7.7. IP Masquerade

Many people have a simple dialup account to connect to the Internet. Nearly everybody using this sort of configuration is allocated a single IP address by the Internet Service Provider. This is normally enough to allow only one host full access to the network. IP Masquerade is a clever trick that enables you to have many machines make use of that one IP address. It causes the other hosts to look like the machine supporting the dial-up connection. This is where the term masquerade applies. There is a small caveat: the masquerade function usually works only in one direction. That is, the masqueraded hosts can make calls out, but they cannot accept or receive network connections from remote hosts. This means that some network services do not work (such as talk), and others (such as ftp) must be configured in passive (PASV) mode to operate. Fortunately, the most common network services such as telnet, World Wide Web and irc work just fine.

Kernel Compile Options:

Code maturity level options ---> [*] Prompt for development and/or incomplete code/drivers Networking options ---> [*] Network firewalls .... [*] TCP/IP networking [*] IP: forwarding/gatewaying .... [*] IP: masquerading (EXPERIMENTAL)

Normally, you have your linux machine supporting a SLIP or PPP dial-up line (just as it would if it were a standalone machine). Additionally, it would have another network device configured (perhaps an ethernet) with one of the reserved network addresses. The hosts to be masqueraded would be on this second network. Each of these hosts would have the IP address of the ethernet port of the linux machine set as their default gateway or router.

A typical configuration might look something like this:

- - \ | 192.168.1.0 \ | /255.255.255.0 \ --------- | | | Linux | .1.1 | NET =================| masq |------| | PPP/slip | router| | -------- / --------- |--| host | / | | | / | -------- - -