Home Page Home Page
Home | Linux Administration | Corporate Services | Resources | About Us Support Center
Monthly Server Management One-time Server Services Other Services
Network Administration Network Monitoring Network Security High Availability Load Balancing Data Backup and Recovery
Linux HOWTOs Linux Guides Linux Articles New RFCs Vulnerability list Linux Journal
Testimonials Partners Careers Contact Us Site Map
The Answer Guy 33: IP and Sendmail Masquerading over a Cablemodem

"Linux Gazette...making Linux just a little more fun!"

The Answer Guy


By James T. Dennis, tag@lists.linuxgazette.net
Starshine Technical Services, http://www.starshine.org/

(?)IP and Sendmail Masquerading over a Cablemodem

From Marty Leisner on 22 Sep 1998

I read your column in the May LG. (I'm behind on my reading :-))

I recently (last month) got a cable modem and hooked up a masquerading firewall...

On the firewall machine, I have the rule: 

ipfwadm -F -p deny
ipfwadm -F -a m -S 192.168.0.0/24 -D 0.0.0.0/0

I got this of the IP-masquerade howto...

I'm not sure if its the same as the rule:
ipfwadm -F -a accept -m -S 192.168.1.0/24 -D any

(!)Mine is similar, all 253 of the 192.168.1.* through the 192.168.254.* class C address blocks are reserved for "private net" addressing (use behind proxying firewalls, masquerading/NAT (network address translation) routers, and on disconnected LAN's).
I've heard conflicting reports about using 192.168.0.* and 192.168.255.* (the first and the last of this range). So I don't recommend it. If you needed a very large network of "private net" (RFC 1918 --- aka RFC 1597) addresses you could also use 172.16.*.* through 172.31.*.* --- that's sixteen adjacent class B networks, or your could use 10.*.*.* --- a full class A.

(?)Also, you sendmail .mc: 


--          FEATURE(always_add_domain)dnl
FEATURE(allmasquerade)dnl
FEATURE(always_add_domain)dnl
FEATURE(masquerade_envelope)dnl
MASQUERADE_AS($YOURHOST)dnl

adds always_add_domain twice...

(!)That's just a typo.

(?)Is $YOURHOST defined someplace (I just went through the work of configuring sendmail a few weeks ago).

(!)I used $YOURHOST as a marker for my readers to fill in with their sendmail name. Mine is "starshine.org" --- yours is a subdomain off of "rr.com" I expected people to clue into that; though I probably should explicitly pointed it out.

(?)The Feynman problem solving Algorithm

  1. Write down the problem
  2. Think real hard
  3. Write down the answer

--- Murray Gell-mann in the NY Times

(!)He forgot to show his work in step two!

Copyright © 1998, James T. Dennis
Published in Linux Gazette Issue 33 October 1998

[ Answer Guy Index ] floppy autocad scsi samba_pdc virthost
emacs_cc ipmasq tty shuffle connect
hostavail desqview catch22 thanks2 typo

[ Table Of Contents ] [ Front Page ] [ Previous Section ] [ Next Section ]

All logos, trademarks and content in this site are property of their respective owners. All else is © Copyright 2005-2012 n3v.net