Projects / IP Masquerade HOWTO

IP Masquerade HOWTO

The IP Masquerade HOWTO is the document that contains instructions on understanding, configuring, and troubleshooting NAT or Network Address Translation for Linux. It covers topics such as IPTABLES, PORTFW, IPCHAINS, IPFWADM, stronger packet firewalls, multiple network segments, and configuring many client operating systems. It also has an extensive FAQ and troubleshooting section.

Operating Systems

Recent releases

  •  23 May 2005 03:22

    Release Notes: Multiple new FAQ entries and sub-sections for advanced setups. The firewall ruleset names have been changed to reflect the base technology (like iptables or ipchains) and not reflect a kernel version (2.6.x kernels supports both iptables and ipchains). Some of the firewall rulesets have been updated to be a bit clearer.

    •  10 Nov 2003 00:04

      Release Notes: A section on reducing the size of your logs and a commented firewall section for IRC users have been added. The firewall rulesets 0.80 (stronger) and 0.75 (basic) have been updated to use modprobe instead of insmod, and more comments have been added. Some broken URLs have been fixed.

      •  27 May 2003 11:46

        Release Notes: This version deletes and updated many URLs throughout the HOWTO, updates the LooseUDP entry and adds how iptables fixes it, vastly expands the SYSLOG packet decoding section, updates the various firewall rulesets to use modprobe instead of insmod, adds a Clamp-MSS entry to the MTU FAQ section for PPPoE and other MTU-sufferers, and fixes a SGML parsing script that was screwing up "&&" characters.

        •  10 Apr 2003 10:14

          Release Notes: Additional /proc entry testing was added to help users determine if their kernel is MASQ-ready. An EXTIP variable was added the 2.4.x PORTFW example, as several people were trying to use this with the BASIC ruleset and not the STRONGER ruleset. Mandrake and Gentoo were added to the MASQ compatibility list, and additional checking was added to the kernel compilation section to determine if your kernel supports IPMASQ via modules or by being statically compiled in.

          •  13 Jan 2003 07:30

            Release Notes: This version adds Redhat 7.3 and 8.0 to the compatibility chart, fixes various typos, updates the 2.2.x H.323 kernel patch URL, and updates the 2.4.x kernel compiling section to let users know that most modern kernels don't need IPTABLES Patch-o-matic patches to be applied except to fix bugs or add additional functionality.


            Project Spotlight


            A Fluent OpenStack client API for Java.


            Project Spotlight

            TurnKey TWiki Appliance

            A TWiki appliance that is easy to use and lightweight.