Linux on PowerPC FAQ-O-Matic : System Configuration : Networking :
IP Masquerading (NAT) setup under Linux/ppc (Linux-pmac)
Brief instructions on setting up IP Masquerading (NAT) in Linuxpmac: This document is no longer being maintained. If you're still using an R4 or earlier LinuxPPC install the instructions below should be of some help, but various external files referenced may have moved. If you have R5 / LinuxPPC 1999, please look at the instructions for 2.1.1xx or greater kernels listed below. Note: if you want NAT in 2.1.1xx kernels please refer to: http://www.dartmouth.edu/cgi-bin/cgiwrap/jonh/lppc/faq.pl?file=482 1. Compile a new kernel with support for IP Masquerading. The latest 2.1.24 distribution I have (01/21/98) worked fine. Do a "make config" (or use another configuration utility) and answer yes to the following options: CONFIG_EXPERIMENTAL CONFIG_MODULES CONFIG_NET CONFIG_FIREWALL CONFIG_INET CONFIG_IP_FORWARD CONFIG_IP_FIREWALL CONFIG_IP_MASQUERADE CONFIG_IP_ALWAYS_DEFRAG (recommended by the HOW-TO) CONFIG_DUMMY (recommended by the HOW-TO, though I'm not using it) 2. Make and install the kernel modules after compiling the kernel, the two commands you need are "make modules" and "make modules_install" 3. If you don't have it, grab the ipfwadm rpm from ftp.linuxppc.org. The current path is: /RedHat/RPMS/ipfwadm-2.3.0-2B.ppc.rpm. Install the rpm. 4. After booting with your new kernel, run the following programs. Once you get your setup correct put the commands in /etc/rc.d/rc.local to have them automatically executed at boot. You do need to be root to run these utilities. /sbin/depmod -a #Re-sync the module dependancies /sbin/modprobe ip_masq_ftp.o #Non-PASV FTP transfers/sbin/modprobe /sbin/modprobe ip_masq_irc.o #Internet relay chat #telnet and other supported protocols are #loaded automatically /sbin/ipfwadm -F -p deny #sets the default IP forwarding policy to "deny", #this prevents crackers from using your system to #mask their real IP address /sbin/ipfwadm -F -f #remove any previous IP forwarding entries /sbin/ipfwadm -F -i accept -S 0.0.0.0/0 -D 192.168.1.0/24 -W eth0 #allow IP forwarding of any packets with a source #address of "anywhere" (0.0.0.0/0) and a destination #address in 192.168.1.* on the first ethernet #interface /sbin/ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0 -W ppp0 #setup IP masquerading for any packets coming from #the 192.168.1.* address range and a destination #address of anywhere through the first ppp interface echo "1" > /proc/sys/net/ipv4/ip_forwarding # Start IP Forwarding 5. Test your IP Forwarding (or Network Address Translation) system. My example configuration in step 4 assumes that my system has a connection to the Internet on ppp0 and an eth0 interface in the 192.168.1.* range. 192.168.*.* is a range of private IP addresses, these do not exist on the Internet at large How to setup the client system: The client system should be setup with an IP address in the private network space and the default router should be the private network IP address of your linuxpmac system. 6. Additional information: You can find out more about IP Masquerading under Linux from http://sunsite.unc.edu/LDP/HOWTO/mini/IP-Masquerade.html 7. Feel free to mail me directly with any questions to the above, and make your own additions or corrections as necessary. -- Ty Hedrick Last revised: 8/12/99thedrick@netspace.org
My DEC 21041 Ethernet card (Farallon, et al) won't work.