Manualshelf

Specifications

ManualsBrandsCabletron Systems ManualsNetwork CardE2100
191192193194195196197198199200
Masquerading and Firewalls
Owing to its outstanding network capabilities, Linux is becoming more
widespread as a router operating system for dial-up or dedicated lines.
“Router,” in this case, refers to a host which has more than one network in-
terface and transmits any packets not destined for one of its own network
interfaces to another host communicating with it. This router is often called
a gateway. The packet filtering mechanism provided by the Linux kernel
allows precise control over which packets of the overall traffic are allowed
through.
In general, defining the exact rules for a packet filter requires at least some
experience on the part of the administrator. SuSEfirewall is highly config-
urable, making it a good choice for a more complex packet filtering setup. A
Linux machine can be used as a router with masquerading to link a local net-
work through a dial-up or dedicated connection where only one IP address is
visible to the outside world. Masquerading is accomplished by implementing
rules for packet filtering.
Caution
This chapter only describes standard procedures which should work
well in most situations. However, there is no guarantee that this book
or other materials provided by us are free from errors which might
have escaped our attention.
Caution
Masquerading Basics
Masquerading is the Linux specific form of NAT (Network Address Trans-
lation). The basic principle is not very complicated: Your router has more
than one network interface, typically a network card and a modem (or an
ISDN interface). While one of these interfaces will link you with the out-
side world, the remaining ones are used to connect this router with the other
hosts in your network. For example, the dial-up is conducted via ISDN and
the network interface is ippp0. Several hosts in your local network are con-
nected to the network card of your Linux router, in this example, eth0. The
network address of the internal network is 192.168.0.0, the router’s ad-
dress is 192.168.0.1, and the hosts connected to it have addresses like
192.168.0.2 and 192.168.0.3. These hosts will send any packets not
destined for the local network to the address 192.168.0.1, the network in-
terface of your default router or gateway.
184 Masquerading and Firewalls