Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Sign up!
EnGarde Community
What is the most important Linux security technology?
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Latest Newsletters
Linux Security Week: March 30th, 2015
Linux Advisory Watch: March 27th, 2015
LinuxSecurity Newsletters
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

Configuring the other internal to-be MASQed machines

Chapter 4. Configuring the other internal to-be MASQed machines

Besides setting the appropriate IP address for each internal MASQed machine (either statically or though DHCP), you should also set each internal machine with the appropriate gateway IP address of the Linux MASQ server and required DNS servers. In general, this is rather straight forward. You simply enter the address of your Linux host ( is used throughout this HOWTO) as the machine's gateway address.

For the Domain Name Service (DNS), you add in any DNS servers that are available to you to use. The most apparent one(s) should be the DNS servers that your Linux server uses. You can optionally add any "domain search" suffix as well for quicker connections, etc.

After you have properly reconfigured the internal MASQed machines, remember to restart their appropriate network services or reboot them if need be.

The following configuration instructions assume that you are using a Class C network with as your Linux MASQ server's address. Please note that and are reserved TCP/IP address per RFC1918 for uses just like enabling IP Masquerade services.

As it stands, the following Platforms have been tested as internal MASQed machines. This is only an EXAMPLE of all compatible OSes out there:

  • Apple Macintosh OS and OS-X (with MacTCP or Open Transport or the BSD TCP/IP stack)

  • AT&T Unix (Caldera)

  • *BSD systems including Free/Net/Open/BSDi/386/etc.

  • Commodore Amiga (with AmiTCP or AS225-stack)

  • Digital VAX Stations 3520 and 3100 with UCX (TCP/IP stack for VMS)

  • Digital Ultrix, Digital Unix (Compaq Tru/64)

  • HP HP/UX

  • IBM AIX running on RS/6000, PowerPC, etc.

  • IBM OS/2 (including Warp v3)

  • IBM OS400 running on a AS/400

  • Linux distributions from vendors like Caldera, Corel, Debian, Mandrake, Redhat, Slackware, SuSe, etc. running various kernels like 1.2.x, 1.3.x, 2.0.x, 2.1.x, 2.2.x, 2.3.x, 2.4.x, etc.

  • Microsoft DOS (with NCSA Telnet package, DOS Trumpet works partially)

  • Microsoft Windows 3.1 (with the Netmanage or FTP packages)

  • Microsoft Windows For Workgroup 3.11 (with a TCP/IP package)

  • Microsoft Windows 95, OSR2, 98, 98se, Me

  • Microsoft Windows NT 3.51, 4.0, 2000, XP - (both workstation (professional) and server versions)

  • Novell Netware 4.01, 5.x, etc. with the TCP/IP service

  • SCO Openserver (v3.2.4.2 and 5) and UnixWare (AT&T Unix)

  • Sun Solaris 2.51, 2.6, 7, 8

  • heheh.. what else am I missing?

4.1. Configuring Microsoft Windows 95 and OSR2

  1. ** Please note that some prompts might be different based upon the build version of Windows95 you are running **

    If you haven't installed your network card and adapter driver, do so now. Descriptions to perform this step is beyond the scope of this document and though it is fairly simple, if you haven't done this before, please seek assitance.

  2. Go to the 'Control Panel' --> 'Network'.

  3. Click on Add --> Protocol --> Manufacture: Microsoft --> Protocol: 'TCP/IP protocol' if you don't already have it installed.

  4. Highlight the TCP/IP item bound to your correct Windows95 network card e.g. (TCP/IP --> Intel EtherExpress Pro/100+) and select 'Properties'. Here, you have two options: configure a static address or use DHCP. Static addresses are simple but require that you NEVER configure duplication IPs on different machines. The alternative is DHCP which automatically configures all DHCP-enabled workstations things like IP addresses, DNS servers, etc. from a central server (typically the Linux MASQ server).

    DHCP enabled:

    To use DHCP, simply click on the "Use DHCP to assign addresses" button. Please note that configuring a DHCP server is beyond the scope of this HOWTO but it is fully covered in TrinityOS and other Linux HOWTOs.

    Static Addresses:

    Now goto the 'IP Address' tab and set IP Address to 192.168.0.x, (1 < x < 255), and set the Subnet Mask to

  5. Now select the "Gateway" tab and add as your gateway under 'Gateway' and hit "Add".

  6. Under the 'DNS Configuration' tab, make sure to put enter in a name for this machine and specify your official domain name. If you don't have your own domain, enter in the domain of your ISP. Next, you need to specify the DNS servers you plan on using.

    DHCP: No entries are required as this is configured dynamically via DHCP.

    STATIC: Add all of the DNS servers that your Linux MASQ server uses (usually found in /etc/resolv.conf). Usually these DNS servers are located at your ISP though you could be running either your own Caching or Authoritative DNS server on your Linux MASQ server as well. Again, setting up DNS services is beyond the scope of this HOWTO but it is covered by TrinityOS as well as the LDP's DNS HOWTO.

    Optionally, you can add any appropriate domain search suffixes as well. This allows users to simply type in the hostname of the destination computer instead of the fully qualified domain name (FQDN). This is similar to the PATH function for finding common Unix commands.

  7. Leave all of the other settings alone as they are unless (even dangerous) if you don't know what you're doing.

  8. Click 'OK' in all dialog boxes and restart your system.

  9. As an initial test, Ping the Linux MASQ server to test the network connection: 'Start/Run', type: ping is only an INTERNAL LAN connection test, you might not be able to ping the outside world yet.) If you don't see "replies" to your PINGs, please verify your network configuration.

  10. You can optionally create a HOSTS file in the C:\Windows directory so that you can ping the "hostname" of the machines on your LAN without the need for a DNS server. There is an example called HOSTS.SAM in the C:\windows directory for an example.



Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2015 Guardian Digital, Inc. All rights reserved.