dcsimg
Linux Today: Linux News On Internet Time.




More on LinuxToday


LinuxFocus: Setting up IP-Masquerading

May 07, 2000, 04:17 (0 Talkback[s])
(Other stories by Guido Socher)

WEBINAR:
On-Demand

Desktop-as-a-Service Designed for Any Cloud ? Nutanix Frame


"To use IP-Masquerading as explained in this article you need at least one Linux box with a 2.2.x Kernel. This machine is used to set up the connection to the Internet. Using Linux as your connection-sharing box doesn't mean that you have run Linux in your internal network. In fact, Linux works well with Windows, Macs, and other flavours of Unix. This connection-sharing box is what we are concerned about in this article. It connects on one side to the Internet and on the other side to your private network. The machine has therefore at least 2 interfaces and also at least 2 IP addresses. One of the IP addresses is a public IP address which can be routed in the Internet. This IP address is usually assigned to you by your Internet Service Provider the very moment you setup your modem connection (or what ever you use). The other IP addresses is a private address which you can assign from one of these ranges:

  • 10.0.0.0 - 10.255.255.255
  • 172.16.0.0 - 172.31.255.255
  • 192.168.0.0 - 192.168.255.255
This article does not explain how to set up your network. I assume that your private network is already in place and configured."

"Basically IP-Masquerading translates internal IP addresses into external IP addresses. This is called network address translation and Linux does this by using something called port-numbers. From the outside world, all connections will seem to be originating from your Linux box. ... Sometimes, IP packets are special in nature and IP-Masquerading may not work for all applications, but it works in most cases. There are modules for ICQ, ftp, and quake that need to be inserted in the Kernel in order for those special applications to run correctly from the internal network. In general though, anything that uses only the HTTP (web browsers), telnet, ssh, or smtp (email) will work fine."

Complete Story

Related Stories: