Boston Linux & UNIX was originally founded in 1994 as part of The Boston Computer Society. We meet on the third Wednesday of each month, online, via Jitsi Meet.

Member Contributed Articles


1998a: IP Masquerading

(by David Kramer; June 17, 1998)

[Back to Index]


Meeting Notes - IP Masquerading, Wed 17 Jun 1998

Meeting Notes - IP Masquerading, Wed 17 Jun 1998

Taken by David Kramer 

BOSTON LINUX AND UNIX; IP MASQUERADING AND FIREWALLS 06/17/98
----------------------------------------------------
PHONY RANGES
	10.1.X.X
	192.168.X.X
MEDIA ONE- DOWN=1.5MB/S  UP=300K
REDHAT>=5, KERNEL HAS EVERYTHING.
YOU NEED
	IPFWD GATEWAY
	FIREWALL PACKET LOGGING
	IP MASQ
	IPAUTOFW- FORWARD TO MACHINES INSIDE FIREWALL
	ICMP MASQ- GOOD, BUT HARD TO WORK
	TRANSPARENT PROXY SUPPORT 
		EXPERIMENTAL, NOT MANDATORY
	ALWAYS DEFRAGMENT PACKETS
		FIXES MTU MISMATCH AND REASSEMBLES PACKETS
		ELSE ITS POSSIBLE FOR SUBPACKETS TO GET THRU 
	IP ACCOUNTING- NICE
	DROP SOURCE-ROUTED FRAMES VERY IMPORTANT
		LOOK UP.
		MAKE SURE YOU TURN IT ON
		ELSE FORGED PACKETS FROM OUTSIDE APPEAR INSIDE

CREATE A SCRIPT LIKE RC.FIREWALL, HAVE INIT.D START IT UP
YOU CAN RUN THIS BEFORE NETWORK UP, JUST DONT DNS
	IPFWADM -I -F	=FLUSH CURRENT INPUT RULES
	IPFWADM -O -F	=FLUSH CURRENT OUTPUT RULES
	IPFWADM -I -F	=DENY EVERYTHING
	THROW OUT CLASS B
	THROW OUT INTERNAL ADDRESES FROM EXTERNAL INTERFACE
	ALLOW INTERNAL OUT TO ANYWHERE
	ALLOW EXTERNAL THROUGH PROXY TO INTERNAL
	ALLOW EXTERNAL TO PORTS/IP'S ON FIREWALL
	ALLOW TRAFFIC ON 127.0.0.1
	BLOCK NETBIOS IN TO OUT, OUT TO IN
		NETBIOS:MS INTERNET BROWSER
	SET UP MASQUERADING
	CEEUCEEME?
	LOG DENIED STUFF
		AS AN EXPERIMENT. WILL LIFF UP YOUR HARD DRIVE
REJECT TELLS THE SENDER NO CAN DO
DENY JUST EATS THE PACKETS	 
** BBCC WHATEVER WRONG.
EQL  -LOAD BALANCING ACROSS <=4 NET CONNECTIONS
PPTP  (NT REMOTE ACCES)  VERY BREAKABLE
	KINTERARTEN CRYPTOGRAPHY
	CRYP:"IF US LETS YOU EXPORT IT, YOU DON'T 
		WANT TO USE IT"
FUN THINGS TO TRY
DYNAMICALLY-LOADBLE-ONLY MODULES
	IPMASQ_*
----------------------------------------------------
----------------------------------------------------
----------------------------------------------------



JC@EDDIE.MIT.EDU  JOHN CHAMBERS
----------------------------------------------------
REFERENCES
----------------------------------------------------
WWW.PCQUEST.COM  MAY 98 ISSUE  STEP BY STEP
SUNSITE LDP CABLEMODEM MINI-HOWTO
WWW.ROOTSHELL.COM
HTTP://WWW.POBOX.COM/~EMK <----- SPEAKER
SUNSITE FIREWALL HOWTO
"SHARE THE NET"  IPFWD ON A FLOPPY
LINUX ROUTER PROJECT
S.U.S.E.  GERMAN VERSION OF LINUX
CALDERA IS RAY NOORDA EX-CEO OF NOVELL
	THEY SELL LINUX-BASED NOVELL SERVER REPLACEMENT
WWW.FRESHMEAT.NET: LINUX APPS
	LINUX STANDARD BASE: COMMON SYSTEM CALLS/WIDGETS
		BETWEEN VARIOUS LINUX DISTRIBUTIONS AND VERS.
APPLIXWARE STAR OFFICE
LAOLA (MSWORD->HTML PERL SCRIPT)"***************
LINUXCONF******* CONFIGURES ALL LINUX CONF FILES VGOOD
DOSEMU VERY GOOD
VNC  VIRTUAL NETWORK COMPUTER   REMOTE CONTROL MACHINES
	OLLIVETTI 
	CROSS-PLATFORM
***I ONLY NEED ONE LINUX BOX
NEXT MONTH 1-390  PLAN9 AND INFERNO
RUFUS.W3.ORG   ALL RPM'S


TONY CALLABRESE3 DAYS SOAP AT END, NO BUBBLES
PATTY


BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!

Boston Linux & Unix / webmaster@blu.org