Welcome to Linux Knowledge Base and Tutorial
"The place where you learn linux"
Linux Tracker

 Create an AccountHome | Submit News | Your Account  

Tutorial Menu
Linux Tutorial Home
Table of Contents

· Introduction to Operating Systems
· Linux Basics
· Working with the System
· Shells and Utilities
· Editing Files
· Basic Administration
· The Operating System
· The X Windowing System
· The Computer Itself
· Networking
· System Monitoring
· Solving Problems
· Security
· Installing and Upgrading
· Linux and Windows

Man Pages
Linux Topics
Test Your Knowledge

Site Menu
Site Map
Copyright Info
Terms of Use
Privacy Info
Masthead / Impressum
Your Account

Private Messages

News Archive
Submit News
User Articles
Web Links


The Web

Who's Online
There are currently, 62 guest(s) and 0 member(s) that are online.

You are an Anonymous user. You can register for free by clicking here



Current HOWTO: Masquerading-Simple-HOWTO

Post-install Instructions

4. Post-install Instructions

And it should all work now. Don't forget to:

  • Setup all the clients on the internal network to point to the Linux internal IP address as their gateway. (In windows right-click network neighbourhood->properties->gateway then change it to the Linux gateway internal ip.)

  • Setup all the clients to use your ISP's HTTP proxy if they have one, use a transparent proxy (WARNING - I've heard reports of transparent proxying to be very slow on very big networks), or run squid on your new linux gateway. (This is optional, but preferrable for large networks)

  • Be sure to specify a DNS when setting up your clients. Otherwise you will get errors on the clients saying 'cannot resolve address' etc. If DNS used to work (URL address worked) but doesn't after you setup Masquerading, this is because your ISP's/network's DHCP server can no longer tell you what the DNS address is.

    [Offtopic] I wonder if you could simply send out a dhcp broadcast that just forwards on the dns server (and http_proxy while you're at it) without having to setup a dhcp server (or even if you do). Can someone mail me about this? :)

    Thanks to Richard Atcheson for pointing this out.

  • Now you should start securing it! First turn off forwarding in general: "iptables -P FORWARD DROP", and then learn how to use iptables and /etc/hosts.allow and /etc/hosts.deny to secure your system. WARNING - Don't try this mentioned iptables rule until you have the masquerading working. You have to explicitely allow every packet through that you want if you are going to set the last rule to be DENY. (Undo with "iptables -P FORWARD ACCEPT")

  • Allow through any services you do want the internet to see.

    For an example, to allow access to your web server do:

    $> iptables -A INPUT --protocol tcp --dport 80 -j ACCEPT
    $> iptables -A INPUT --protocol tcp --dport 443 -j ACCEPT

    To allow ident (For connecting to irc etc) do

    $> iptables -A INPUT --protocol tcp --dport 113 -j ACCEPT

To test it:

  • Try connecting from a client to the web using an IP. Google's IP is (well that's one of them) and you should be able to get a reply from that. e.g. "ping" "lynx".

  • Try a full out connection by name. e.g. "ping google.com" "lynx google.com" or from Internet Explorer / netscape.

Where eth0 is the external Internet card, and is the external ip of that machine.

The Linux Tutorial completely respects the rights of authors and artists to decide for themselves if and how their works can be used, independent of any existing licenses. This means if you are the author of any document presented on this site and do no wish it to be displayed as it is on this site or do not wish it to be displayed at all, please contact us and we will do our very best to accommodate you. If we are unable to accommodate you, we will, at your request, remove your document as quickly as possible.

If you are the author of any document presented on this site and would like a share of the advertising revenue, please contact us using the standard Feedback Form.




Security Code
Security Code
Type Security Code

Don't have an account yet? You can create one. As a registered user you have some advantages like theme manager, comments configuration and post comments with your name.

Help if you can!

Amazon Wish List

Did You Know?
You can get all the latest Site and Linux news by checking out our news page.


Tell a Friend About Us

Bookmark and Share

Web site powered by PHP-Nuke

Is this information useful? At the very least you can help by spreading the word to your favorite newsgroups, mailing lists and forums.
All logos and trademarks in this site are property of their respective owner. The comments are property of their posters. Articles are the property of their respective owners. Unless otherwise stated in the body of the article, article content (C) 1994-2013 by James Mohr. All rights reserved. The stylized page/paper, as well as the terms "The Linux Tutorial", "The Linux Server Tutorial", "The Linux Knowledge Base and Tutorial" and "The place where you learn Linux" are service marks of James Mohr. All rights reserved.
The Linux Knowledge Base and Tutorial may contain links to sites on the Internet, which are owned and operated by third parties. The Linux Tutorial is not responsible for the content of any such third-party site. By viewing/utilizing this web site, you have agreed to our disclaimer, terms of use and privacy policy. Use of automated download software ("harvesters") such as wget, httrack, etc. causes the site to quickly exceed its bandwidth limitation and are therefore expressly prohibited. For more details on this, take a look here

PHP-Nuke Copyright © 2004 by Francisco Burzi. This is free software, and you may redistribute it under the GPL. PHP-Nuke comes with absolutely no warranty, for details, see the license.
Page Generation: 0.12 Seconds