At 06:39 PM 4/30/1998 -0400, Jake Colman wrote:
>>>>>> "Dan" == Dan Cyr <[EMAIL PROTECTED]> writes:
>
>
> Dan> Add this to /etc/rc.d/rc.local
>
> Dan> ipfwadm -F -a deny
ipfwadm is the tool, -F means it's a forwarding rule, -a means add a rule,
deny means deny everything from/tp everywhere..
>ipfwadm -F -a m -S 192.168.0.0/24 -D 0.0.0.0/0
again the tool, -F same as above, -a same as above, m mens masquerade, -S I
don't know but it's in the IP Masq mini howto =), 192.168.0.0/24 means
masquerade your subnet, -D means data, 0.0.0.0/0 means forward it to the
assigned subnet from anywhere (or something like that).
>
> Dan> insmod ip_masq_ftp ports=21,20,69 insmod ip_masq_irc
> Dan> ports=6666,6667,6669,6668,7000
These are modules that you must load into the kernel along with the ports
you can use through the IP Masq'd interface (ppp?) One is so you can use
IRC (internet relay chat) and the other is so you can use FTP (file
transfer protocol).
>
>What do these settings do specifically?
>
> >> I turned on IPV4 forwarding since I read that as a requirement on
this
> >> list.
>
> Dan> Once you have recompiled and installed this kernel ipv4 forwarding
> Dan> will be on. You won't need to turn it on anymore.
>
>I assume that the recent 2.0 series of kernels (the one supplied with RH 5)
>support IP Masquerade? I don't need to move to a 2.1 series kernel? What
does
Nope. They only have the bare necessities in there to run your system. The
normal thing to do is to recompile a new kernel after your finished a fresh
install, to include drivers for your own hardware, add in patchs to fix
exploits, etc...
Go download from ftp.kernel.org linux-2.0.33.tar.gz and copy it to /usr/src
Also get http://www.linuxhelp.org/syndrop_2.0.33_acox.patch
cd /usr/src
rm linux
tar zvxf linux-2.0.33.tar.gz
mv linux linux-2.0.33
ln -s linux-2.0.33 linux
cp syndrop_2.0.33_acox.patch linux/net/ipv4
cd linux/net/ipv4
patch -p0 < syndrop_2.0.33_acox.patch
cd ../../..
make menuconfig
change some shit
make dep ; make clean
make zImage
cp arch/i386/boot/zImage /boot/vmlinuz33
Then go and edit your /etc/lilo.conf
Make sure you leave the old bootable kernel in there in case the new one
craps out.
eg. /etc/lilo.conf before the change
boot=/dev/hda
map=/boot/map
install=/boot/boot.b
prompt
timeout=50
other=/dev/hda1
label=dos
table=/dev/hda
image=/boot/vmlinuz
label=linux
root=/dev/hdb1
initrd=/boot/initrd
read-only
Now after your change.
boot=/dev/hda
map=/boot/map
install=/boot/boot.b
prompt
timeout=50
other=/dev/hda1
label=dos
table=/dev/hda
image=/boot/vmlinuz
label=linux
root=/dev/hdb1
initrd=/boot/initrd
read-only
image=/boot/vmlinuz33
label=linux33
root=/dev/hdb1
initrd=/boot/initrd
read-only
After that is done, save the file and run /sbin/lilo and when you reboot,
at the LILO prompt type in linux33
This will fix you up nicely.
Please don't ask me to explain what this all means. Go read the
kernel-howto and the lilo-howto and the ip-masq-mini-howto. It's all right
on those documents.
Good Luck.
Dan
>IPV4 forwarding do when used independently of the other changes you are
having
>me do?
>
>
>--
>Jake Colman
>
>Principia Partners LLC Phone: (201) 946-0300
>Harborside Financial Center Fax: (201) 946-0320
>902 Plaza II Beeper: (800) 505-2795
>Jersey City, NJ 07311 E-mail: [EMAIL PROTECTED]
> E-mail: [EMAIL PROTECTED]
> web: http://www.ppllc.com
>
>
>--
> PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
>http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
> To unsubscribe: mail [EMAIL PROTECTED] with
> "unsubscribe" as the Subject.
>
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com/RedHat-FAQ /RedHat-Errata /RedHat-Tips /mailing-lists
To unsubscribe: mail [EMAIL PROTECTED] with
"unsubscribe" as the Subject.
