Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

11.2. Configuring the Kernel for IP Masquerade

To use the IP masquerade facility, your kernel must be compiled with masquerade support. You must select the following options when configuring a 2.2 series kernel:
Networking options  --->
	[*] Network firewalls
	[*] TCP/IP networking
	[*] IP: firewalling
	[*] IP: masquerading
	--- Protocol-specific masquerading support will be built as modules.
	[*] IP: ipautofw masq support
	[*] IP: ICMP masquerading
Note that some of the masquerade support is available only as a kernel module. This means that you must ensure that you “make modules” in addition to the usual “make zImage” when building your kernel.

The 2.4 series kernels no longer offer IP masquerade support as a kernel compile time option. Instead, you should select the network packet filtering option:
Networking options  --->
    [M] Network packet filtering (replaces ipchains)

In the 2.2 series kernels, a number of protocol-specific helper modules are created during kernel compilation. Some protocols begin with an outgoing request on one port, and then expect an incoming connection on another. Normally these cannot be masqueraded, as there is no way of associating the second connection with the first without peering inside the protocols themselves. The helper modules do just that; they actually look inside the datagrams and allow masquerading to work for supported protocols that otherwise would be impossible to masquerade. The supported protocols are:

ModuleProtocol
ip_masq_ftpFTP
ip_masq_ircIRC
ip_masq_raudioRealAudio
ip_masq_cuseemeCU-See-Me
ip_masq_vdoliveFor VDO Live
ip_masq_quakeIdSoftware's Quake

You must load these modules manually using the insmod command to implement them. Note that these modules cannot be loaded using the kerneld daemon. Each of the modules takes an argument specifying what ports it will listen on. For the RealAudio™ module you might use:[1]
# insmod ip_masq_raudio.o ports=7070,7071,7072           
The ports you need to specify depend on the protocol. An IP masquerade mini-HOWTO written by Ambrose Au explains more about the IP masquerade modules and how to configure them.[2]

The netfilter package includes modules that perform similar functions. For example, to provide connection tracking of FTP sessions, you'd load and use the ip_conntrack_ ftp and ip_nat_ ftp.o modules.

Notes

[1]

RealAudio is a trademark of the Progressive Networks Corporation.

[2]

You can contact Ambrose at [email protected].

 
 
  Published under the terms of the Creative Commons License Design by Interspire