To activate the masquerading, we use under kernel 2.4.x the iptables from netfilter, who have already been implented in the kernel. The following masquerading-values are not for high security systems. They are only for testing the functionality at this moment.

test, if iptables are installed :

rpm -qa iptables

iptables-1.2.3-1

if not, you have to install them :

Now we prepare to load the modules. Possibly you have to remove old ipchains (redhat 7.x):

or deactivate them with :

And activate the iptables (redhat):

Now we create a script :

vi /etc/rc.d/rc.firewall-2.4

#!/bin/sh

#

# rc.firewall-2.4

#

IPTABLES=/sbin/iptables

EXTIF="ppp0"

INTIF="eth1"

/sbin/insmod ip_tables

/sbin/insmod ip_conntrack

/sbin/insmod ip_conntrack_ftp

/sbin/insmod ip_conntrack_irc

/sbin/insmod iptable_nat

/sbin/insmod ip_nat_ftp

echo "1" > /proc/sys/net/ipv4/ip_forward

echo "1" > /proc/sys/net/ipv4/ip_dynaddr

$IPTABLES -P INPUT ACCEPT

$IPTABLES -F INPUT

$IPTABLES -P OUTPUT ACCEPT

$IPTABLES -F OUTPUT

$IPTABLES -P FORWARD DROP

$IPTABLES -F FORWARD

$IPTABLES -t nat -F

$IPTABLES -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT

$IPTABLES -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT

$IPTABLES -A FORWARD -j LOG

$IPTABLES -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

make script executable :

execute the script .

for automatical scriptstart :

vi /etc/rc.d/rc.local

add the following line:

/etc/rc.d/rc.firewall-2.4