You will probably wondering why I made that example or on what television show you have seen the same. Well it is quite simple. Person B is the internet, and person A is a masqueraded client and person C is the masqueraded server.
For understanding it I'll first give a short introduction to TCP/IP".
TCP/IP stands for Transmission Control Protocol / Internet Protocol. It
is widely used for data communication among computers (before TCP/IP, everybody
used UUCP = Unix to Unix Copy Protocol). TCP/IP is literally a protocol
that controls your communication, it also uses IP numbers. IP-numbers consist
out of 12 numbers grouped by 3 (123.456.789.123). Every computer attached
to a network (and to the internet) have their own unique IP number. TCP/IP
works like the following.
=> I am 18.104.22.168 and i want to contact 22.214.171.124
-> I am 126.96.36.199 did you call me ?
=> I am 188.8.131.52 and I contacted you
-> I am 184.108.40.206 and ready
=> I am 220.127.116.11 and I want that file
-> I am 18.104.22.168 and I am sending the first part to 22.214.171.124
=> I am 126.96.36.199 and I have received it.
-> I am 188.8.131.52 and I am sending the second part to 184.108.40.206
=> I am 220.127.116.11 and I haven't received anything
-> I am 18.104.22.168 and I am sending again
=> I am 22.214.171.124 and I have received it.
-> I am 126.96.36.199 and I am waiting.
=> I am 188.8.131.52 and I am ready, bye
-> I am 184.108.40.206 Bye
I know this may seem a little childish but data communication (and TCP/IP) are working like that.
Now you should be able to understand the image. You see a computer with
local IP 10.0.0.1 who is connected to the internet by a telephone line
and has achieved an IP number by this ISP (Internet Service Provider) that
IP is 220.127.116.11. What does this mean ? If someone on the internet tried
to contact 18.104.22.168 they would get a response but if they would try to
contact 10.0.0.1 they would not get a response although it is the same
computer because the IP 10.0.0.1 isn't recognized worldwide. Then we have
10.0.0.2 till 10.0.0.x who are connected to 10.0.0.1. In this case we could
consider 10.0.0.1 as a gateway (a gateway is a sort of exit to another
network, a gateway could be a link between 10.0.1.x and 10.0.0.x, but therefore
that machine must be recognized by 10.0.1.x and 10.0.0.x or with other
words it should have 2 network cards or in this case a modem and a network
card). So we could consider it as a gateway but there is one detail, for
10.0.0.1 being a gateway. But it isn't for the simple reason that the internet
wouldn't recognize it.
=> I'm 10.0.0.2 and I want to contact you
-> I'm 22.214.171.124 and I have now idea how to reach you, go away (this messages isn't really broadcasted because there is no logical route between the two computers, this is logged)
So what does masquerading actually do ? Well, it gives its own IP (126.96.36.199 this is the IP that is attached to the ISP, giving by DHCP by exemple) to the entire network and remembers which computer requested which packet. Something like:
=> I'm 10.0.0.2 and I want to contact 188.8.131.52
-> I'm 10.0.0.1 and I will be processing your request
-> I'm 184.108.40.206 and I want to contact 220.127.116.11
_> I'm 18.104.22.168 and awaiting your command
I hope this cleared out a lot. So a masqueraded server gives its IP ( in facts it masks the ip's of the network) in order for the other pc's to get on the internet. And the incoming data is being filtered under the 10.0.0.x network.
=> Prompt for development and or incomplete code / drivers
=>Enable loadable module support
=>IP:ipportfw masq support
=>IP:ipautofw masq support
=>Dummy net driver support
=>IP:ip fwmark masq-forwarding support
Note that the above options are required for ip masquerading so you
still need other codes in your kernel. When you are finished you will be
prompted to save changes. The following commands do the actual compiling
and may take a from 10 - 40 minutes and will show many characters which
you may not understand on your screen, don't worry it is normal.
[GoMoRRaH@SaTaN linux]$ make dep
[GoMoRRaH@SaTaN linux]$ make clean
[GoMoRRaH@SaTaN linux]$ make bzImage
[GoMoRRaH@SaTaN linux]$ cp /usr/src/linux/arch/i386/boot/bzImage /boot/kernel
[GoMoRRaH@SaTaN linux]$ make modules
[GoMoRRaH@SaTaN linux]$ make modules_install
At this point you should edit your /etc/lilo.conf file. You should add something like
root=/dev/hdax (replace this by your root filesystem, harddisk, partition, ..)
This makes your boot manager find your new kernel at boot. So if your see the lilo prompt the next time you should type masqkernel
[GoMoRRaH@SaTaN linux]$ lilo
added linux-2.2.5-15 *
Now you should edit your /etc/rc.d/rc.local file so the modules needed are automatically loaded at boot
These modules are needed for ftp, real audio and irc. There is only one thing to do besides rebooting and that is enabling your IPV4 forwarding.
[GoMoRRaH@SaTaN linux] echo "1" > /proc/sys/net/ip_forward(ing) Now you should reboot your system with your newly made kernel, see if everything boots properly, if not you should redo the above steps. Until you have a properly working kernel.
For any further questions, you can mail GoMoRRaH, a member of Black Sun Research Facility