Email Address:

Lost your password?

This is the legacy website; please use the new website.

Using Linux To Share An Optus Cable Modem - Part Three

Masquerading modules and a firewall.

By John Bagster.

In order to effectively use your Linux box as a gateway, you need to set the machine up so that it loads some "masquerading modules" on start-up. In addition, you need to set up a firewall so everything is secure. After all, you don't want someone breaking in and taking over!

We'll get to our firewall shortly. Let's deal with the masquerading modules first.

The various masquerading modules are required so that the gateway correctly forwards IP packets for various Internet utilities on the client machines. Basically, these modules work with IP masquerading (or IP forwarding) so that it looks as though everything that's forwarded to the Internet is coming from a single machine - ie, the Linux box.

This is done by translating IP addresses from the local network into a valid Internet IP number before relaying the packets out onto the Internet. At the same time, IP masquerading translates any incoming packets into local addresses before forwarding them to the client machines.

It's all really something of a masquerade because the real IP addresses of the clients are hidden - hence the name "IP masquerading".

IP masquerading (forwarding) is carried out using a program called "ipchains" and this is also used to create the firewall rules. Recent versions of Linux also include an updated replacement for ipchains called iptables (although ipchains is still included). The firewall described here is based on ipchains (since this is used by default with RedHat 7.0) but both are supported in system startup, so you could use iptables if you want.

Share this Article: 

Privacy Policy  |  Advertise  |  Contact Us

Copyright © 1996-2019 Silicon Chip Publications Pty Ltd All Rights Reserved