
                     Linux IP Masquerade mini HOWTO Ķ
                                       
@: Ambrose Au, [1]ambrose@writeme.com;
David Ranch, [2]dranch@trinnet.net
Ķ: [3]Ӱ [4]cwhuang@linux.org.tw

   v1.50, 7 February 1999 ½Ķ: 17 March 1999
     _________________________________________________________________
   
   oyzpb@x Linux DW_ IP Masquerade \A\S
   Uں IP }suqgѧA Linux sںD
     _________________________________________________________________
   
1. ²

     * 1.1 ²
     * 1.2 eA^X & ѦҸT
     * 1.3 v & ŧi
       
2. I

     * 2.1 O IP Masquerade?
     * 2.2 {p
     * 2.3 ֥iHq IP Masquerade q?
     * 2.4 ֤ݭn IP Masquerade?
     * 2.5 IP Masquerade OpB@?
     * 2.6 b Linux 2.2.x Wϥ IP Masquerade ݨD
     * 2.7 b Linux 2.0.x Wϥ IP Masquerade ݨD
       
3. IP Masquerade ]w

     * 3.1 sĶ֤ߥ[J IP Masquerade 䴩
     * 3.2 wpκ IP }
     * 3.3 tm䥦
     * 3.4 tm IP e(Forwarding)覡
     * 3.5  IP Masquerade
       
4. 䥦 IP Masquerade Dγn䴩

     * 4.1 IP Masquerade D
     * 4.2 iJtΪA(incoming services)
     * 4.3 w䴩ȤݳnHΨ䥦]w譱`Nƶ
     * 4.4 IP ޲z (ipfwadm) 
     * 4.5 IP  (ipchains)
     * 4.6 IP Masquerade HλݨD(Demand-Dial-Up)
     * 4.7 IPautofw ʥ]e{
     * 4.8 CU-SeeMe P Linux IP-Masquerade ²u
     * 4.9 Other Related Tools
       
5. 䥦

     * 5.1 DU
     * 5.2 P
     * 5.3 ѦҸ
     _________________________________________________________________
   
1. ²

1.1 ²

   oyzpb@x Linux DW_ IP Masquerade \A\S
   Uں IP }suqgѧA Linux sںDAi
   OHAӺs Linux, ]iO䥦AOII(ppp) su
   DoN|jդAӺsupA]oӬO̱`רҡC
   
     oتO 2.2.x  2.0.x íw֤ߪϥΪ̰ѦҡCª֤ߦp
     1.2.x ä]tbC
     
1.2 eA^X & ѦҸT

   ڵo{sbs֤ߤWAO 2.x ֤ߡA]w IP Masguerade ɫD`xb
   DM`ݵ(FAQ) PlC(mailing list)AMӨS@o譱
   MFӥBblCWǹoˤ@(HOWTO) ШDD
   HAڨMwgҦs@@Ӱ_IAåBƱ߿jޥɡA@ǫD
   `FѥϥΪ̫إߤ󪺰¦DpGA{ڰnAnbNiDڡA
   o˧گ⥦onD
   
   oܦhOH Ken Eves `ݵH IP Masquerade lC
   \hUT@¦DSOP Mr. Matthew Driver blCT
   ޵oڳ] IP Masquerade FPHγ̫ἶgFoD
   
   pGڪT~ο|TAЧON^XηNH
   [5]ambrose@writeme.com  [6]dranch@trinnet.net ӡDAL^XNvT
   o󪺥!
   
   oOQ@A IP Masquerade b̵uɶB@ֳtޡD
   ]ڤO@M@aAAi|o{󪺸TëDpAQ@
   [D ̷sHθTiHbکҺ@ [7]IP Masquerade Resource 
   WD pGA IP Masquerade ޳NDAХ[J IP
   Masquerade lCӧOHqll󵹧ڡA]ڪɶAӥB IP
   Masquerade oi̧̭󦳯O^ADD
   
   o̷siHb [8]IP Masquerade Resource WA̭]
   HTML H postscript :
     * [9]http://ipmasq.cjb.net/
     * [10]http://ipmasq2.cjb.net/
     * аѦ [11]IP Masquerade Resource MgxC H䥦Mgx
       D
       
1.3 v & ŧi

   ovݩ Ambrose Au 1999, ӥBOKODAiHb GNU q
   }v覡UD
   
   o󤤪T䥦ewgɤFڳ̤jVODLצpAIP
   Masquerade OʪAӥBڤ]i|Ǩǿ~FҥHAӦۤvMwOO
   nӵ۳o󤤪TD
   
   SH|ϥγo󤤪TҳyqlaΨ䥦ltdD]NO
   A
   
     @̤κ@̷̤ӳo󤺮eʧ@ҳyl`tdD
     
   
   
   This document is copyright(c) 1996 Ambrose Au, and it's a free
   document. You can redistribute it under the terms of the GNU General
   Public License.
   
   The information and other contents in this document are to the best of
   my knowledge. However, ip_masq is experimental, and there is chance
   that I make mistakes as well; so you should determine if you want to
   follow the information in this document.
   
   Nobody is responsible for any damage on your computers and any other
   losses by using the information on this document. i.e.
   
     THE AUTHOR AND MAINTAINERS ARE NOT RESPONSIBLE FOR ANY DAMAGES
     INCURRED DUE TO ACTIONS TAKEN BASED ON THE INFORMATION IN THIS
     DOCUMENT.
     
2. I

2.1 O IP Masquerade?

   IP Masquerade O Linux @\DpG@x Linux Dϥ IP
   Masquerade \suںWA򱵤Wq]׬ObP@Ӱϰ
   WǥѼƾھsu^]iHĲںAYϥ̨Sow
   IP }D
   
   oϱo@ǹqiHæbhD(gateway) tΫ᭱sںӤQo{A
   ݰ_ӴNuoӨtΦbϥκںD}]w}n(masquerade)t
   Τw@ӷ|}}nʥ]Lo(packet filter firewall)
   ӱo[x]]̤S~^D
   
2.2 {p

   IP Masquerade wgoih~ͩ󦨼A]w֤J Linux 2.2.x ֤
   C q 1.3.x ֤߶}lwgسo䴩C\hӤHƦܤqbϥΥ
   AӦNGC
   
   sHλñJ(telnet)wg^ܥiHb IP Masquerade WB@D
   ɮ׶ǿ(FTP)A(IRC) Hβť Real Audio {biHJYǼҲհt
   XD䥦ƬyT (streaming audio) O True Speech H
   Internet Wave ]B@D@ǶlCϥι٦ƦٹչLT|ĳn
   D Ping {btXsiHoںTw(ICMP)׸ɤ]B
   @D
   
   󧹾㪺䴩nCаѦ 4.3 `D
   
   IP Masquerade bƺؤP@~tΤΥOWP 'Ȥݾ' tX}nC 
   \רҦϥ Unix, Windows95, Windows NT, Windows for Workgroup
   (with TCP/IP package), OS/2, Macintosh System's OS with Mac TCP, Mac
   Open Transport, DOS with NCSA Telnet package, VAX, Alpha with Linux, 
    Amiga with AmiTCP  AS225-stack tΡC oC٦b_W[C
   INOAunAtΨϥ TCP/IP wANӯM IP Masquerade @_u
   @C
   
2.3 ֥iHq IP Masquerade q?

     * pGAxsں Linux DAӥB
     * pGA@ǰ TCP/IP s Linux qbϰWAH/
       άO
     * pGA Linux D@ӥHWƾھåB@ PPP  SLIP As
       䥦qA
     * oǨ䥦Sw IP }D]oǾqo̶}lHN٬
       䥦^
     * ӥBMApGAƱoǨ䥦B~OδNsWں
       :)
       
2.4 ֤ݭn IP Masquerade?

     * pGAOW@x(stand-alone) sں Linux DA
        IP Masquerade SNqAΪ
     * pGA䥦֦w IP }AANݭn IP
       Masquerade
     * ӥBMApGAwKOϥ(free ride) oӥDNܡD
       
2.5 IP Masquerade OpB@?

   ` Ken eves  IP Masquerade FAQ:
  oOj²檺]w:

     SLIP/PPP         +------------+                         +-------------+
     to provider      |  Linux     |       SLIP/PPP          | Anybox      |
    <---------- modem1|            |modem2 ----------- modem |             |
      111.222.333.444 |            |           192.168.1.100 |             |
                      +------------+                         +-------------+

          WϤ@xw˨ð ip_masquerading   Linux
      ϥ modem1 g SLIP/or/PPP  sںD@
      w IP } 111.222.333.444D]w modem2 \
      ñJð_l SLIP/or/PPP  sD

          ĤGӨtΡ]O Linux  tΡ^iJ Linux
      ð_l SLIP/or/PPP  sDbںWèSw
      IP  }ҥHϥ 192.168.1.100D]Ѿ\Uz^

          tX ip_masquerade  ξAetm(routing configured)
      Anybox  oxiHںyNpPusbW
      ]Fּƨҥ~^D

  ` Pauline Middelink:
      OѰO ANYBOX ӧ Linux  @hD]L׬O
      w]e|ΥuOӤlSY^DpG ANYBOX 
      o˳]A Linux  ӬҦne}Nz}ѪR
      Rw(proxy arp) AȡANz}ѪR]wWLo
      dD

  U` comp.os.linux.networking @giåBy[sH
  ŦXWzdҪε:

  CڧiD ANYBOX ox] slip  linux  OhDD
  C@ӫʥ]q ANYBOX iJ linux  ɡA|wsӷ
    (source port number)A⥦ۤv ip }Jʥ]Y
    xsӪDMᥦN|ǥ SLIP/or/PPP  ɭקLʥ]
    eWںD
  C@ӫʥ]qںӨ linux  ɡApG𸹬OWw
    䤤@ӡAN|XӪ𸹥H ip }A⥦̩^
    ]YAåBʥ]e ANYBOX D
  CeXʥ]DNûD䤤tOD

   @ IP Masquerading Ҥl:
   
   UϥܬO嫬Ҥl:-

    +----------+
    |          |  Ethernet
    | abox     |::::::
    |          |2    :192.168.1.x
    +----------+     :
                     :   +----------+   PPP
    +----------+     :  1|  Linux   |   link
    |          |     ::::| masq-gate|:::::::::// Internet
    | bbox     |::::::   |          |
    |          |3    :   +----------+
    +----------+     :
                     :
    +----------+     :
    |          |     :
    | cbox     |::::::
    |          |4
    +----------+


    <-Internal Network->

   boӨҤlڭ̦Ҽ{|xqtΡ]Qk٦ǪFAں
    IP susAHΤ@ǡ]WLo@^bںWA洫
   TF^D o Linux t masq-gate O abox, bbox, cbox 
   sں˹hDD ϥΫwp(private) }Ab
   oӮרҤO class C  192.168.1.0, Linux ֦} 192.168.1.1
   Ө䥦tΤ]֦W}D
   
   oTx abox, bbox H cbox (̥iH@~t  O
   Windows 95, Macintosh MacTCP άƦܬOt@x Linux Aun̯F
   IP)iHsuںW䥦hAMӳoӰ˨tιhD masq-gate 
   ̩ҦsuҥHoǳsuݰ_ӹO쥻Yq˹hD masq-gate o
   XAӥB٦wư˳suǦ^^t  ҥHbW
   tάݨ쪺Oqںe|ӥBDL̪ƳQ˹LD
   
2.6 b Linux 2.2.x Wϥ IP Masquerade ݨD

     ** аѦ [12]IP Masquerade Resource Ho̷sTC**
     
     * 2.2.x ֤ߪl{Xiq [13]http://www.kernel.org/ oC
       (j{NoMp Red Hat 5.2 - tƤF 2.0.36 ֤ - wF
       Ҳդƪ֤ߡABҦ IP Masquerade һݪﶵw}C oرΤU
       AwSnAۦsĶCpGAۤvɯŮ֤ߡAA`NAݭnAb
       y|C)
     * iJ֤߼ҲաA̦nO 2.1.121 ΥH᪺
     * ]w}n TCP/IP 
       b [14]Linux NET-3 HOWTO  [15]Network Administrator's
       Guide
       ]аѦ [16]Trinity OS Doc, O@D`㪺 Linux ѦҫޡC
     * NA Linux DsWں
        [17]Linux ISP Hookup HOWTO, [18]Linux PPP HOWTO,
       [19]Linux DHCP mini-HOWTO  [20]Linux Cable Modem mini-HOWTO
     * IP Chains 1.3.8 ΧsCiq
       [21]http://www.rustcorp.com/linux/ipchains/ oC
       ݨDhT]b [22]Linux IP Firewalling Chains page.
     * 䥦TAШ [23]Linux IP Masquerade Resource
       
2.7 b Linux 2.0.x Wϥ IP Masquerade ݨD

     ** аѦ [24]IP Masquerade Resource Ho̷sTC**
     
     *
     * ֤ 2.0.x l{XiHqǫo [25]http://www.kernel.org/
       (j{NoMp Red Hat 5.2 - tƤF 2.0.36 ֤ - wF
       Ҳդƪ֤ߡABҦ IP Masquerade һݪﶵw}C oرΤU
       AwSnAۦsĶCpGAۤvɯŮ֤ߡAA`NAݭnAb
       y|C)
     * iJ֤߼ҲաA̦nO 2.0.0 ΧsAiHqǫo
       [26]http://www.pi.se/blox/modules/modules-2.0.0.tar.gz
       (ܤֻݭn modules-1.3.57)
     * ]wn TCP/IP 
       b [27]Linux NET-3 HOWTO  [28]Network Administrator's
       Guide
       ]аѦ [29]Trinity OS Doc, O@D`㪺 Linux ѦҫޡC
     * NA Linux DsWں
        [30]Linux ISP Hookup HOWTO, [31]Linux PPP HOWTO,
       [32]Linux DHCP mini-HOWTO  [33]Linux Cable Modem mini-HOWTO
     * Ipfwadm 2.3 ΧsiHqǫo
       [34]ftp://ftp.xos.nl/pub/linux/ipfwadm/ipfwadm-2.3.tar.gz b Linux
       Ipfwadm Wh󪩥T [35]Linux IPFWADM page
     * AiHܩʦa[W@ IP Masquerade ׸ɥHW[䥦\D qo
       iHhTA [36]IP Masquerade Resources (oǭ׸ɾAΩ
        2.0.x ֤)
       
3. IP Masquerade ]w

     pGApκ̦󭫭nTAbϥ IP Masquerade eФT
     DoiনAqںhDAϤMA]iনt@䪺@ɶi
     JApκ~|D
     
3.1 sĶ֤ߥ[J IP Masquerade 䴩

     pGA Linux oMwgNUN쪺һݯSʤμҲսsĶih
     (jҲդƪ֤ߦAһݪF)AAݭnssĶ֤ߡC 
     LQĳAŪ@Ū`A]]tF䥦ΪTC
     
  Linux 2.2.x ֤
  
     * AAݭn 2.2.x ֤ߪl{XC
     * pGoOAĤ@sĶ֤ߡAn`ȡC ƹWAoD`eӥB[\
       [37]Linux Kernel HOWTO.
     * HoӫO: tar xvzf linux-2.2.x.tar.gz -C /usr/src N֤߭lX
       } /usr/src/, 䤤 x O 2.2 ᪺׸ɼh(Tw@s linux 
       βŸs).
     * [WA׸ɡC]s׸ɤ_XӡAҥHӸ`|]tbo̡C 
       sTаѦ [38]IP Masquerade Resources.
     * sĶ֤ߧi@BнаѦ Kernel HOWTO Hή֤߭l{X
       ̪ README ɮסC
     * o̬OAnsĶihﶵ:
       UCﶵn^ YES:
       
  * Prompt for development and/or incomplete code/drivers
    CONFIG_EXPERIMENTAL
    - oNAܧʪ IP Masquerade {XsĶ֤߸̥h

  * Enable loadable module support
    CONFIG_MODULES
    - AJ ipmasq Ҳզp ip_masq_ftp.o

  * Networking support
    CONFIG_NET

  * Network firewalls
    CONFIG_FIREWALL

  * TCP/IP networking
    CONFIG_INET

  * IP: forwarding/gatewaying
    CONFIG_IP_FORWARD

  * IP: firewalling
    CONFIG_IP_FIREWALL

  * IP: masquerading
    CONFIG_IP_MASQUERADE

  * IP: ipportfw masq support
    CONFIG_IP_MASQUERADE_IPPORTFW
    - ĳ[J

  * IP: ipautofw masquerade support
    CONFIG_IP_MASQUERADE_IPAUTOFW
    - i

  * IP: ICMP masquerading
    CONFIG_IP_MASQUERADE_ICMP
    - 䴩 ICMP ʥ]Aĳ[J

  * IP: always defragment
    CONFIG_IP_ALWAYS_DEFRAG
    - ׫ĳϥ

  * Dummy net driver support
    CONFIG_DUMMY
    - ĳ[J

  * IP: ip fwmark masq-forwarding support
    CONFIG_IP_MASQUERADE_MFW
    - i

       `N: ouLOA] IP Masquerade һݪءA䥦ӧAһݪ
       ܡC
     * bsĶ֤ߤAAݭnsĶΦw˼Ҳ:
       
make modules; make modules_install

     * MUX[A /etc/rc.d/rc.local ɮ (Ψ䥦A{A
       ɮ)HKC}ɦ۰ʸJ /lib/modules/2.2.x/ipv4/ 
       :
       
        .
        .
        .
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio
/sbin/modprobe ip_masq_irc
(HΨ䥦Ҳզp ip_masq_cuseeme, ip_masq_vdolive,
pGA[Woǭ׸ɪ)
        .
        .
        .

       n: IP e\b 2.2.x ֤ߤw]OAнTwAHON
       䥴}:
       echo "1" > /proc/sys/net/ipv4/ip_forwarding  Red Hat ϥΪ̨
       AAiH /etc/sysconfig/network  FORWARD_IPV4=false 令
       FORWARD_IPV4=true.
     * sҰ Linux DC
       
  Linux 2.0.x Kernels
  
     * AAݭn֤ߪl{X(̦nO̷s 2.0.36 ΥHW)C
     * pGoOAĤ@sĶ֤ߡAn`ȡC ƹWAoD`eӥB[\
       [39]Linux Kernel HOWTO.
     * HoӫO: tar xvzf linux-2.0.x.tar.gz -C /usr/src N֤߭lX
       } /usr/src/, 䤤 x O 2.0 ᪺׸ɼh(Tw@s linux 
       βŸs).
     * [WA׸ɡC]s׸ɤ_XӡAҥHӸ`|]tbo̡C 
       sTаѦ [40]IP Masquerade Resources.
     * sĶ֤ߧi@BнаѦ Kernel HOWTO Hή֤߭l{X
       ̪ README ɮסC
     * o̬OAnsĶihﶵ:
       UCﶵn^ YES:
       
  * Prompt for development and/or incomplete code/drivers
    CONFIG_EXPERIMENTAL
    - oNAܧʪ IP Masquerade {XsĶ֤߸̥h

  * Enable loadable module support
    CONFIG_MODULES
    - AJҲ

  * Networking support
    CONFIG_NET

  * Network firewalls
    CONFIG_FIREWALL

  * TCP/IP networking
    CONFIG_INET

  * IP: forwarding/gatewaying
    CONFIG_IP_FORWARD

  * IP: firewalling
    CONFIG_IP_FIREWALL

  * IP: masquerading (EXPERIMENTAL)
    CONFIG_IP_MASQUERADE
    - oMOʪAoO ** 

  * IP: ipautofw masquerade support (EXPERIMENTAL)
    CONFIG_IP_MASQUERADE_IPAUTOFW
    - ĳ[J

  * IP: ICMP masquerading
    CONFIG_IP_MASQUERADE_ICMP
    - 䴩 ICMP ʥ]Ai

  * IP: always defragment
    CONFIG_IP_ALWAYS_DEFRAG
    - ׫ĳϥ

  * Dummy net driver support
    CONFIG_DUMMY
    - ĳ[J

       `N: ouLOA] IP Masquerade һݪءA䥦ӧAһݪ
       ܡC
     * bsĶ֤ߤAAݭnsĶΦw˼Ҳ:
       
make modules; make modules_install

     * MUX[A /etc/rc.d/rc.local ɮ (Ψ䥦A{A
       ɮ)HKC}ɦ۰ʸJ /lib/modules/2.0.x/ipv4/ 
       :
       
        .
        .
        .
/sbin/depmod -a
/sbin/modprobe ip_masq_ftp
/sbin/modprobe ip_masq_raudio
/sbin/modprobe ip_masq_irc
(HΨ䥦Ҳզp ip_masq_cuseeme, ip_masq_vdolive,
pGA[Woǭ׸ɪ)
        .
        .
        .

       n: IP e\b 2.0.34 ᪺֤ߤw]OAнTwAH
       ON䥴}:
       echo "1" > /proc/sys/net/ipv4/ip_forwarding  Red Hat ϥΪ̨
       AAiH /etc/sysconfig/network  FORWARD_IPV4=false 令
       FORWARD_IPV4=true.
     * sҰ Linux DC
       
3.2 wpκ IP }

   ]Ҧ䥦Sw}AӥT覡Ӥt}o
   ǾD
   
   ` IP Masquerade FAQ:
   
    RFC (#1597, {biwLɤF) OSP~ɳsuӨϥΤ
   IP }DTӼƦr϶OSOoӥتӫOdD䤤@ӧڨϥΪO
   192.168.1.n  192.168.255.n  255 Class-C lD
   
` RFC 1597:

ĤT`: pΦ}Ŷ

      ں}w(IANA: Internet Assigned Numbers Authority)
      wgOdUCTӰ϶ IP }Ŷpκ:

                     10.0.0.0        -   10.255.255.255
                     172.16.0.0      -   172.31.255.255
                     192.168.0.0     -   192.168.255.255

      ڭ̱NٲĤ@Ӱ϶ "24줸϶"AĤGӬ "20줸϶"A
      ӲĤTӫh٬ "16줸϶"D`NĤ@Ӱ϶NuO
      class A  XAĤGӰ϶hOs 16  class B 
      XAӲĤTӰ϶O@ 255  ӳs class C XD

   ҥHApGAnϥΤ@ class C ܡAAӥH
   192.168.1.1, 192.168.1.2, 192.168.1.3, ..., 192.168.1.x ӦWD
   
   192.168.1.1 q`OhDoxAbYAsWں Linux DD`N
   192.168.1.0 H 192.168.1.255 OHμs}AOOdDקKb
   AWϥγoǦ}D
   
3.3 tm䥦

   FCx]wA IP }~AA]ӳ]wAhDD@뻡
   AoOD`FDAu²aJ Linux D}(q`O
   192.168.1.1)@hD}D
   
   W٪AȡAAiH[J DNS tΡD̥i઺ӬOA Linux ϥ
   @ӡDA]iHܩʦa[Wr(domain suffix) D
   
   bAstmo IP }AOosҰʾAAȩάOs}D
   
   UtmdҰ]AϥΤ@ Class C åBH 192.168.1.1 @ Linux
   D}DЪ`N 192.168.1.0  192.168.1.255 OOdD
   
  tm Windows 95
  
    1. pGA٨Sw˺dHάɭXʵ{A{bD
    2.  'x/' ̥hD
    3. pGAtm̨S 'TCP/IP w' h[ihD
    4. b'TCP/IP e'A'IP }'åB IP }]w
       192.168.1.x,(1<x<255) AåBlBn] 255.255.255.0
    5. b'qTh'[J 192.168.1.x @AhDD
    6. b'DNS tm'/'DNS A'U[JA Linux DϥΪ DNS (q`iH
       b /etc/resolv.conf ̧)DAiHܩʦa[JArjM
       ǡD
    7. nܧ䥦]wADADۤvbD
    8. bҦܲU'Tw'åBsҰʨtΡD
    9. պsuAPing A linux D: q'}l/'AJ ping
       192.168.1.1
       (ouOϰsuաAA{b٤ ping ~@ɡD)
   10. AiHb windows ؿUܩʦaإߤ@ HOSTS ɮסApAiHϥ
       ϰ̪W١Db windows ؿ̦Ӻ٬ HOSTS.SAM dҡD
       
  tm Windos for Workgroup 3.11
  
    1. pGA٨Sw˺dHάɭXʵ{A{bD
    2. pGA٥w TCP/IP 32b M󪺸ܴN˧aD
    3. b 'Main'/'Windows Setup'/'Network Setup', U 'Drivers'D
    4. N 'Network Drivers' ̪ 'Microsoft TCP/IP-32 3.11b' ϥաAU
       'Setup'D
    5. ]w IP } 192.168.1.x (1 < x < 255), M]w Subnet Mask 
       255.255.255.0 H Default Gateway  192.168.1.1D
    6. n} 'Automatic DHCP Configuration' æb 'WINS Server' J
       FADAb@ Windows NT 줤ӥBADAbD
    7. U 'DNS', Jb 3.3.1 p`BJ쪺TAMbAU
       'OK' sD
    8. U 'Advanced', pGAϥ 3.3.1 p`BJQDɮסA
        'Enable DNS for Windows Name Resolution'  'Enable LMHOSTS
       lookup'D
    9. bҦܲ 'OK' ísҰʨtΡD
   10. Ping @UA Linux DHպs: b 'File/Run' J: ping
       192.168.1.1
       (ouLOϰsաAA٤ ping ~@)D
       
  Configuring Windows NT
  
    1. pGA٨Sw˺dHάɭXʵ{A{bD
    2.  'Main'/'Control Panel'/'Network'D
    3. pGA٨S TCP/IP AȪܱq 'Add Software' 椤[J TCP/IP 
       wάD
    4. b 'Network Software and Adapter Cards' ̱N 'Installed Network
       Software' ܲ 'TCP/IP w' ϥաD
    5. b 'TCP/IP Configuration'AܾAɭXʵ{AҦpA[1]Novell
       NE2000 AdapterDM]w IP } 192.168.1.x (1 < x < 255)AM
       ]w Subnet Mask  255.255.255.0 H Default Gateway 
       192.168.1.1D
    6. n} 'Automatic DHCP Configuration' æb 'WINS Server' J
       FADAb@ Windows NT 줤ӥBADAbD
    7. U 'DNS', Jb 3.3.1 p`BJ쪺TAMbAU
       'OK' sD
    8. U 'Advanced', pGAϥ 3.3.1 p`BJQDɮסA
        'Enable DNS for Windows Name Resolution'  'Enable LMHOSTS
       lookup'D
    9. bҦܲ 'OK' ísҰʨtΡD
   10. Ping @UA Linux DHպs: b 'File/Run' J: ping
       192.168.1.1
       (ouLOϰsաAA٤ ping ~@)D
       
  tm UNIX tCt
  
    1. pGA٥w˧AdåHAɭXʵ{ssĶA֤ߡA{
       bNaD
    2. w TCP/IP AO nettools MApGA٨S˪ܡD
    3. N IPADDR ] 192.168.1.x (1 < x < 255), MN NETMASK ]
       255.255.255.0, GATEWAY ] 192.168.1.1, H BROADCAST ]
       192.168.1.255D
       ҦpAb Red Hat Linux tΤWAiHs
       /etc/sysconfig/network-scripts/ifcfg-eth0AΪq Control Panel
       ̰D
       (b SunOS, BSDi, Slackware Linux, ۦP...)
    4. NAW٦AλjMr[ /etc/resolv.confD
    5. ̾ڧA]wAinsA /etc/networks ɮסD
    6. sҰʾAAȡA²檺s}D
    7. oX ping O: ping 192.168.1.1 HըA gateway s
       D
       (ouLOϰsաAA٤ ping ~@)D
       
  tmϥ NCSA Telnet M DOS 
  
    1. pGA٨Sw˺dA{bD
    2. JAʥ]Xʵ{D NE2000 dӻApGAd]w IRQ
       10 εw} 0x300A nwpd 0x60 10 0x300D
    3. إߤ@sؿAMѶ} NCSA Telnet M: pkunzip tel2308b.zip
    4. ϥΤrs边} config.tel ɮסD
    5. ]w myip=192.168.1.x (1 < x < 255), H netmask=255.255.255.0D
    6. bҤlAAӳ]w hardware=packet, interrupt=10, ioaddr=60D
    7. Aܤ֭n@W]w gatewayA]NO Linux D:
       
name=default
host=yourlinuxhostname
hostip=192.168.1.1
gateway=1

    8. ٭nt~@ӫwW٪A:
       
name=dns.domain.com ; hostip=123.123.123.123; nameserver=1

       `N: ΧA Linux DϥΪ DNS ATӨND
    9. xsA config.tel ɮסD
   10. Telnet A Linux DHպs: telnet 192.168.1.1
       
  tm MacTCP  MacOS 
  
    1. pGA٨SAAӺ౵w˾AXʵ{A̦n{bN@D
    2. } MacTCP control panelAܾAXʵ{(Ethernet, ӫD
       EtherTalk) ëU 'More...' sD
    3. b 'Obtain Address:',  'Manually'D
    4. b 'IP Address:' UAquX椤 class CDܲ䥦
       D
    5. b 'Domain Name Server Information:' JATD
    6. b 'Gateway Address:' AJ 192.168.1.1D
    7. U 'OK' Hxs]wDb MacTCP control panel DAb 'IP
       Address:' JA Mac  IP } (192.168.1.x, 1 < x < 255)D
    8.  MacTCP control panel. pGuXAs}ANa
       D
    9. AiH ping @UA Linux DӨӴպsuDpGA MacTCP
       Watcher KO{AU 'Ping' sAMbuXܲJA
       Linux Da}(192.168.1.1)D(ouLOϰsաAA
        ping ~@ɡD)
   10. Aiܩʦab System Folder إߤ@ Hosts ɮץHKAiHϥΧA
       ̾DW١D oɮץiwgsbA System Folder
       ̡AӥBӷ|]t@(ѱ)dҶئӧAiHھڧAݭnӭ
       D
       
  tm Open Transport  MacOS t
  
    1. pGA٨SAAӺ౵w˾AXʵ{A̦n{bN@D
    2. } TCP/IP Control Panel Mq Edit 椤 'User Mode ...'D
       TwϥΪ̼Ҧܤ֬O 'Advanced' MU 'OK' sD
    3. q File 椤 'Configurations...'D 'Default' tmëU
       'Duplicate...' sDb 'Duplicate Configuration' ܲJ 'IP
       Masq' (άO䥦ADoOӯStmr)Ai|O
       'Deafault copy' 򪺡DMU 'OK' sAH 'Make Active' sD
    4. q 'Connect via:' uX椤 'Ethernet'D
    5. q 'Configure:' uXܾAءDpGADӿ擄A
       AiӭsܧA 'Default' tmM}DڥΪO 'Manually'
       D
    6. b 'IP Address:' JA Mac  IP } (192.168.1.x, 1 < x <
       255)D
    7. b 'Subnet mask:' J 255.255.255.0D
    8. b 'Router address:' J 192.168.1.1 D
    9. b 'Name server addr.:' JAW٦A IP }D
   10. b 'Implicit Search Path:' ̪ 'Starting domain name' JA
       W(Ҧp 'microsoft.com')D
   11. UӪBJOܩʪDTȥiɭPY~欰DpGA
       TwA̦ndUťաAnĿDpGݭnܡAh줤
       TDNڥثeҪSkb TCP/IP ܵiDtΤnϥΥHe
       Lt@ "Hosts" ɮסDpGADܡAګܦFѡDpGA
       ݭn 802.3 ج[ܴNĿ '802.3'D
   12. U 'Options...' HTw TCP/IP @ΡDڨϥ 'Load only when
       needed' ﶵDpGAõ TCP/IP ε{\hӥsҰʧA
       AANo{ 'Load only when needed' |/CAO
       ޲zįD惡رN TCP/IP w`OQJKϥΡDpG
       FATCP/IP w|۰ʦbݭnɸJæbݭnDJP񪺹L
       {iϧAOܪHD
   13. AiH ping @UA Linux DӨӴպsuDpGA MacTCP
       Watcher KO{AU 'Ping' sAMbuXܲJA
       Linux Da}(192.168.1.1)D(ouLOϰsաAA
        ping ~@ɡD)
   14. AiHb System Folder إߤ@ Hosts ɮץHKAiHϥΧAϰ
       ̾DW١Doɮץiwg٥sbA System Folder 
       DpGܡAӷ|]t@(ѱ)dҶئӧAiHھڧA
       nӭקDpG٨SܡAAiHq@bB@ MacTCP tΤ^
       AΦۤvؤ@(` Unix  /etc/hosts ɮ׮榡Ab RFC 952 y
       z)D@AإߤFoɮסA} TCP/IP control panelAU 'Select
       Hosts File...' sAMᥴ} Hosts ɮסD
   15. ܲαq File 椤 'Close'  'Quit' MU 'Save' H
       xsAҰܡD
   16. oǧܷ|ߨͮġAs}]L`D
       
  tmϥ DNS  Novell 
  
    1. pGA٨SAAӺ౵w˾AXʵ{A̦n{bN@D
    2. q [41]ftp.novell.com/pub/updates/unixconn/lwp5 ^ tcpip16.exeD
    3.
s c:\nwclient\startnet.bat
       : (here is a copy of mine)
SET NWLANGUAGE=ENGLISH
LH LSL.COM
LH KTC2000.COM
LH IPXODI.COM
LH tcpip
LH VLM.EXE
F:
    4.
s c:\nwclient\net.cfg
       : (NXʵ{אּAA i.e. NE2000)
Link Driver KTC2000
        Protocol IPX 0 ETHERNET_802.3
        Frame ETHERNET_802.3
        Frame Ethernet_II
        FRAME Ethernet_802.2

NetWare DOS Requester
           FIRST NETWORK DRIVE = F
           USE DEFAULTS = OFF
           VLM = CONN.VLM
           VLM = IPXNCP.VLM
           VLM = TRAN.VLM
           VLM = SECURITY.VLM
           VLM = NDS.VLM
           VLM = BIND.VLM
           VLM = NWP.VLM
           VLM = FIO.VLM
           VLM = GENERAL.VLM
           VLM = REDIR.VLM
           VLM = PRINT.VLM
           VLM = NETX.VLM

Link Support
        Buffers 8 1500
        MemPool 4096

Protocol TCPIP
        PATH SCRIPT     C:\NET\SCRIPT
        PATH PROFILE    C:\NET\PROFILE
        PATH LWP_CFG    C:\NET\HSTACC
        PATH TCP_CFG    C:\NET\TCP
        ip_address      xxx.xxx.xxx.xxx
        ip_router       xxx.xxx.xxx.xxx
    5. ̫إ
c:\bin\resolv.cfg
       :
SEARCH DNS HOSTS SEQUENTIAL
NAMESERVER 207.103.0.2
NAMESERVER 207.103.11.9
    6. ڧƱoǬYǨϥ Novell HUD٦Ao Netware 3.1x
        4.x ΡD
       
  tm OS/2 Warp
  
    1. pGA٨SAAӺ౵w˾AXʵ{A̦n{bN@D
    2. pGA٨S TCP/IP qTwܲ{bNˡD
    3. } Programms/TCP/IP (LAN) / TCP/IP ]w
    4. b 'Network' [WA TCP/IP }ó]wA netmask
       (255.255.255.0)
    5. b 'Routing' U 'Add'. N Type ]w 'default' æb
       'Router Address' 줤JA Linux D IP }
       (192.168.1.1).
    6. N 'Hosts' ]wPA Linux DϥάۦP DNS (W٦A)}
       D
    7.  TCP/IP xDbUӪD^ yes.
    8. sҰʧAt
    9. AiH ping A Linux DHպtmDb 'OS/2 RO' W
       J 'ping 192.168.1.1'. pG ping ʥ]@NSDD
       
  tm䥦t
  
   ۦP޿iAΩtm䥦xCd\Wzp`C pGA
   g䥦@~tΪtmA аeԲӪإ߫ި
   [42]ambrose@writeme.com  [43]dranch@trinnet.net.
   
3.4 tm IP e(Forwarding)覡

   ثeAAӤwgw˦n֤ߥHΨ䥦ݭnMA]JFAҲաD
   PɡA䥦 IP }AhDAHΡ@DNS ]ӥ]wD
   
   {bAߤ@ѤUnƬOϥ IP ueAʥ]A
   :
   
     ** oiHγ\hP覡ӹFDUCĳPҤlڨӻΡAA
     i঳PDNAԸ`аѦ 4.4 ` ipchains(2.2.x) /
     ipfwadm(2.0.x) uWUD **
     
     ** `ȴѧAإ IP ˥\һݪֳ̤WhA@ǦwҶqå]
     tihC jPĳA@ǮɶhsAWhӥ[jwʡC
     **
     
  Linux 2.2.x ֤
  
   Ipfwadm wgLkb 2.2.x ֤ߤBz IP ʥ]˳WhAЧ
   ipchains.
   
ipchains -P forward DENY
ipchains -A forward -s yyy.yyy.yyy.yyy/x -j MASQ

   䤤 x AlөwAUCƦr@A yyy.yyy.yyy.yyy hOA
   }C
   
netmask         | x  | Subnet
~~~~~~~~~~~~~~~~|~~~~|~~~~~~~~~~~~~~~
255.0.0.0       | 8  | Class A
255.255.0.0     | 16 | Class B
255.255.255.0   | 24 | Class C
255.255.255.255 | 32 | Point-to-point

   A]iHϥγoخ榡 yyy.yyy.yyy.yyy/xxx.xxx.xxx.xxx, 䤤
   xxx.xxx.xxx.xxx wAlBnAp 255.255.255.0.
   
   ҦpApGڬOb@ class C lWAڱoJ:
   
ipchains -P forward DENY
ipchains -A forward -s 192.168.1.0/24 -j MASQ

   
   
ipchains -P forward DENY
ipchains -A forward -s 192.168.1.0/255.255.255.0 -j MASQ

   A]iHOCx]wC ҦpApGڷQ 192.168.1.2 
   192.168.1.8 sںA\䥦ϥΪܡAڱoJ:
   
ipchains -P forward DENY
ipchains -A forward -s 192.168.1.2/32 -j MASQ
ipchains -A forward -s 192.168.1.8/32 -j MASQ

   nAw]覡(policy)w(masquerading)  _hiHޱL̪
   e|(routing) HNL(tunnel)AhDAH˥L̪
   !
   
   P˦aAAiHoǥ[J /etc/rc.local ɮסA@ӧAw rc 
   סAάObCAݭn IP Masquerade ɤʰ椧C
   
    ipchains ԲӨϥΤkAаѦ [44]Linux IPCHAINS HOWTO
   
  Linux 2.0.x ֤
  
ipfwadm -F -p deny
ipfwadm -F -a m -S yyy.yyy.yyy.yyy/x -D 0.0.0.0/0

   
   
ipfwadm -F -p deny
ipfwadm -F -a masquerade -S yyy.yyy.yyy.yyy/x -D 0.0.0.0/0

   䤤 x AlөwAUCƦr@A yyy.yyy.yyy.yyy hOA
   }C
   
netmask         | x  | Subnet
~~~~~~~~~~~~~~~~|~~~~|~~~~~~~~~~~~~~~
255.0.0.0       | 8  | Class A
255.255.0.0     | 16 | Class B
255.255.255.0   | 24 | Class C
255.255.255.255 | 32 | Point-to-point

   A]iHϥγoخ榡 yyy.yyy.yyy.yyy/xxx.xxx.xxx.xxx, 䤤
   xxx.xxx.xxx.xxx wAlBnAp 255.255.255.0.
   
   ҦpApGڬOb@ class C lWAڱoJ:
   
ipfwadm -F -p deny
ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0

   ] bootp ШDʥ]SXk IP's AȤݨäD}Ab
   /W bootp AHb deny eUCO:
   
ipfwadm -I -a accept -S 0/0 68 -D 0/0 67 -W bootp_clients_net_if_name -P udp

   A]iHOCx]wC ҦpApGڷQ 192.168.1.2 
   192.168.1.8 sںA\䥦ϥΪܡAڱoJ:
   
ipfwadm -F -p deny
ipfwadm -F -a m -S 192.168.1.2/32 -D 0.0.0.0/0
ipfwadm -F -a m -S 192.168.1.8/32 -D 0.0.0.0/0

   `~Oo˪Ĥ@O this
ipfwadm -F -p masquerade

   nAw]覡(policy)w(masquerading)  _hiHޱL̪
   e|(routing) HNL(tunnel)AhDAH˥L̪
   !
   
   P˦aAAiHoǥ[J /etc/rc.local ɮסA@ӧAw rc 
   סAάObCAݭn IP Masquerade ɤʰ椧C
   
   о\Ū 4.4 ` Ipfwadm ԲӫޡC
   
3.5  IP Masquerade

   boǤu@A{bOոլݪɭԤFDTwA Linux Dں
   suOqD
   
   AiHb䥦Wյs@'ں!!!' WAݬO_ਣD
   ĳĤ@ծɨϥ IP }ӤnΥDW١A]A DNS ]wi
   TD
   
   For example, you can access the Linux Documentation Project site
   http://metalab .unc.edu/mdw/linux.html with an entry of
   [45]http://152.19.254.81/mdw/linux.html
   
   ҦpAAiHϥ [46]http://152.19.254.81/mdw/linux.html Ӧs Linux
   pe http://metalab.unc.edu/mdw/linux.html
   
   pGAݨ The Linux Documentation Project rˡA򮥳! iHB@
   F! ۧAiHϥΥDWٸոլݡAMO telnet, ftp, RealAudio, True
   SpeechAHΥ IP Masquerade 䴩FD
   
   ثeA٤bW]wWo͹LDAӨǪUɶoӵ
   \B@HPNoǳ]wD
   
4. 䥦 IP Masquerade Dγn䴩

4.1 IP Masquerade D

   YǨw{bLktX masquerading ϥΡA]̤O]𸹪@
   ƱANOb}ΰ𸹪Ƭy̽sX  ᭱oǨwݭnb
   masquerading {X̫إ߯SwNz{ϥ̯B@D
   
4.2 iJtΪA(incoming services)

   Masquerading Bz~ɪAȽШD (incoming services)D u
   kह\̡AoP masquerading LAӥBbOзǪ
   D
   
   pGAänDתwʨAiH²a(redirect)oǰD X
   PkiHo  ڨϥΤ@קL redir {(ڧƱo{
   ܧִNq sunsite Ψ mirrors o)D pGAƱ~ɶiJtΪ
   AȽШDYص{ת{(authorisation) AiHb redir 
   h(0.7 or above) ϥ TCP wrappers άO Xinetd Ӥ\Sw IP }qLA
   ΨϥΨ䥦uDTIS u㶰OMuθTnaD
   
   hԸ`ib [47]IP Masquerade Resource D
   
   N|[W@p`heAȪTC
   
4.3 w䴩ȤݳnHΨ䥦]w譱`Nƶ

     ** UCNAQ@FDig Linux IP masquerading B@
     {аѦ [48]o M [49]IP Masquerade Resource Hoi@BӸ`
     D **
     
   @뻡ӡAϥζǿ鱱w(TCP) άOϥΪ̩wqƨw (UDP)ε{
   ӳB@D pGAε{P IP Masquerade ۮeĳA
   ܩΰDAЫX Lee Nevo @ [50]iP Linux IP masquerading B@
   ε{ D
   
  iHϥΪȤݳn
  
   @Ȥݳn
   
   HTTP
          Ҧ䴩OAs
          
   POP & SMTP
          Ҧ䴩OAqlln
          
   Telnet
          Ҧ䴩OAñJ@~
          
   FTP
          Ҧ䴩OAtX ip_masq_ftp.o Ҳ(OҦxtXU
          ثȤݳnFҦpYǤϥ ws_ftp32 ĲΪOoϥ
          netscape iJ)
          
   Archie
          Ҧ䴩OAɮ׷jMn(ëDҦ archie Ȥݳn鳣
          )
          
   NNTP (USENET)
          Ҧ䴩OAsDn
          
   VRML
          Windows (iҦ䴩OiH)As
          
   traceroute
          DnO UNIX tCOAYܺإiLkB@
          
   ping
          ҦOAtX ICMP ׸
          
   anything based on IRC
          Ҧ䴩OAtX ip_masq_irc.o Ҳ
          
   Gopher client
          Ҧ䴩O
          
   WAIS client
          Ҧ䴩O
          
   hCȤݳn
   
   Real Audio Player
          Windows, ƬyTAtXJ ip_masq_raudio Ҳ
          
   True Speech Player 1.1b
          Windows, ƬyT
          
   Internet Wave Player
          Windows, ƬyT
          
   Worlds Chat 0.9a
          Windows, ȤЦAݥ(3D chat) {
          
   Alpha Worlds
          Windows, Windows, ȤЦAݥ(3D chat) {
          
   Powwow
          Windows, IIrnժOqTApGAIsOHAH̥iHPA
          ͡AOL̤IsAD
          
   CU-SeeMe
          Ҧ䴩OAtXJ cuseeme ҲաAԲӲӸ`а \ [51]IP
          Masquerade Resource
          
   VDOLive
          Windows, tX vdolive ׸
          
   `N: YϤOѧAIsOHAϥ ipautofw MYǫȤݳn鹳O
   IPhone H Powwow i٬OiHB@(Ѿ\ 4.6 `)
   
   䥦Ȥݳn
   
   NCSA Telnet 2.3.08
          DOS, ]t telnet, ftp, ping @ծMD
          
   PC-anywhere for windows 2.0
          MS-Windows, g TCP/IP ݻ PC Aub@ȤݦӫDD
          ΤU~B@
          
   Socket Watch
          ϥ ntp  ɶw
          
   Linux net-acct package
          Linux, b޲zM
          
  LkϥΪȤݳn
  
   Intel Internet Phone Beta 2
          iHsWnuV(~)ǰe
          
   Intel Streaming Media Viewer Beta 1
          LksWA
          
   Netscape CoolTalk
          Lks
          
   talk,ntalk
          oN|B@  ݭng@֤ߥNz{D
          
   WebPhone
          ثeLkB@(FXk}])D
          
   X
          SչLAڷQDHإߤ@M X Nz{_hLkB@Ao
          iO masquerading {X~@ӥ~{D@B@覡
          Oϥ ssh @쵲åBϥΨ䤺 X Nz\Ӱ!
          
  wչLiH@䥦O/@~t
  
     * Linux
     * Solaris
     * Windows 95
     * Windows NT (both workstation and server)
     * Windows For Workgroup 3.11 (with TCP/IP package)
     * Windows 3.1 (with Chameleon package)
     * Novel 4.01 Server
     * OS/2 (including Warp v3)
     * Macintosh OS (with MacTCP or Open Transport)
     * DOS (with NCSA Telnet package, DOS Trumpet works partially)
     * Amiga (with AmiTCP or AS225-stack)
     * VAX Stations 3520 and 3100 with UCX (TCP/IP stack for VMS)
     * Alpha/AXP with Linux/Redhat
     * SCO Openserver (v3.2.4.2 and 5)
     * IBM RS/6000 running AIX
       
   򥻤WAҦ䴩 TCP/IP ӥB\AwXD/Ѿ(gateway/router)@
   ~tγӯM IP Masquerade @_u@C
   
4.4 IP ޲z (ipfwadm)

   o@` ipfwadm `JϥΫޡD
   
   oO@ӵbTw PPP } PPP su᭱/˨tΨϥΪ]wDH
   (trusted) ɭ 192.168.255.1, PPP ɭwgקLHקKǿ :) D
   OCXC@ӶiJ(incoming)HΰeX(outgoing)ɭӧXܧ󻼰e
   |(stuffed routing) H/άO(masquerading)oǭ IP spoofing
   ޥDPɥST\F賣OT!
   
#!/bin/sh
#
# /etc/rc.d/rc.firewall,  wqtmAq rc.local D
#

PATH=/sbin:/bin:/usr/sbin:/usr/bin

# եΡAݤ@qɶMMҦWhD
# pGAƱ樾Q۰NUCX檺ѡD
# (sleep 600; \
# ipfwadm -I -f; \
# ipfwadm -I -p accept; \
# ipfwadm -O -f; \
# ipfwadm -O -p accept; \
# ipfwadm -F -f; \
# ipfwadm -F -p accept; \
# ) &

# iJ˹hD]wAsHγ]wڵ(policy)DƹW
# w]SYA]NƱڵHΰOҦWh
ipfwadm -I -f
ipfwadm -I -p deny
# ˹hDa(local) ɭAϰ̪A\s
# a
ipfwadm -I -a accept -V 192.168.255.1 -S 192.168.0.0/16 -D 0.0.0.0/0
# ˹hD(remote)ɭAn٬Oϰ̪AIP spoofing
# ڵ
ipfwadm -I -a deny -V your.static.PPP.address -S 192.168.0.0/16 -D 0.0.0.0/0 -o
# ˹hDݬɭAӷA\eTw (permanent) PPP
# }
ipfwadm -I -a accept -V your.static.PPP.address -S 0.0.0.0/0 -D your.static.PPP
.address/32
# ^(loopback)ɭO\
ipfwadm -I -a accept -V 127.0.0.1 -S 0.0.0.0/0 -D 0.0.0.0/0
# ҦWhA䥦iJ覡|QڵðODiS
# OΪﶵoiHN
ipfwadm -I -a deny -S 0.0.0.0/0 -D 0.0.0.0/0 -o

# eX˹hD]wAsHγ]wڵ(policy)DƹW
# w]SYA]NƱڵHΰOҦWh
ipfwadm -O -f
ipfwadm -O -p deny
# aɭA\ӷeXܰϰ
ipfwadm -O -a accept -V 192.168.255.1 -S 0.0.0.0/0 -D 192.168.0.0/16
# ݬɭeXܰϰAstuffed routing Aڵ
ipfwadm -O -a deny -V your.static.PPP.address -S 0.0.0.0/0 -D 192.168.0.0/16 -o
# ϰqݬɭeXAstuffed masqueradingAڵ
ipfwadm -O -a deny -V your.static.PPP.address -S 192.168.0.0/16 -D 0.0.0.0/0 -o
# ϰqݬɭeXAstuffed masqueradingAڵ
ipfwadm -O -a deny -V your.static.PPP.address -S 0.0.0.0/0 -D 192.168.0.0/16 -o
# 䥦ݬɭeXF賣O\
ipfwadm -O -a accept -V your.static.PPP.address -S your.static.PPP.address/32 -
D 0.0.0.0/0
# ^(loopback)ɭO\
ipfwadm -O -a accept -V 127.0.0.1 -S 0.0.0.0/0 -D 0.0.0.0/0
# ҦWhA䥦eX覡|QڵðODiS
# OΪﶵoiHN
ipfwadm -O -a deny -S 0.0.0.0/0 -D 0.0.0.0/0 -o

# ˹hDe]wAsHγ]wڵ(policy)DƹW
# w]SYA]NƱڵHΰOҦWh
ipfwadm -F -f
ipfwadm -F -p deny
# ˰ϰqaɭeXܥa誺
ipfwadm -F -a masquerade -W ppp0 -S 192.168.0.0/16 -D 0.0.0.0/0
# ҦWhA䥦e覡|QڵðODiS
# OΪﶵoiHN
ipfwadm -F -a deny -S 0.0.0.0/0 -D 0.0.0.0/0 -o

   AiHϥ -I, -O άO -F ӱYSw`IyqDOooǳWhO
   WUy -a N"[(append)"ثe{WhҥH󭭨
   b(global)WheX{DҦp(SչL) :-
   
   ϥ -I WhDiOt׳̧֪Ouϰ̪A
   MiHs"T"`IDMAiQ\o˪զXD
   
... start of -I rules ...
# ڵðOaɭAϰ̪q 204.50.10.13
ipfwadm -I -a reject -V 192.168.255.1 -S 192.168.0.0/16 -D 204.50.10.13/32 -o
# aɭAϰ̪A\qa
ipfwadm -I -a accept -V 192.168.255.1 -S 192.168.0.0/16 -D 0.0.0.0/0
... end of -I rules ...

   ϥ -O WhD̺CA]ʥ]gL˦oӳWhsT
   `ID
   
... start of -O rules ...
# ڵðOeX 204.50.10.13 
ipfwadm -O -a reject -V your.static.PPP.address -S your.static.PPP.address/32 -
D 204.50.10.13/32 -o
# \䥦ݬɭeXF
ipfwadm -O -a accept -V your.static.PPP.address -S your.static.PPP.address/32 -
D 0.0.0.0/0
... end of -O rules ...

   ϥ -F WhDi -I CӳoMu˪(Ҧp)A
   𤴵MiHoT`ID
   
... start of -F rules ...
# ڵðO PPP  ɭeXqϰ 204.50.10.13 ơD
ipfwadm -F -a reject -W ppp0 -S 192.168.0.0/16 -D 204.50.10.13/32 -o
# ˥aɭqϰeXܥa誺ơD
ipfwadm -F -a masquerade -W ppp0 -S 192.168.0.0/16 -D 0.0.0.0/0
... end of -F rules ...

   ݭnӯSwWhӤ\ 192.168.0.0/16 q 204.50.11.0, o[\
   WhD
   
   @إHWkiHɭ]wWzWhDҦpiHϥ -W eth0 ӨN -V
   192.168.255.1AiHϥ -W ppp0 ӨN -V your.static.PPP.addressDӤH
   ̭ܳnD
   
4.5 IP  (ipchains)

   oӥDnO 2.2.x ֤ߨϥΪWh޲zu([W@ӭ׸ɫ]ib
   2.0.x WB@).
   
   ڭ̷|֧s`A@Ǩϥ ipchains dҡC
   
   Ӹ`аѦ [52]Linux IP Firewalling Chains page H [53]Linux
   IPCHAINS HOWTO.
   
4.6 IP Masquerade HλݨD(Demand-Dial-Up)

    1. pGAQ]w۰ʼWںA diald demand M
       N|OܴΪuD
    2. n]w diald, Ьd [54]Setting Up Diald for Linux Page 
    3. @ diald H IP masq ]wAAiHbȤݾWҰ
       web, telnet άO ftp suD
    4. Diald N|iJtΪШDAMἷA ISP ëإ߳suD
    5. Ĥ@suN|o͹O(timeout) ΡDpGAϥ񦡪ƾھ
       oOLiקKD إ߼ƾھsH PPP suҪOɶN|ϧA
       Ȥݳn餣@D pGAϥ ISDN suoOiHקKDAouO
       Ȥݳn{檺{ǦAsҰʧYiD
       
4.7 IPautofw ʥ]e{

   [55]IPautofw O@ӵ Linux masquerading ϥΪ@ TCP  UDP e{
   D@ϥλݭn UDP M󪺮ɭԡAݭnJSw ip_masq Ҳ
   Fip_masq_raudio, ip_masq_cuseeme,... Ipautofw H@ƪ覡B@A
   N|e]toε{SwҲճ|eƬyADpGS
   Ta޲zoiywW|}D
   
4.8 CU-SeeMe P Linux IP-Masquerade ²u

    [56]Michael Owings ҴѡC
   
  ²
  
     ` CU-SeeMe (]A Cornell  White Pine ) P Linux 
     IP ˥\@_B@kC
     
   CU-SeeMe O@ӮWT|ĳnA Windows  Macintosh ثȤݡC
   @ӧKOiq [57]Cornell University oCӷ~[jiq
   [58]White Pine Software oC
   
   IP ˤ\@ΧhbϰWu@""b@sں
   Linux DC ϰu@iHXGzqaκںAYϥS
   Xk IP a}C Linux Dgqں~eʥ]Aϥ
   ݰ_ӴNOqo Linux oX@ˡC eiӪ^ʥ]]Qg
   eܤTu@WC owƨϱo\hںε{iHzq
   aqu@WC MӡAYε{ӻ( CU-SeeMe),
   Linux ˵{ݭn@ǤpޥU~ϱoʥ]eoHTB@C o
   Uޥq`Ӧ۩YǯS֤ߥiJҲաC  IP-Masquerading 
   hTAаѦ [59]The Linux IP Masquerading Website.
   
  B@
  
   AݭnAatm֤ߡCAӥ[J IP-Masquerading  IP
   AutoForwarding 䴩CIP Autoforwarding X{b 2.0.30 Ψ᪺֤
   ﶵ -- 󦭪֤ߧAݭn׸ɡC Ѩ [60]Linux IP Masquerade Resource
    IP-Autoforwarding TޡC
   
   UӡAAno̷s ip_masq_cuseeme.c. oigѰΦW FTP q
   [61]ftp://ftp.swampgas.com/pub/cuseeme/ip_masq_cuseeme.c. oC oӷs
   Ҳդ]wg[J 2.0.31 ֤ߤCAiHηsӨN֤ߤ
   C ip_masq_cuseeme.c q` Linux ֤߭lX net/ipv4 ؿC A
   sĶæw˦ҲաC
   
   UӡAAإ UDP  7648-7649 ۰epU:
   
ipautofw -A -r udp 7648 7649 -c udp 7648 -u

   
   
ipautofw -A -r udp 7648 7649 -h www.xxx.yyy.zzz

   Ĥ@ӧΦ\IsQΰ 7648 (Dn cu-seeme )iXu@C ĤG
   Өϥ ipautofw 覡Ȥp cu-seeme iX www.xxx.yyy.zzz. ڸwe
   oاΦA]󦳼uʦӥBSnw@ӯSOu@ IP. MӡAo
   Ӥ覡|nD@u@বIseeXIsC
   
   `Noؤ覡NȤݾ UDP  7648-7649 }񵹥~ -- Mo
   ܩYwMIAA٬OSOpߡC
   
   ̫AHUkJs ip_masq_cuseeme Ҳ:
   
modprobe ip_masq_cuseeme

   {bAiHqAϰW@Q˪W CU-SeeMe ós컷ݪ
   ^(reflector)WAΥt@ CU-SeeMe ϥΪ̡C AӤ]iHIs
   C`N~ɪIs̥ϥΧA Linux XD IP, ӤOQˤu@
   IP.
   
  /ĵi
  
  KXO@^
  
   ثeSkϥΡC White Pine ϥΨӷ IP (ѫȤݵ{p)bǰe
   eNKXsXO@C ]ڭ̧gF}A^ϥο~ӷ IP ӸѽXA
   ]o줣TKXC D White Pine ܥḺKXsX(ڤwg
   ĳLF)AάOL@N}ḺKXsXHKگ[
   ip_masq_cuseeme. ѩ᭱@ӿkiʫܤpA]ګD`yݨo
   󪺤HP White Pine pëĳḺĥΫe@ا@kC ]yq۷
   Ahçڭ̯_ͨqllHϦDiJ White Pine u
   BzW椤C
   
   P Thomas Griwenka ڳoơC
   
  ^
  
   AզbA] ip_masq_cuseeme  ipautoforwarding  7648 ۦP
   Wq^(reflector). oSΡA]̳ݭntm 7648. Ϊ
   Υt@iFںDӰAάOb^eU CU-SeeMe 
   Ȥݤ䴩C
   
  h CU-SeeMe ϥΪ
  
   A@h CU-SeeMe ϥΪ̦Pɦb@ӰϰWC
   
   You cannnot have multiple simultaneous CU-SeeMe users on the LAN at
   this time. This is due largely to CU-SeeMe's stubborn insistence on
   always sending to port 7648, which can only be redirected (easily) to
   one LAN workstation at a time.
   
   Using the -c (control port) invocation of ipautofw above, you can
   avoid to having to specify a fixed workstation address allowed to use
   CU-SeeMe -- the first workstation to send anything out on control port
   7648 will be designated to receive traffic on 7648-7649. 5 minutes or
   so after this workstation has been inactive on port 7648, another
   workstation can come along and use CU-SeeMe.
   
  U]w CU-SeeMe
  
   YשΰDмgH [62]mikey@swampgas.com. Ϊ̦pGA@NܡA
   AiH [63]zL CU-SeeMe өIsڡC
   
4.9 Other Related Tools

   ڭ̷|֧s`[Wh䥦ˬup ipportfw H
   masqadmin.
   
5. 䥦

5.1 DU

     ** Фnհeqll󵹧ڰ IP Masquerade DD]ӤHu@t
     AڵLkOҦ^ЩҦD website DD бNADe
     [64]IP Masquerade mailing list (ڷQoǪΪDUӷ)DoIܩp
     AڤQAXӬP~^HD **
     
     * [65]IP Masquerade Resource page ӦT]w IP Masquerade
       D
     * [J IP masquerade lC(ĳ)
       nq\ܡAHʼD "subscribe" (]t޸)l
       [66]masq-request@indyramp.com
       nq\ܡAHʼD "unsubscribe" (]t޸)l
       [67]masq-request@indyramp.com
       noϥγoӶlCUܡAHʼD "archive help" 
       "archive dir" (]t޸)l [68]masq-request@indyramp.com
     * [69]IP masquerade lCɮ ]tҦLheoӶlCTC
     *  [70]Linux IP Masquerade mini HOWTO for kernel 2.x (pGA
        1.3.x or 2.x ֤)
     * [71]IP Masquerade HOWTO for kernel 1.2.x pGAϥΤª֤
     * [72]IP masquerade FAQ Ǥ@ʪT
     * [73]X/OS Ipfwadm page ]t ipfwadm M󪺭l{XAɡA
       AHΨ䥦T
     *  Lee Nevo Һ@ [74]iP Linux IP masquerading B@
       { ѴܻPޥϱoε{P IP Masquerade B@D
     * [75]LDP Network Administrator's Guide oOsճ]wn
       T
     * [76]Linux NET-2 HOWTO ]\h Linux 譱ΪT
     * [77]Linux ISP Hookup HOWTO H [78]Linux PPP HOWTO Ap
       Linux DsWںT
     * [79]Linux Ethernet-Howto ]wAӺϰܴΪT
       
     * A]i [80]Linux Firewalling and Proxy Server HOWTO 
     * [81]Linux Kernel HOWTO N|ާAsĶ֤ߪL{
     * 䥦 [82]Linux HOWTOs O Kernel HOWTO
     * iKo USENET sDs: [83]comp.os.linux.networking
       
5.2 P

     * Gabriel Beitler, gbeitler@aciscorp.com
       on providing section 3.3.8 (setting up Novel)
     * Ed Doolittle, dolittle@math.toronto.edu
       on suggestion to -V option in ipfwadm command for improved
       security
     * Matthew Driver, mdriver@cfmeu.asn.au
       on helping extensively on this HOWTO, and providing section 3.3.1
       (setting up Windows 95)
     * Ken Eves, ken@eves.com
       on the FAQ that provides invaluable information for this HOWTO
     * Ed. Lott, edlott@neosoft.com
       for a long list of tested system and software
     * Nigel Metheringham, Nigel.Metheringham@theplanet.net
       on contributing his version of IP Packet Filtering and IP
       Masquerading HOWTO, which make this HOWTO a better and technical
       in-depth document
       section 4.1, 4.2, and others
     * Keith Owens, kaos@ocs.com.au
       on providing an excellent guide on ipfwadm section 4.2
       on correction to ipfwadm -deny option which avoids a security
       hole, and clarified the status of ping over IP Masquerade
     * Rob Pelkey, rpelkey@abacus.bates.edu
       on providing section 3.3.6 and 3.3.7 (setting up MacTCP and Open
       Transport)
     * Harish Pillay, h.pillay@ieee.org
       on providing section 4.5 (dial-on-demand using diald)
     * Mark Purcell, purcell@rmcs.cranfield.ac.uk
       on providing section 4.6 (IPautofw)
     * Ueli Rutishauser, rutish@ibm.net
       on providing section 3.3.9 (setting up OS/2 Warp)
     * John B. (Brent) Williams, forerunner@mercury.net
       on providing section 3.3.7 (setting up Open Transport)
     * Enrique Pessoa Xavier, enrique@labma.ufrj.br
       on the bootp setup suggestion
     * developers of IP Masquerade for this great feature
       
          + Delian Delchev, delian@wfpa.acad.bg
          + Nigel Metheringham, Nigel.Metheringham@theplanet.net
          + Keith Owens, kaos@ocs.com.au
          + Jeanette Pauline Middelink, middelin@polyware.iaf.nl
          + David A. Ranch, trinity@value.net
          + Miquel van Smoorenburg, miquels@q.cistron.nl
          + Jos Vos, jos@xos.nl
          + ٦䥦ڧѤF(ڪD)
            
     * Ҧe^XΫĳlCWϥΪ̡ASOOǳiW~H
       Τw䴩P䴩ȤݪD
     * pGڨS]AYǨϥΪ̰eڪTڷPpDphĳPQ
       keڳo̡AڥuOSɶhTwΪ̧ڤpߥFD ڥ
       ڳ̤jVOXҦeڪTo̡DP§AҡAӧڤ]
       ƱA̸ѧڪpD
       
5.3 ѦҸ

     * Ken Eves  IP masquerade `ݵ
     * Indyramp Consulting  IP masquerade lC
     * X/OS  Ipfwadm 
     * U Linux HOWTOs

References

   1. mailto:ambrose@writeme.com
   2. mailto:dranch@trinnet.net
   3. http://www.phys.ntu.edu.tw/~cwhuang/pub/
   4. mailto:cwhuang@linux.org.tw
   5. mailto:ambrose@writeme.com
   6. mailto:dranch@trinnet.net
   7. http://ipmasq.cjb.net/
   8. http://ipmasq.cjb.net/
   9. http://ipmasq.cjb.net/
  10. http://ipmasq2.cjb.net/
  11. http://ipmasq.cjb.net/index.html#mirror
  12. http://ipmasq.cjb.net/
  13. http://www.kernel.org/
  14. http://metalab.unc.edu/mdw/HOWTO/NET-3-HOWTO.html
  15. http://metalab.unc.edu/mdw/LDP/nag/nag.html
  16. http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS.wri
  17. http://metalab.unc.edu/mdw/HOWTO/ISP-Hookup-HOWTO.html
  18. http://metalab.unc.edu/mdw/HOWTO/PPP-HOWTO.html
  19. http://metalab.unc.edu/mdw/HOWTO/mini/DHCP.html
  20. http://metalab.unc.edu/mdw/HOWTO/mini/Cable-Modem.html
  21. http://www.rustcorp.com/linux/ipchains/
  22. http://www.rustcorp.com/linux/ipchains/
  23. http://ipmasq.cjb.net/
  24. http://ipmasq.cjb.net/
  25. http://www.kernel.org/
  26. http://www.pi.se/blox/modules/modules-2.0.0.tar.gz
  27. http://metalab.unc.edu/mdw/HOWTO/NET-3-HOWTO.html
  28. http://metalab.unc.edu/mdw/LDP/nag/nag.html
  29. http://www.ecst.csuchico.edu/~dranch/LINUX/TrinityOS.wri
  30. http://metalab.unc.edu/mdw/HOWTO/ISP-Hookup-HOWTO.html
  31. http://metalab.unc.edu/mdw/HOWTO/PPP-HOWTO.html
  32. http://metalab.unc.edu/mdw/HOWTO/mini/DHCP.html
  33. http://metalab.unc.edu/mdw/HOWTO/mini/Cable-Modem.html
  34. ftp://ftp.xos.nl/pub/linux/ipfwadm/ipfwadm-2.3.0.tar.gz
  35. http://www.xos.nl/linux/ipfwadm/
  36. http://ipmasq.cjb.net/
  37. file://localhost/tmp/Kernel-HOWTO.html
  38. http://ipmasq.cjb.net/
  39. file://localhost/tmp/Kernel-HOWTO.html
  40. http://ipmasq.cjb.net/
  41. file://localhost/tmp/bg5sgmltools.9207/ftp.novell.com/pub/updates/unixconn/lwp5
  42. mailto:ambrose@writeme.com
  43. mailto:dranch@trinnet.net
  44. http://metalab.unc.edu/mdw/HOWTO/IPCHAINS-HOWTO.html
  45. http://152.19.254.81/mdw/linux.html
  46. http://152.19.254.81/mdw/linux.html
  47. http://ipmasq.cjb.net/
  48. http://dijon.nais.com/~nevo/masq/
  49. http://ipmasq.cjb.net/
  50. http://dijon.nais.com/~nevo/masq/
  51. http://ipmasq.cjb.net/
  52. http://www.rustcorp.com/linux/ipchains/
  53. http://metalab.unc.edu/mdw/HOWTO/IPCHAINS-HOWTO.html
  54. http://home.pacific.net.sg/~harish/diald.config.html
  55. ftp://ftp.netis.com/pub/members/rlynch/ipautofw.tar.gz
  56. mailto:mikey@swampgas.com
  57. http://cu-seeme.cornell.edu/
  58. http://www.wpine.com/
  59. http://www.indyramp.com/masq/
  60. http://ipmasq.cjb.net/
  61. ftp://ftp.swampgas.com/pub/cuseeme/ip_masq_cuseeme.c
  62. mailto:mikey@swampgas.com
  63. http://www.swampgas.com/vc/vc.htm
  64. http://ipmasq.home.ml.org/index.html
  65. http://ipmasq.home.ml.org/
  66. mailto:masq-request@indyramp.com
  67. mailto:masq-request@indyramp.com
  68. mailto:masq-request@indyramp.com
  69. http://www.indyramp.com/masq/list/
  70. http://ipmasq.home.ml.org/ipmasq-HOWTO.html
  71. http://ipmasq.home.ml.org/ipmasq-HOWTO-1.2.x.txt
  72. http://www.indyramp.com/masq/ip_masquerade.txt
  73. http://www.xos.nl/linux/ipfwadm/
  74. http://masqapps.home.ml.org/
  75. http://linuxwww.db.erau.edu/NAG/
  76. http://www.caldera.com/LDP/HOWTO/NET-2-HOWTO.html
  77. http://www.caldera.com/LDP/HOWTO/ISP-Hookup-HOWTO.html
  78. http://www.caldera.com/LDP/HOWTO/PPP-HOWTO.html
  79. http://www.caldera.com/LDP/HOWTO/Ethernet-HOWTO.html
  80. http://www.caldera.com/LDP/HOWTO/Firewall-HOWTO.html
  81. file://localhost/tmp/Kernel-HOWTO.html
  82. http://www.caldera.com/LDP/HOWTO/HOWTO-INDEX-3.html
  83. news:comp.os.linux.networking
