You will probably wondering why I made that example or on what television show you have seen the same. Well it is quite simple. Person B is the internet, and person A is a masqueraded client and person C is the masqueraded server.
For understanding it I'll first give a short introduction to TCP/IP".
TCP/IP stands for Transmission Control Protocol / Internet Protocol. It
is widely used for data communication among computers (before TCP/IP, everybody
used UUCP = Unix to Unix Copy Protocol). TCP/IP is literally a protocol
that controls your communication, it also uses IP numbers. IP-numbers consist
out of 12 numbers grouped by 3 (123.456.789.123). Every computer attached
to a network (and to the internet) have their own unique IP number. TCP/IP
works like the following.
=> I am 220.127.116.11 and i want to contact 18.104.22.168
-> I am 22.214.171.124 did you call me ?
=> I am 126.96.36.199 and I contacted you
-> I am 188.8.131.52 and ready
=> I am 184.108.40.206 and I want that file
-> I am 220.127.116.11 and I am sending the first part to 18.104.22.168
=> I am 22.214.171.124 and I have received it.
-> I am 126.96.36.199 and I am sending the second part to 188.8.131.52
=> I am 184.108.40.206 and I haven't received anything
-> I am 220.127.116.11 and I am sending again
=> I am 18.104.22.168 and I have received it.
-> I am 22.214.171.124 and I am waiting.
=> I am 126.96.36.199 and I am ready, bye
-> I am 188.8.131.52 Bye
I know this may seem a little childish but data communication (and TCP/IP) are working like that.
Now you should be able to understand the image. You see a computer with
local IP 10.0.0.1 who is connected to the internet by a telephone line
and has achieved an IP number by this ISP (Internet Service Provider) that
IP is 184.108.40.206. What does this mean ? If someone on the internet tried
to contact 220.127.116.11 they would get a response but if they would try to
contact 10.0.0.1 they would not get a response although it is the same
computer because the IP 10.0.0.1 isn't recognized worldwide. Then we have
10.0.0.2 till 10.0.0.x who are connected to 10.0.0.1. In this case we could
consider 10.0.0.1 as a gateway (a gateway is a sort of exit to another
network, a gateway could be a link between 10.0.1.x and 10.0.0.x, but therefore
that machine must be recognized by 10.0.1.x and 10.0.0.x or with other
words it should have 2 network cards or in this case a modem and a network
card). So we could consider it as a gateway but there is one detail, for
10.0.0.1 being a gateway. But it isn't for the simple reason that the internet
wouldn't recognize it.
=> I'm 10.0.0.2 and I want to contact you
-> I'm 18.104.22.168 and I have now idea how to reach you, go away (this messages isn't really broadcasted because there is no logical route between the two computers, this is logged)
So what does masquerading actually do ? Well, it gives its own IP (22.214.171.124 this is the IP that is attached to the ISP, giving by DHCP by exemple) to the entire network and remembers which computer requested which packet. Something like:
=> I'm 10.0.0.2 and I want to contact 126.96.36.199
-> I'm 10.0.0.1 and I will be processing your request
-> I'm 188.8.131.52 and I want to contact 184.108.40.206
_> I'm 220.127.116.11 and awaiting your command
I hope this cleared out a lot. So a masqueraded server gives its IP ( in facts it masks the ip's of the network) in order for the other pc's to get on the internet. And the incoming data is being filtered under the 10.0.0.x network.
=> Prompt for development and or incomplete code / drivers
=>Enable loadable module support
=>IP:ipportfw masq support
=>IP:ipautofw masq support
=>Dummy net driver support
=>IP:ip fwmark masq-forwarding support
Note that the above options are required for ip masquerading so you
still need other codes in your kernel. When you are finished you will be
prompted to save changes. The following commands do the actual compiling
and may take a from 10 - 40 minutes and will show many characters which
you may not understand on your screen, don't worry it is normal.
[GoMoRRaH@SaTaN linux]$ make dep
[GoMoRRaH@SaTaN linux]$ make clean
[GoMoRRaH@SaTaN linux]$ make bzImage
[GoMoRRaH@SaTaN linux]$ cp /usr/src/linux/arch/i386/boot/bzImage /boot/kernel
[GoMoRRaH@SaTaN linux]$ make modules
[GoMoRRaH@SaTaN linux]$ make modules_install
At this point you should edit your /etc/lilo.conf file. You should add something like
root=/dev/hdax (replace this by your root filesystem, harddisk, partition, ..)
This makes your boot manager find your new kernel at boot. So if your see the lilo prompt the next time you should type masqkernel
[GoMoRRaH@SaTaN linux]$ lilo
added linux-2.2.5-15 *
Now you should edit your /etc/rc.d/rc.local file so the modules needed are automatically loaded at boot
These modules are needed for ftp, real audio and irc. There is only one thing to do besides rebooting and that is enabling your IPV4 forwarding.
[GoMoRRaH@SaTaN linux] echo "1" > /proc/sys/net/ip_forward(ing) Now you should reboot your system with your newly made kernel, see if everything boots properly, if not you should redo the above steps. Until you have a properly working kernel.
For any further questions, you can mail GoMoRRaH, a member of Black Sun Research Facility