<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML ><HEAD ><TITLE >Requirements for IP Masquerade on Linux 2.2.x </TITLE ><META NAME="GENERATOR" CONTENT="Modular DocBook HTML Stylesheet Version 1.7"><LINK REL="HOME" TITLE="Linux IP Masquerade HOWTO" HREF="index.html"><LINK REL="UP" TITLE="Background Knowledge" HREF="ipmasq-background2.0.html"><LINK REL="PREVIOUS" TITLE="Requirements for IP Masquerade on Linux 2.4.x" HREF="kernel-2.4.x-requirements.html"><LINK REL="NEXT" TITLE="Requirements for IP Masquerade on Linux 2.0.x" HREF="kernel-2.0.x-requirements.html"></HEAD ><BODY CLASS="SECT1" BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#0000FF" VLINK="#840084" ALINK="#0000FF" ><DIV CLASS="NAVHEADER" ><TABLE SUMMARY="Header navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TH COLSPAN="3" ALIGN="center" >Linux IP Masquerade HOWTO</TH ></TR ><TR ><TD WIDTH="10%" ALIGN="left" VALIGN="bottom" ><A HREF="kernel-2.4.x-requirements.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="80%" ALIGN="center" VALIGN="bottom" >Chapter 2. Background Knowledge</TD ><TD WIDTH="10%" ALIGN="right" VALIGN="bottom" ><A HREF="kernel-2.0.x-requirements.html" ACCESSKEY="N" >Next</A ></TD ></TR ></TABLE ><HR ALIGN="LEFT" WIDTH="100%"></DIV ><DIV CLASS="SECT1" ><H1 CLASS="SECT1" ><A NAME="KERNEL-2.2.X-REQUIREMENTS" ></A >2.7. Requirements for IP Masquerade on Linux 2.2.x</H1 ><P ><SPAN CLASS="QUOTE" >" <EM >** Please refer to <A HREF="http://ipmasq.webhop.net/" TARGET="_top" >IP Masquerade Resource</A > for the latest information. **</EM > "</SPAN > </P ><P > <P ></P ><UL ><LI ><P > Any decent computer hardware. See <A HREF="faq-hardware.html" >Section 7.2</A > for more details. </P ></LI ><LI ><P > The 2.2.x kernel source is available from <A HREF="http://www.kernel.org/" TARGET="_top" > http://www.kernel.org/</A >. </P ><P > NOTE: Most modern Linux distributions, <A HREF="masq-supported-distributions.html" >Section 7.1</A >, that natively come with 2.2.x kernels are typically modular kernels and have all the IP Masquerade functionality already included. In such cases, there is no need to compile a new Linux kernel. If you are UPGRADING your kernel, you should be aware of other programs that might be required and/or need to be upgraded as well (mentioned later in this HOWTO). </P ><P ></P ><UL ><LI ><P > NOTE #1: --- UPDATE YOUR KERNEL --- Linux 2.2.x kernels less than version 2.2.20 contain several different security vulnerabilities (some were MASQ specific). Kernels less than 2.2.20 have a few local vulnerabilities. Kernel versions less than 2.2.16 have a TCP root exploit vulnerability and versions less than 2.2.11 have a IPCHAINS fragmentation bug. Because of these issues, users running a firewall with strong IPCHAINS rulesets are open to possible instrusion. Please upgrade your kernel to a fixed version. </P ></LI ></UL ></LI ><LI ><P > NOTE #2: Some newer <A HREF="masq-supported-distributions.html" >Section 7.1</A > such as Redhat 5.2 might not be Linux 2.2.x ready (upgradable). Tools like DHCP, NetUtils, etc. will need to be upgraded. More details can be found later in the HOWTO.</P ></LI ><LI ><P > Loadable kernel modules, preferably 2.1.121 or higher, are available from <A HREF="http://home.pi.se/blox/modutils/index.html" TARGET="_top" > http://home.pi.se/blox/modutils/index.html</A > or <A HREF="ftp://ftp.kernel.org/pub/linux/utils/kernel/modutils " TARGET="_top" >ftp://ftp.kernel.org/pub/linux/utils/kernel/modutils</A > </P ></LI ><LI ><P >A properly configured and running TCP/IP network running on the Linux machine as covered in <A HREF="http://www.tldp.org/HOWTO/Net-HOWTO/index.html" TARGET="_top" >Linux NET HOWTO</A > and the <A HREF="http://www.tldp.org/LDP/nag2/index.html" TARGET="_top" >Network Administrator's Guide</A > . Also check out the <A HREF="http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html#TrinityOS" TARGET="_top" >TrinityOS</A > document which is also authored by David Ranch. TrinityOS is a very comprehensive guide for Linux networking. Some topics include IP MASQ, security, DNS, DHCP, Sendmail, PPP, Diald, NFS, IPSEC-based VPNs, and performance sections, to name a few. There are over Fifty sections in all!</P ></LI ><LI ><P >Connectivity to the Internet for your Linux host covered in <A HREF="http://www.tldp.org/HOWTO/ISP-Hookup-HOWTO.html" TARGET="_top" >Linux ISP Hookup HOWTO</A >, <A HREF="http://www.tldp.org/HOWTO/PPP-HOWTO/index.html" TARGET="_top" >Linux PPP HOWTO</A >, and <A HREF="http://www.ecst.csuchico.edu/~dranch/LINUX/index-linux.html#TrinityOS" TARGET="_top" >TrinityOS</A >. Other helpful HOWTOs could include: <A HREF="http://www.tldp.org/HOWTO/mini/DHCP/index.html" TARGET="_top" >Linux DHCP mini-HOWTO</A >, <A HREF="http://www.tldp.org/HOWTO/Cable-Modem/index.html" TARGET="_top" >Linux Cable Modem mini-HOWTO</A > and <A HREF="http://www.tldp.org/HOWTO/DSL-HOWTO/index.html" TARGET="_top" >http://www.tldp.org/HOWTO/DSL-HOWTO/index.html</A ></P ></LI ><LI ><P >IP Chains 1.3.10 or newer are available from <A HREF="http://www.netfilter.org/ipchains/" TARGET="_top" >http://www.netfilter.org/ipchains/</A >. Additional information on version requirements for the newest IPCHAINS HOWTO, etc is located at the <A HREF="http://www.netfilter.org/ipchains/" TARGET="_top" > Linux IP Chains page</A > <A HREF="http://www.netfilter.org/ipchains" TARGET="_top" > (mirror at Samba.org)</A ></P ></LI ><LI ><P >Know how to configure, compile, and install a new Linux kernel as described in the <A HREF="http://www.tldp.org/HOWTO/Kernel-HOWTO/index.html" TARGET="_top" >Linux Kernel HOWTO</A >. This HOWTO does cover kernel compiling but only for IP Masquerade related options.</P ></LI ></UL ></P ><P > <STRONG > Other optional patches and tools for 2.2.x kernels</STRONG > <P ></P ><UL ><LI ><P > TCP/IP port-forwarding or re-directing: <P ></P ><UL ><LI ><P > <A HREF="http://ipmasq.webhop.net/juanjox/" TARGET="_top" >IP PortForwarding (IPMASQADM) - RECOMMENDED - mirror</A > </P ></LI ></UL > </P ></LI ><LI ><P > PORTFW FTP Solutions: <P ></P ><UL ><LI ><P > There are 2.2.x and 2.0.x kernel MASQ Module solutions for PORTFWed FTP to a MASQed machine (put an FTP server behind a MASQ server). Please see the Application Page on the <A HREF="http://ipmasq.webhop.net" TARGET="_top" > IPMASQ WWW site </A > for full details. Please note that this is not required for 2.4.x kernels. </P ><P > There is a full FTP proxy application from SuSe that will also allow PORTFWed-like functionality to reach an internal FTP server. For more details, please refer to the <A HREF="http://www.suse.de/en/whitepapers/proxy_suite/" TARGET="_top" >SuSe Proxy URL</A >. </P ></LI ></UL > </P ></LI ><LI ><P > IPROUTE2 for True 1:1 NAT, Policy-based (source) routing, and Traffic Shaping: <P ></P ><UL ><LI ><P > <A HREF="ftp://ftp.inr.ac.ru/ip-routing/" TARGET="_top" >ftp://ftp.inr.ac.ru/ip-routing </A > </P ></LI ><LI ><P > Documentation can be found at <A HREF="http://www.compendium.com.ar/policy-routing.txt" TARGET="_top" > http://www.compendium.com.ar/policy-routing.txt</A > </P ></LI ><LI ><P > The <A HREF="http://www.tldp.org/HOWTO/Adv-Routing-HOWTO/index.html" TARGET="_top" > Advanced Routing HOWTO</A > </P ></LI ><LI ><P > Some source code mirrors are at: </P ><P > <A HREF="ftp://ftp.funet.fi/pub/mirrors/ftp.inr.ac.ru/ip-routing/" TARGET="_top" > ftp://ftp.funet.fi/pub/mirrors/ftp.inr.ac.ru/ip-routing/ (STM1 to USA)</A > --- <A HREF="ftp://sunsite.icm.edu.pl/pub/Linux/iproute/" TARGET="_top" > ftp://sunsite.icm.edu.pl/pub/Linux/iproute/</A > </P ><P > <A HREF="ftp://ftp.sunet.se/pub/Linux/ip-routing/" TARGET="_top" > ftp://ftp.sunet.se/pub/Linux/ip-routing/</A > --- <A HREF="ftp://ftp.nvg.ntnu.no/pub/linux/ip-routing/" TARGET="_top" > ftp://ftp.nvg.ntnu.no/pub/linux/ip-routing/</A > </P ><P > <A HREF="ftp://ftp.crc.ca/pub/systems/linux/ip-routing/" TARGET="_top" > ftp://ftp.crc.ca/pub/systems/linux/ip-routing/</A > --- <A HREF="ftp://ftp.paname.org" TARGET="_top" >ftp://ftp.paname.org (France)</A > </P ></LI ></UL > </P ></LI ></UL ></P ><P >Please see the <A HREF="http://ipmasq.webhop.net/" TARGET="_top" >IP Masquerade Resource</A > page for more information available on these patches and possibly others as well.</P ></DIV ><DIV CLASS="NAVFOOTER" ><HR ALIGN="LEFT" WIDTH="100%"><TABLE SUMMARY="Footer navigation table" WIDTH="100%" BORDER="0" CELLPADDING="0" CELLSPACING="0" ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" ><A HREF="kernel-2.4.x-requirements.html" ACCESSKEY="P" >Prev</A ></TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="index.html" ACCESSKEY="H" >Home</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" ><A HREF="kernel-2.0.x-requirements.html" ACCESSKEY="N" >Next</A ></TD ></TR ><TR ><TD WIDTH="33%" ALIGN="left" VALIGN="top" >Requirements for IP Masquerade on Linux 2.4.x</TD ><TD WIDTH="34%" ALIGN="center" VALIGN="top" ><A HREF="ipmasq-background2.0.html" ACCESSKEY="U" >Up</A ></TD ><TD WIDTH="33%" ALIGN="right" VALIGN="top" >Requirements for IP Masquerade on Linux 2.0.x</TD ></TR ></TABLE ></DIV ></BODY ></HTML >