ALINK="#FF0000">

"Linux Gazette...making Linux just a little more fun!"


The Answer Guy


By James T. Dennis, tag@lists.linuxgazette.net
Starshine Technical Services, http://www.starshine.org/


(?)IP and Sendmail Masquerading over a Cablemodem

From Marty Leisner on 22 Sep 1998

I read your column in the May LG. (I'm behind on my reading :-))

I recently (last month) got a cable modem and hooked up a masquerading firewall...

On the firewall machine, I have the rule:

ipfwadm -F -p deny
ipfwadm -F -a m -S 192.168.0.0/24 -D 0.0.0.0/0

I got this of the IP-masquerade howto...

I'm not sure if its the same as the rule:
ipfwadm -F -a accept -m -S 192.168.1.0/24 -D any

(!)Mine is similar, all 253 of the 192.168.1.* through the 192.168.254.* class C address blocks are reserved for "private net" addressing (use behind proxying firewalls, masquerading/NAT (network address translation) routers, and on disconnected LAN's).
I've heard conflicting reports about using 192.168.0.* and 192.168.255.* (the first and the last of this range). So I don't recommend it. If you needed a very large network of "private net" (RFC 1918 --- aka RFC 1597) addresses you could also use 172.16.*.* through 172.31.*.* --- that's sixteen adjacent class B networks, or your could use 10.*.*.* --- a full class A.

(?)Also, you sendmail .mc:


--          FEATURE(always_add_domain)dnl
FEATURE(allmasquerade)dnl
FEATURE(always_add_domain)dnl
FEATURE(masquerade_envelope)dnl
MASQUERADE_AS($YOURHOST)dnl 

adds always_add_domain twice...

(!)That's just a typo.

(?)Is $YOURHOST defined someplace (I just went through the work of configuring sendmail a few weeks ago).

(!)I used $YOURHOST as a marker for my readers to fill in with their sendmail name. Mine is "starshine.org" --- yours is a subdomain off of "rr.com" I expected people to clue into that; though I probably should explicitly pointed it out.

(?)The Feynman problem solving Algorithm

  1. Write down the problem
  2. Think real hard
  3. Write down the answer

--- Murray Gell-mann in the NY Times

(!)He forgot to show his work in step two!


Copyright © 1998, James T. Dennis
Published in Linux Gazette Issue 33 October 1998


[ Answer Guy Index ] floppy autocad scsi samba_pdc virthost
emacs_cc ipmasq tty shuffle connect
hostavail desqview catch22 thanks2 typo


[ Table Of Contents ] [ Front Page ] [ Previous Section ] [ Next Section ]