The Masquerading
To activate the masquerading, we use under kernel 2.4.x the iptables from netfilter, who have already been implented in the kernel. The following masquerading-values are not for high security systems. They are only for testing the functionality at this moment.
test, if iptables are installed :
rpm -qa iptables
iptables-1.2.3-1
if not, you have to install them :
( rpm -ivh iptables-1.2.3-1.rpm )
Now we prepare to load the modules. Possibly you have to remove old ipchains (redhat 7.x):
rmmod ipchains
or deactivate them with :
chkconfig --level 12345 ipchains off
And activate the iptables (redhat):
chkconfig iptables --level 235 on
Now we create a script :
vi /etc/rc.d/rc.firewall-2.4
#!/bin/sh
#
# rc.firewall-2.4
#
IPTABLES=/sbin/iptables
EXTIF="ppp0"
INTIF="eth1"
/sbin/insmod ip_tables
/sbin/insmod ip_conntrack
/sbin/insmod ip_conntrack_ftp
/sbin/insmod ip_conntrack_irc
/sbin/insmod iptable_nat
/sbin/insmod ip_nat_ftp
echo "1" > /proc/sys/net/ipv4/ip_forward
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
$IPTABLES -P INPUT ACCEPT
$IPTABLES -F INPUT
$IPTABLES -P OUTPUT ACCEPT
$IPTABLES -F OUTPUT
$IPTABLES -P FORWARD DROP
$IPTABLES -F FORWARD
$IPTABLES -t nat -F
$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT
$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT
$IPTABLES -A FORWARD -j LOG
$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE
make script executable :
chmod 700 /etc/rc.d/rc.firewall-2.4
execute the script .
./etc/rc.d/rc.firewall-2.4
for automatical scriptstart :
vi /etc/rc.d/rc.local
add the following line:
/etc/rc.d/rc.firewall-2.4
===> the firewall-skript