S.u.S.E. Support Data Base

Title: IP masquerading - start/stop script

Mainpage Searchform History Versions Categories Contents Deutsch

IP masquerading - start/stop script

Applicable to
S.u.S.E. version: from 4.4 on

Question:

How does one do IP masquerading?

Answer:

One could write a lot about that topic....

Before you click on the following link, please check, whether the howto package howto, serie doc is installed on your local system. This link refers to a howto file in your local system.

Details about the topic "firewalling" are in Firewall-HOWTO

Here a short start/stop script. Replace the variable MQ_LOCALNET correspondingly. Please save the script as

/sbin/init.d/firewall

#! /bin/sh
# Copyright (c) 1996 S.u.S.E. Gmbh Fuerth, Germany.  All rights reserved.
#
# Author: Bodo Bauer 
#   
#
#
# /sbin/init.d/firewall
#

IPFWADM="/sbin/ipfwadm"

# local net
MQ_LOCALNET="192.168.0.0/255.255.255.0"

echo -n "Setting up firewall/masquerading "

##  first of all close everything
for i in -I -O -F; do
  # clear all rules
  ${IPFWADM} $i -f
  # make deny default
  ${IPFWADM} $i -p deny
done

case "$1" in
    start)
        echo "(start)"
        ${IPFWADM} -F -a accept -P all -S 0/0 -D ${MQ_LOCALNET} -b -m
        ;;

    stop)
        echo "(stop)"
        for i in -I -O -F; do
          # make accept default 
          ${IPFWADM} $i -p accept
        done
        ;;
    *)
        echo ""
        echo "Usage: $0 {start|stop}"
        for i in -I -O -F; do
          # make accept default 
          ${IPFWADM} $i -p accept
        done
        exit 1
esac

## NOTE: we mainly 'deny' per ports (see above),
## so, as we have now set up the rules correctly,
## open all filters
for i in -I -O -F; do
  ${IPFWADM} $i -p accept
done

## list the rules
for i in -O -F -I; do
 ${IPFWADM} $i -ln
done

exit 0

Bugs:

The current hackerkernels (up to at least 2.1.21) have still problems with some network functions; the userkernels (2.0.28) work.

Keywords: FIREWALL, IPFWADM, MASQUERADING, TCPIP, NETWORK, NET, SECURITY

Feedback welcome: Send Mail to kfr@suse.de (Please give the following subject: SDB-firewall)

Mainpage Searchform History Versions Categories Contents Deutsch

SDB-firewall, Copyright S.u.S.E. GmbH, Fürth, Germany - Version: 26.02.97
Impressum - Last generated: 17. Sep 1997 12:56:37 by mb with sdb_gen 0.70.0