filtering:

    /sbin/iptables -A INPUT -i ppp0 -m state --state NEW,INVALID -j DROP
/sbin/iptables -A FORWARD -i ppp0 -m state --state NEW,INVALID -j DROP

    If you want the IP masquerading set up at system startup, you should place these commands in the /etc/rc.d/rc.local file.

You may find IP masquerading a convenient way to provide Internet access to a small LAN (for example, a LAN at home or in the office). With IP masquerading on the Linux PC, everyone in your family or small business can access the Internet from any of the other PCs on the LAN.




BackCover
Red Hat Linux 9 Professional Secrets
Introduction
Part I: Setting Up Red Hat Linux
Part II: Exploring Red Hat Linux
Part III: Internetworking with Red Hat Linux
Chapter 13: Internet Connection Setup
Deciding How to Connect to the Internet
Setting Up IEEE 802.11b Wireless Ethernet Networks
Learning the Basics of Dial-Up Networking
Using IP Masquerading to Share an Internet Connection
Setting Up a PPP Server
Summary
Chapter 14: Web Server
Chapter 15: Mail Server
Chapter 16: News Server
Chapter 17: FTP Server
Chapter 18: DNS and NIS
Chapter 19: Samba and NFS
Part IV: Managing Red Hat Linux
Part V: Programming Red Hat Linux
Part VI: Appendixes
List of Figures
List of Tables
List of Code Examples
List of Sidebars