I just wanted to let everyone know who have had as much trouble setting up and IP-Masq in linux that there is a fairly easy way to get an IP_masq up and running.
GOTO http://www.linux-kheops.com/pub/easyfw/easyfwGB.html
and download the easy firewall setup program.

You do have to do a little manual setup such as I had to edit a line in my /ect/sysconfig/network file to read FORWARD_IP4=yes and enter a line from the console echo 1 > /proc/sys/net/ipv4/ip_forward to initiate forwarding. Then I started up easyfw again and just used the default IP_Masq setup. I set my outside to ppp0 and my inside to eth0 and appied it and I was up and running. http://www.linuxnewbie.org/ubb/smile.gif Most of it was point and click.

This isnt very secure but now that it is running and I know it works I can study on how to make it more secure.

I hope this might help someone out there as I wish I had found it a week ago.

Update on security. If the sheilds up site is any indication, easyfw's default setup isn't to bad. I showed only one open port(netbios) and I am working now to figure out how to close it without killing my smb.

hey if you find out how to kill SMB on the outside and not on the inside of teh firewall tell me becuase i just can't seem to get it right with all the rules

thanx in advance

I'm also interested in killing the Netbios calls to the outside. Perhaps the smb.conf > "BIND TO INTERFACES ONLY" switch does it?

Also, what does the line "console echo 1 > /proc/sys/net/ipv4/ip_forward" do, anyway? I read it in several places and blindly typed it in. It gave me an error on startup (something about file doesn't exist or something), so I commented it out. IP forwarding still works, so???

------------------
--Stackrat

"If you choose not to decide, you still have made a choice"
-- Neil Peart

I used the line per intructions from easyfw at a command prompt in the console
cat /proc/sys/net/ipv4/ip_forward to see if my forwarding was on. It returned a 0 meaning that it was not on. I then used the line at the prompt echo 1 > /proc/sys/net/ipv4/ip_forward to enable forwarding. When I retried the cat command it returned a 1 meaning forwarding was enabled. I did this instead of rebooting to enable forwarding.

I don't Know about binding the SMB broadcast to a device I will have to study up on that. I do know that is the port I have open though. I downloaded, installed and ran nmap-2.12 to test my ports and went to sheilds up website for testing also. Both found this port open but the others closed or stealth.

I am setting up a P133 machine right now with Mandrake6.1 and I am going to move the routing off onto it. After I get it setup I can just boot it to the console and let the router run. Kde is very slow on those old machines so I may do alot of cussing setting it up as I did'nt install anyother WM and I hate typing in the shell. I am very slow trying to look at my RH Unleashed book and type at the same time. http://www.linuxnewbie.org/ubb/confused.gif

Well I got the mandrake onto the P133 and all settup and routing then decided to try the freesco single floppy firewall I downloaded. It was a pain to get onto the floppy. I had to use a Win98 machine as I was'nt smart enough to use linux to get it onto the floppy. When I first booted it I typed setup at the boot prompt and it was fairly easy to setup. I like freesco so well I think thats what I am going to stay with. I am going to try swithching to a 486 this week for my router.

I did'nt care to much for having my Linux box route. If I had it doing several things everything got very slow as I only have PII350 W/64Mb Ram. Freesco is very fast as it loads into the ram of the router/firewall computer and works from there. 486's are cheap to make firewall routers with also, as you can get one for under $50 W/monitor keyboard and mouse and you dont need a HD whining all the time.(I took the HD out of the P133 so I don't have to listen to it)

The Freesco firewall/router seems very secure. I went to the sheilds up site and had it "test my sheilds" and "probe my ports" and it got nothing. No connections no netbios names or open ports. I dont understand too much about security so I am hoping that my Mandrake box and the two Win98 boxes are hidden well enough behind it that no-one finds them.

where do you get freesco???

http://www.freesco.org

well I have the Freesco router running on the 486 now. I am using a 486 DX/2 50MHz W/8Mb Ram. I can't really tell much about it's performance yet. At first I thought it was slower but that may just be at LNO. I seem to load other sites at the same speed as before and LNO is faster this morn than it was last night.

I hope the program you suggested works. I installed IP masquerading and got everything to work manually. But after rebooting, things screwed up. I couldn't ping my clients, clients couldn't ping the server. (Clients = Windows 98) And my server can't go on GAIM (AOL instant messanger).
When i install easyfw, do i need to remove anything prior to the installation?

BTW... if anybody knows why i can't connect to GAIM, please tell me...

I also get problems when i shutdown... i get a FAIL when SMB Server shuts down.

Please help...
Thanks in advance

I know very little about samba other than I can't get into the Linux box from windows machines. I can get into the windows machines from linux though. Easyfw uses iphains not samba though so you must have ipchains installed before running easyfw. Also you must enable forwarding in your /ect/sysconfig/network file and start forwarding if it is not already enabled or started. If you cannot ping the other computers you will never get them to work. Make sure that your network card in linux is up and running first. Mine is eth0 and I can watch it come up ok as I boot. When you get your network responding to a ping run netcfg and set up your device for connecting to the internet(mine is dialup so I used ppp0). Run easyfw, if it says you don't meet the requirements then you still don't have something configured right(mine was forwarding not enabled). Then go and point your windows machines at your gateway computer's address. In windows- control panel, Network, tcp/ip (for the win machines network device) and type in the gateway settings box your gateway's ip on your network, then save it and reboot the win machine. Windows should then use the gateway computer as a direct connection to the internet. If you want to be able to initiate an internet connection from your clients you have to install a program like diald on your gateway but since I stay connected 24/7 I don't know anything about setting that up.

test