Linux IP Masquerade mini HOWTO: Background Knowledge

prev-4224498 next-4778393 toc-6195528

IP Masquerade is a developing networking function in Linux. If a Linux host is connected to the Internet with IP Masquerade enabled, then computers connecting to it (either on the same LAN or connected with modems) can reach the Internet as well, even though they have no official assigned IP addresses.

This allows a set of machines to invisibly access the Internet hidden behind a gateway system, which appears to be the only system using the Internet. Breaking the security of a well set-up masquerading system should be considerably more difficult than breaking a good packet filter based firewall (assuming there are no bugs in either).

2.2 Current Status

IP Masquerade is still at its experimental stages. However, kernels since 1.3.x had built-in support already. Many individuals and even companies are using it, with satisfactory results.

Browsing web pages and telnet are reported to work well over ip_masq. FTP, IRC and listening to Real Audio are working with certain modules loaded. Other network streaming audio such as True Speech and Internet Wave work too. Some fellow users on the mailing list even tried video conferencing software. Ping is now working, with the newly available ICMP patch

Please refer to section 4.3 for a more complete listing of software supported.

IP Masquerade works well with ‘client machines’ on several different OS and platforms. There are successful cases with systems using Unix, Windows 95, Windows NT, Windows for Workgroup(with TCP/IP package), OS/2, Macintosh System’s OS with Mac TCP, Mac Open Transport, DOS with NCSA Telnet package, VAX, Alpha with Linux, and even Amiga with AmiTCP or AS225-stack.

READ  Linux Site O' The Month: SourceXchange LG #56

2.3 Who Can Benefit From IP Masquerade?

  • If you have a Linux host connected to the Internet, and
  • if you have some computers running TCP/IP connected to that Linux box on a local subnet, and/or
  • if your Linux host has more than one modem and acts as a PPP or SLIP server connecting to others, which
  • those OTHER machines do not have official assigned IP addresses. (these machines are represented by OTHER machines hereby)
  • And of course, if you want those OTHER machines to make it onto the Internet without spending extra bucks 🙂

2.4 Who Doesn’t Need IP Masquerade?

  • If your machine is a stand-alone Linux host connected to the Internet, then it is pointless to have ip_masq running, or
  • if you already have assigned addresses for your OTHER machines, then you don’t need IP Masquerade,
  • and of course, if you don’t like the idea of a ‘free ride’.

2.5 How IP Masquerade Works?

From IP Masquerade FAQ by Ken Eves:

  Here is a drawing of the most simple setup:

     SLIP/PPP         +------------+                         +-------------+
     to provider      |  Linux     |       SLIP/PPP          | Anybox      |