Come children, gather 'round, and listen to this tale of the IP Masqueraders. Last winter, while Santa and his elves were busy at the North Pole making the final checks on their inventory of goodies, a few eccentric Linux programmers in Louisville, Colorado were busy tinkering away at their system configurations.
What were they configuring? Having just installed Red Hat 5, they were eagerly examining the assortment of newly updated software and tailoring it to their likings. But besides all the tinkering around with rpm switches, editing files in the /etc directory beyond recognition, and checking out Red Hat's slick new additions to the control panel, they had another mission. A mission they had been dreaming about since the early days, when 2400bps modems were the norm. A mission none of them had thought truly possible but a year earlier. A mission which, indeed, would almost certainly have been beyond their reach using lesser platforms of the past. [ Correction ] Now, they would attempt to make this dream a reality.
The goals of the mission were clear. After establishing a working household TCP/IP network using Ethernet hardware, they would attempt the unthinkable: Make the vast sea known as the Internet accessible to all private network hosts through one modem, on a machine which would relay all requests coming from inside to the outside, and vice versa. Impossible, you say? Perhaps so, if your operating system development is limited to Redmond, but not when you have the whole world behind you.
Armed with a much-treasured variety of patched-together hardware, an arsenal of copylefted software, and a spirit for adventure, these hackers devised their strategy. As had been done in the past, all machines would be wired together using a 10Base2 thin coax. They would talk using the TCP/IP protocol, using the set of IP addresses reserved for internal networks. The Computer Formerly Known as Powerhouse would serve as the gateway, primarily because it was equipped with a 56k modem. All other PCs on the network would route Internet-destined packets through Dagobah (The Computer Formerly Known as Powerhouse), and it would be up to Dagobah to process the requests, alter the packets so remote hosts would believe they had originated from Dagobah (hence the term IP Masquerading), send them to their destinations, and reroute the return packets to the source which requested them.
Setting up the internal network itself presented no significant problems. The biggest hitch was getting the Ethernet cable strung through the walls in a sane and elegant fashion. After all the machines were talking to each other, our heroes celebrated by toasting with a few cold sips of Josta. Afterwards, they went back to their web browsers and began to read documentation, for their journey had but begun, and there was much to learn before they could go on to complete the ambitious project.
echo "1" > /proc/sys/net/ipv4/ip_forward ipfwadm -F -p deny ipfwadm -F -a m -S XX.XX.XX.XX/MM -D 0.0.0.0/0