Linux NetMag #1
Titel: Masquerading - LAN connected to the internet (for kernel 2.0.x)

Masquerading You have more than one PC in the LAN but just one modem?
Wouldn't it be fine to reach the internet from the other computers, too?
Then you need masquerading!

Modem sharing
Often you read in newsgroups that someone has connected two or more PCs but just one modem. Of course you want to reach the internet from the computers without a modem, too, using the local area net (LAN).
Often you get the advise to install a proxy which is reachable for the other PCs. Not bad, but not perfect!

A lot of small applications do not offer the support of a proxy and cannot be used. Masquerading will support these applications.
If you want to use masquerading the modem has to be installed at a Linux PC, the operating system of the other computers do not care but they have to support the TCP/IP protocol. After installing masquerading and the computer has a modem connection to the internet the other PCs use the masquerading PC as a gateway into the internet and it seems that they have a direct connection.

Every computer hides itself behind the official Paddies of the masquerading PC and does not need an own official address of course.
Using the masquerading PC you are able to play e.g. C&C on WINDOWS using the internet. Some programs have sometimes problems with masquerading but these problems will be fixed in a newer version of masquerading.

Additional you get more safety into your LAN, because no computer, except the one with the modem, has an official IP-address. They will not be reachable from the internet. On the other hand your webservers on the other PCs will not be reachable from outside.

The installation is not very complicated if you do not fear to make your own kernel:
>> cd /usr/src/linux
>> make xconfig
Now you have to activate under Networking options the following properties: Then compile the kernel with:
>> make dep clean modules modules_install zImage
and install it with Yast (SUSE distribution) and reboot.
You activate masquerading with
>> ipfwadm -F -d deny
>> ipfwad -F -a m -S X.X.X.0/
where X.X.X.0 is your own local IP-address. The 0 functions like a joker, that means every PC with the IP X.X.X.* gets into the internet, but not the IP X.X.A.*.
(If you do not want to compile the kernel nevertheless you should try the commands. Maybe masquerading has already been installed.)
At last enter at the other computers the masquerading PC IP-address as gateway. And now the complete LAN reaches the internet.
Source: (closed)
Mailing list: