Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month at the Massachusetts Institute of Technology, in Building E51.

Member Contributed Articles


1998a: IP Masquerading

(by David Kramer; June 17, 1998)

[Back to Index]



Meeting Notes - IP Masquerading, Wed 17 Jun 1998

Meeting Notes - IP Masquerading, Wed 17 Jun 1998

Taken by David Kramer


BOSTON LINUX AND UNIX; IP MASQUERADING AND FIREWALLS 06/17/98
----------------------------------------------------
PHONY RANGES
	10.1.X.X
	192.168.X.X
MEDIA ONE- DOWN=1.5MB/S  UP=300K
REDHAT>=5, KERNEL HAS EVERYTHING.
YOU NEED
	IPFWD GATEWAY
	FIREWALL PACKET LOGGING
	IP MASQ
	IPAUTOFW- FORWARD TO MACHINES INSIDE FIREWALL
	ICMP MASQ- GOOD, BUT HARD TO WORK
	TRANSPARENT PROXY SUPPORT 
		EXPERIMENTAL, NOT MANDATORY
	ALWAYS DEFRAGMENT PACKETS
		FIXES MTU MISMATCH AND REASSEMBLES PACKETS
		ELSE ITS POSSIBLE FOR SUBPACKETS TO GET THRU 
	IP ACCOUNTING- NICE
	DROP SOURCE-ROUTED FRAMES VERY IMPORTANT
		LOOK UP.
		MAKE SURE YOU TURN IT ON
		ELSE FORGED PACKETS FROM OUTSIDE APPEAR INSIDE

CREATE A SCRIPT LIKE RC.FIREWALL, HAVE INIT.D START IT UP
YOU CAN RUN THIS BEFORE NETWORK UP, JUST DONT DNS
	IPFWADM -I -F	=FLUSH CURRENT INPUT RULES
	IPFWADM -O -F	=FLUSH CURRENT OUTPUT RULES
	IPFWADM -I -F	=DENY EVERYTHING
	THROW OUT CLASS B
	THROW OUT INTERNAL ADDRESES FROM EXTERNAL INTERFACE
	ALLOW INTERNAL OUT TO ANYWHERE
	ALLOW EXTERNAL THROUGH PROXY TO INTERNAL
	ALLOW EXTERNAL TO PORTS/IP'S ON FIREWALL
	ALLOW TRAFFIC ON 127.0.0.1
	BLOCK NETBIOS IN TO OUT, OUT TO IN
		NETBIOS:MS INTERNET BROWSER
	SET UP MASQUERADING
	CEEUCEEME?
	LOG DENIED STUFF
		AS AN EXPERIMENT. WILL LIFF UP YOUR HARD DRIVE
REJECT TELLS THE SENDER NO CAN DO
DENY JUST EATS THE PACKETS	 
** BBCC WHATEVER WRONG.
EQL  -LOAD BALANCING ACROSS <=4 NET CONNECTIONS
PPTP  (NT REMOTE ACCES)  VERY BREAKABLE
	KINTERARTEN CRYPTOGRAPHY
	CRYP:"IF US LETS YOU EXPORT IT, YOU DON'T 
		WANT TO USE IT"
FUN THINGS TO TRY
DYNAMICALLY-LOADBLE-ONLY MODULES
	IPMASQ_*
----------------------------------------------------
----------------------------------------------------
----------------------------------------------------



JC@EDDIE.MIT.EDU  JOHN CHAMBERS
----------------------------------------------------
REFERENCES
----------------------------------------------------
WWW.PCQUEST.COM  MAY 98 ISSUE  STEP BY STEP
SUNSITE LDP CABLEMODEM MINI-HOWTO
WWW.ROOTSHELL.COM
HTTP://WWW.POBOX.COM/~EMK <----- SPEAKER
SUNSITE FIREWALL HOWTO
"SHARE THE NET"  IPFWD ON A FLOPPY
LINUX ROUTER PROJECT
S.U.S.E.  GERMAN VERSION OF LINUX
CALDERA IS RAY NOORDA EX-CEO OF NOVELL
	THEY SELL LINUX-BASED NOVELL SERVER REPLACEMENT
WWW.FRESHMEAT.NET: LINUX APPS
	LINUX STANDARD BASE: COMMON SYSTEM CALLS/WIDGETS
		BETWEEN VARIOUS LINUX DISTRIBUTIONS AND VERS.
APPLIXWARE STAR OFFICE
LAOLA (MSWORD->HTML PERL SCRIPT)"***************
LINUXCONF******* CONFIGURES ALL LINUX CONF FILES VGOOD
DOSEMU VERY GOOD
VNC  VIRTUAL NETWORK COMPUTER   REMOTE CONTROL MACHINES
	OLLIVETTI 
	CROSS-PLATFORM
***I ONLY NEED ONE LINUX BOX
NEXT MONTH 1-390  PLAN9 AND INFERNO
RUFUS.W3.ORG   ALL RPM'S


TONY CALLABRESE3 DAYS SOAP AT END, NO BUBBLES
PATTY




BLU is a member of BostonUserGroups Synoptek
BLU is a member of BostonUserGroups
Synoptek hosts our servers
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org