Linux IP Masquerade HOWTO | ||
---|---|---|
Prev | Chapter 8. Miscellaneous |
TO do - HOWTO:
Add the scripted IPMASQADM example to the Forwarders section. Also confirm the syntax.
Add a little section on having multiple subnets behind a MASQ server
Confirm the IPCHAINS ruleset and make sure it is consistant with the IPFWADM ruleset
TO DO - WWW page:
Update all PPTP urls from lowrent to ftp://ftp.rubyriver.com/pub/jhardin/masquerade/ip_masq_vpn.html
Update the PPTP patch on the masq site
Update the portfw FTP patch
Changes from 11/19/01 to 01/05/02 - 010502 pubsished to the LDP
01/05/02: - Added disabled rules to the rc.firewall-2.4-stronger ruleset to support INTERNAL DHCP server and EXTERNAL access to a WWW server running on the MASQ machine.
01/05/02: - Added required changes to the loading of the ip_conntrack_ftp module if people PORTFW to non-standard FTP ports.
01/05/02: - Added an example in the 2.4.x PORTFW section on how to REDIRECT internal traffic back to an INTERNAL server. This is the same as running REDIR under 2.2.x and 2.0.x kernels.
01/05/02: - Added Juanjox mirror URLs to the HOWTO.
01/04/02: - Clarified and cleaned up the ICQ PORTFW section; Added thoughts on the ip_masq_icq, PORTFW, and SOCKS solutions
01/05/02: - Added Slackware 8.0 to the supported list.
01/04/02: - Fixed some spelling mistakes in the 2.4 and 2.2 rulesets. Thanks to Michael Ott for the sharp eye.
12/19/01: - Fixed a minor comment typo in the rc.firewall-2.4 file. Thanks to Bruno Negrao for this one.
12/02/01: - Fixed some minor version typos in the 2.4.x rc.firewall ruleset; Added a missing $PORTFWIF variable for the 2.4.x PORTFW example. Thanks to Neil Bunn for the errata.
11/25/01: - Expanded on the ipchains module conflict error messages in Section 5
11/23/01: - Updated the HOWTO to reflect a new PPTP kernel module for the 2.4.x kernels
11/19/01: - Clarified the PPTP supports for 2.4.x kernels
Changes from 08/26/01 to 11/18/01 - 111801 published to the LDP
11/12/01: - updated various comments to reflect new versions:linux 2.4.14, iptables 1.2.4, and linux 2.2.20.
11/12/01: - Added the rc.firewall-2.4-stronger ruleset to the HOWTO, updated the 2.4.x kernel and IPTABLES compiling steps to reflect 2.4.14 and 1.2.4.
11/10/01: - Added the directly downloadable versions of the 2.4, 2.4-stronger, 2.2, 2.2-stronger, 2.0, and and 2.0.x-stronger rulesets to the WWW.
11/10/01: - Updated the 2.4.x PORTW example to add the missing FORWARD option.
11/10/01: - Updated the DSL-HOWTO link in the HOWTO
10/27/01: - Updated the network diagram in section 2.5 to be a little more verbose.
09/18/01: - Fixed some broken reference links pointing to the respective 2.4.x, 2.2.x, and 2.0.x kernel compiling recommendations.
09/16/01: - Cleaned up and updated the PORTFW section to also include PREROUTING examples for 2.4.x kernels.
09/13/01: - Updated the IPTABLES simple rc.firewall ruleset to 0.62. This fixed a typo on the MASQ enable line that used eth0 instead of $EXTIF. Thanks to Hafi for reporting this.
09/07/01: - It seems that most people who are getting IPCHAINS and IPTABLES conflicts are running Redhat 7.1. I have updated section 5 on how to fix this. Thanks to Jason Wenzel for helping me with this.
09/07/01: - Noted that IPTABLES v1.2.3 is current version. All versions less than v1.2.3 have an FTP module bug that can bypass strong firewall rulesets. Please upgrade your copy of IPTABLES now.
09/07/01: - Created version numbers for the simple rc.firewall rulesets (IPTABLES - v0.61) (IPCHAINS - v1.01) (IPFWADM - v2.01). and cleaned up some of the comments in each section.
09/07/01: - Added rules to the simple rc.firewall rulesets to flush the various tables. In addition to this, I have added the use of environment variables and more echo statements in the rulesets to make things easier to edit and monitor. Thanks to Ian Bishop for the good idea.
09/07/01: - Added the use of EXTIF and INTIF interface variables in each of the rc.firewall and partial firewall rulesets for better clarity (similar to how TrinityOS has been doing for a while now). Thanks to Sean McKeon for the nudge.
09/07/01: - Fixed a typo in the UNIX client configuration section where the network broadcast was 192.168.0.25 instead of .255.
Changes from 2.01 to 2.05 - 08/26/01
08/19/01: - Added an additional testing step in Section5 to make sure the rc.firewall file loads ok. Thanks to Steven Levis for the good idea.
08/15/01: - Change the reference for the /etc/hosts file from RFC952 to RFC1035. Thanks to Michael F. Maggard for the correction.
Changes from 1.96 to 2.01 - 08/12/01
08/12/01: - Updated the basic IPTABLES ruleset to 0.60 which fixed a major issue where all MASQed packets were being dropped. Ultimately, I forgot to add a rule to ACCEPT correct packets through the forwarding chain.
- Added an additional rule to log all bogus FORWARD packets
- Load the FTP nat modules now by default
- Changed the load order of some of the kernel modules to not create bogus error messages
- Added an IPTABLES section on how to MASQ specific hosts vs. an entire subnet
- Added more MASQ-client compatible operating systems
07/19/01: - The advanced IPCHAINS example for forwarding between multiple interfaces was missing the critital "-j ACCEPT" to actually let the packets flow. Thanks to Shingo Yamaguchi for catching this.
06/21/01: Updated Section 5 (Testing Section) to add an additional test to help users troubleshoot their MASQ setup. There are now a total of -11- tests. 06/16/01: Updated the intro History section at the beginning of the HOWTO. 06/14/01: Added mirror Netfilter and IPCHAINs mirror URLs 06/13/01: Updated the H.323 URL
06/10/01: Double DOH! The simple rc.firewall script for the 2.4 kernels had two major errors in it. The new version is far more informative and even works! I am continuing to go through the HOWTO and cleaning things up but I'm not done quite yet.
06/02/01: Updated the lists of known compatible MASQ'ed operating systems (Windows M3, Linux 2.3, 2.4, etc) Made more references to DHCP and DNS in the various different MASQ client configuration guides.
04/12/01: Thanks to the Joshua X and the other people at Command Prompt, Inc. for the port of the HOWTO from LinuxDoc to DocBook. Add email list URL to line 126
Changes from 1.90 to 1.95 - 11/11/00
A BIG thanks to the Joshua X and the other people at Command Prompt, Inc. for the port of the HOWTO from LinuxDoc to DocBook.
Added a quick upfront notice in the intro that running a SINGLE NIC in MASQ mutliple ethernet segments is NOT recommended and linked to the relivant FAQ entry. Thanks to Daniel Chudnov for helping the HOWTO be more clear.
Added a pointer in the Intro section to the FAQ section for users looking for how MASQ is different from NAT and Proxy services.
Reordered the Kernel requirements sections to be 2.2.x, 2.4.x, 2.0.x
Expanded the kernel testing in Section 3 to see if a given kernel already supports MASQ or not.
Reversed the order of the displayed simple MASQ ruleset examples (2.2.x and 2.0.x)
Cleaned up some formatting issues in the 2.0.x and 2.2.x rc.firewall files
Noted in the 2.2.x rc.firewall that the defrag option is gone in some distro's proc (Debian, TurboLinux, etc)
Added a NOTE #3 to the rc.firewall scripts to include instructions for Pump. Thanks to Ross Johnson for this one.
Cleaned up the simple MASQ ruleset examples for both the 2.2.x and 2.2.x kernels
Updated the simple and stronger IPCHAINS and IPFWADM rulesets to include the external interface names (IPCHAINS is -i; IPFWADM is -W) to avoid some internal traffic MASQing issues.
Vastly expanded the Section 5 (testing) with even more testing steps with added complete examples of what the output of the testing commands should look like.
Moved the H.323 application documentation from NOT supported to Supported. :-)
Reordered the Multiple LAN section examples (2.2.x then 2.0.x)
Made some additional clarifications to the Multiple LAN examples
Fixed a critical typo with multiple NIC MASQing where the network examples had the specified networks reversed. Thanks to Matt Goheen for catching this.
Added a little intro to MFW in the PORTFW section.
Reveresed the 2.0.x and 2.2.x sections for PORTFW
Updated the news regarding PORTFWing FTP traffic for 2.2.x kernels
NOTE: At this time, there *IS* a BETA level IP_MASQ_FTP module for PORT Forwarding FTP connections 2.2.x kernels which also supports adding additional PORTFW FTP ports on the fly without the requirement of unloading and reloading the IP_MASQ_FTP module and thus breaking any existing FTP transfers. |
Added a top level note about PORTFWed FTP support
Added a noted to the 2.0.x PORTFW'ed FTP example why users DON'T need to PORTFW port 20.
Updated the PORTFW section to also mention that users can use FTP proxy applications like the one from SuSe to support PORTFWed FTP-like functionality. Thanks to Stephen Graham for this one.
Updated the example for how to enable PORTFWed FTP to also include required configurations on how the ip_masq_ftp module is loaded for users who use multiple PORTs to contact multiple internal FTP servers. Thanks to Bob Britton for reminding me about this one.
Added a FAQ entry for users who have embedded ^Ms in their rc.firewall file
Expanded the FAQ entry talking about how MASQ is different from NAT and Proxy to include some informative URLs.
Updated the explanation of the MASQ MTU issue and described the two main explanations for the issue.
Clarified that the RFC, PPPoE should only require an MTU of 1490 though some ISPs require a setting of 1460. Because of this, I have updated the example to show an MTU of 1490.
Broke out the Windows 9x sections into Win95 and Win98 as they use different settings (DWORD vs. STRING). I also updated the sections to be clearer and the Registry backup methods have been updated.
Fixed a typo where the NT 4.0 Registry entries were backwards (Tcpip/Parameters vs. Parameters/Tcpip).
Fixed an issue where the WinNT entry should have been a DWORD and not a STRING.
A serious thanks goes out to Geoff Mottram for his various PPPoE and various Windows Registry entry fixes.
Added an explict URL for Oident in the IRC FAQ entry
Updated the FAQ section regarding some broken "netstat" versions
Added new FAQ sections for MASQ accounting ideas and traffic shaping
Expanded the IPROUTE2 FAQ entry on what Policy-routing is.
Moved the IPROUTE2 URLs to the 2.2.x Kernel requirements section and also added a few more URLs as well.
Corrected the "intnet" varible in the stronger IPCHAINS ruleset to reflect the 192.168.0.0 network to be consistent with the rest of the example. Thanks to Ross Johnson for this one.
Added a new FAQ section for users asking about forwarding problems between multiple internal MASQed LANs.
Added a new FAQ section about users wanting to PORTFW all ports from multiple external IP addresses to internal ones. I also touched on users who were trying to PORTFW all ports on multiple IP ALIASed interfaces and also noted the Bridge+Firewall HOWTO for DSL and Cablemodem users who have multiple IPs in a non-routed environment.
Added Mandrake 7.1, Mandrake 7.2, and Slackware 7.1 to the supported list
Added Redhat 7.0 to the MASQ supported distros. Thanks to Eugene Goldstein for this one.
Fixed a mathematical error in the "Maximum Throughput" calculation in the FAQ section. Thanks to Joe White @ [email protected] for this one.
Fixed the Windows9x MTU changes to be a STRING change and not a DWORD change to the registry. Thanks to [email protected] for this one.
Updated the comments in the 2.0.x rc.firewall script to note that the ip_defrag option is for both 2.0 and 2.2 kernels. Thanks to [email protected] for this clarification.
Changes from 1.85 to 1.90 - 07/03/00
Updated the URL for TrinityOS to reflect its newest layout
Caught a typo in the IPCHAINS rulesets where I was setting "ip_ip_always_defrag" instead of "ip_always_defrag"
The URL to Taro Fukunaga was invaild since it was using "mail:" instead of "mailto:"
Added some clarification to the "Masqing multiple internal interfaces" where some users didn't understand why eth0 was referenced multiple times.
Fixed another "space after the EXTIP variable" bug in the stronger IPCHAINS section. I guess I missed one.
In Test #7 of Section 5, I referred users to go back to step #4. That should have been step #6.
Updated the kernel versions that came with SuSe 5.2 and 6.0
Fixed a typo (or vs. of) in Section 7.2
Added Item #9 to the Testing MASQ section to refer users who are still haing MASQ problems to read the MTU entry in the FAQ
Improved the itemization in Section 5
Updated the IPCHAINS syntax to show the MASQ/FORWARD table. Before, it was valid to run "ipchains -F -L" but now only "ipchains -M -L" works.
Updated the LooseUDP documentation to reflect the new LooseUDP behavior in 2.2.16+ kernels. Before, it was always enabled, now, it defaults to OFF due to a possible MASQed UDP port scanning vulnerability. I updated the BASIC and SEMI-STRONG IPCHAINS rulesets to reflect this option.
Updated the recommended 2.2.x kernel to be 2.2.16+ since there is a TCP root exploit vunerability on all lesser versions.
Added Redhat 6.2 to the MASQ supported list
Updated the link for Sonny Parlin's FWCONFIG to point to fBuilder.
Updated the various examples of IP addresses from 111.222.333.444 to be 111.222.121.212 and within a valid IP address range
Updated the URL for the BETA H.323 MASQ module
Finally updated the MTU FAQ section to help out PPPoE DSL and Cablemodem users. Basically, Section 7.15 now reflects the fact that users can also change the MTU settings of all of their INTERNAL machines to solve the dreaded MASQ MTU issue.
Added a clarification to the PORTFW section that PORTFWed connections which work for EXTERNAL clients but will not work for INTERNAL clients. If you also need INTERNAL portfw, you will need to also implement the REDIR tool as well. I also noted that this issue is fixed in the 2.4.x kernels with Netfilter.
I also added a technical explanation from Juanjo to the end of the PORTFW section to why this senario doesn't work properly.
Updated all of the IPCHAINS URLs to point to Paul Rusty's new site at http://netfilter.filewatcher.org/ipchains/
Updated Paul Rustys email address
Added a new FAQ section for users whose connections remain idle for a long period of time and PORTFWed connections no longer work.
Updated all the URLs to the LDP that pointed to metalab.unc.edu to the new site of www.linuxdoc.org
Updated the Netfilter URLs to point to renamed HOWTOs, etc.
I also updated the status of the 2.4.x support to note that I *will* add full Netfilter support to this HOWTO and if the time comes, then split that support off into a different HOWTO.
Updated the 2.4.x Requirements section to reflect how NetFilter has changed compared to IPFWADM and IPCHAINS and gave a PROs/CONs list of new features and changes to old behaviors.
Added a TCP/IP math example to the "My MASQ connection is slow" FAQ entry to better explain what a user should expect performance wise.
Updated the HOWTO to reflect that newer versions of the "pump" DHCP client now can run scripts upon bringup, lease renew, etc.
Updated the PORTFWing of FTP to reflect that several users say they can successfully forward FTP traffic to internal machines without the need of a special ip_masq_ftp module. I have made the HOWTO reflect that users should try it without the modified module first and then move to the patch if required.
Changes from 1.82 to 1.85 - 05/29/00
Ambrose Au's name has been taken off the title page as David Ranch has been the primary maintainer for the HOWTO for over a year. Ambrose will still be involved with the WWW site though.
Deleted a stray SPACE in section 6.4
Re-ordered the compatible MASQ'ed OS section and added instructions for setting up a AS/400 system running on OS/400. Thanks to [email protected] for the notes.
Added an additional PORFW-FTP patch URL for FTP access if HTTP access fails.
Updated the kernel versions for Redhat 5.1 & 6.1 in the FAQ
Added FloppyFW to the list of MASQ-enabled Linux distros
Fixed an issue in the Stronger IPFWADM rule set where there were spaces between "ppp_ip" and the "=".
In the kernel compiling section for 2.2.x kernels, I removed the reference to enable "CONFIG_IP_ALWAYS_DEFRAG". This option was removed from the compiling section and enabled by default with MASQ enabled in 2.2.12.
Because of the above change in the kernel behavior, I added the enabling of ip_always_defrag to all the rc.firewall examples.
Updated the status of support for H.323. There are now ALPHA versions of modules to support H.323 on both 2.0.x and 2.2.x kernels.
Added Debian v2.2 to the supported MASQ distributions list
Fixed a long standing issue where the section that covered explict filtering of IP addresses for IPCHAINS had old IPFWADM syntax. I've also cleaned this section up a little and made it understandable.
Doh! Added Juan Ciarlante's URL to the important MASQ resources section. Man.. you guys need to make me more honest than this!!
Updated the HOWTO to reflect kernels 2.0.38 and 2.2.15
Reversed the order shown to compile kernels to show 2.2.x kernels first as 2.0.x is getting pretty old.
Updated the 2.2.x kernel compiling section to reflect the changed options for the latter 2.2.x kernels.
Added a a possible solution for users that fail to get past MASQ test #5.
Changes from 1.81 to 1.82 - 01/22/00
Added a missing subsection for /proc/sys/net/ipv4/ip_dynaddr in the stronger IPCHAINS ruleset. Section 6.5
Changed the IP Masq support for Debian 2.1 to YES
Reorganized and updated the "Masq is slow" FAQ section to include fixing Ethernet speed and duplex issues.
Added a link to Donald Becker's MII utilities for Ethernet NIC cards
Added a missing ")" for the 2.2.x section (previously fixed it only for the 2.0.x version) to the ICQ portfw script and changed the evaluation from -lt to -le
Added Caldera eServer v2.3 to the MASQ supported list
Added Mandrake 6.0, 6.1, 7.0 to the MASQ supported list
Added Slackware v7.0 to the MASQ supported list
Added Redhat 6.1 to the MASQ supported list
Added TurboLinux 4.0 Lite to the MASQ supported list
Added SuSe 6.3 to the MASQ supported list
Updated the recommended stable 2.2.x kernel to be anything newer than 2.2.11
In section 3.3, the HOWTO forgot how to tell the user how to load the /etc/rc.d/rc.firewall upon each reboot. This has now been covered for Redhat (and Redhat-based distros) and Slackware.
Added clarification in the Windows WFWG v3.x and NT setup sections why users should NOT configure the DHCP, WINS, and Forwarding options.
Added a FAQ section on how to fix FTP problems with MASQed machines.
Fixed a typo in the Stronger firewall rulesets. The "extip" variabl cannot have the SPACE between the variable name and the "=" sign. Thanks to [email protected] for the sharp eye.
Updated the compatibly section: Mandrake 7.0 is based on 2.2.14 and TurboLinux v6.0 runs 2.2.12
Changes from 1.80 to 1.81 - 01/09/00
Updated the ICQ section to reflect that the new ICQ Masq module supports file transfer and real-time chat. The 2.0.x module still has those limitations.
Updated Steven E. Grevemeyer's email address. He is the maintainer of the IP Masq Applications page.
Fixed a few lines that were missing the work AREN'T for the "setsockopt" errors.
Updated a error the strong IPCHAINS ruleset where it was using the variable name "ppp_ip" instead of "extip".
Fixed a "." vs a "?" typo in section 3.3.1 in the DHCP comment section.
Added a missing ")" to the ICQ portfw script and changed the evaluation from -lt to -le
Updated the Quake Module syntax to NOT use the "ports=" verbage
Changes from 1.79 to 1.80 - 12/26/99
Fixed a space typo when setting the "ppp_ip" address.
Fixed a typo in the simple IPCHAINS ruleset. "deny" to "DENY"
Updated the URLs for Bjorn's "modutils" for Linux
Added verbage about NetFilter and IPTables and gave URLs until it is added to this HOWTO or a different HOWTO.
Updated the simple /etc/rc.d/rc.firewall examples to notify users about the old Quake module bug.
Updated the STRONG IPFWADM /etc/rc.d/rc.firewall to clarify users about dynamic IP addresses (PPP & DHCP), newer DHCPCD syntax, and the old Quake module bug.
Updated the STRONG IPCHAINS /etc/rc.d/rc.firewall to ADD a missing section on dynamic IP addresses (PPP & DHCP) and the old Quake module bug.
Added a note in the "Applications that DO NOT work" section that there IS a beta module for Microsoft NetMeeting (H.323 based) v2.x on 2.0.x kernels. There is NO versions available for Netmeeting 3.x and/or 2.2.x kernels as of yet.
Changes from 1.78 to 1.79 - 10/21/99
Updated the HOWTO name to reflect that it isn't a MINI anymore!
Changes from 1.77 to 1.78 - 8/24/99
Fixed a typo in "Section 6.6 - Multiple Internal Networks" where the -a policy was ommited.
Deleted the 2.2.x kernel configure option "Drop source routed frames" since it is now enabled by default and the kernel compile option was removed.
Updated the 2.2.x and all other IPCHAINS sections to notify users of the IPCHAINS fragmentation bug.
Updated all of the URLs pointing at Lee Nevo's old IP Masq Applications page to Seg's new page.
Changes from 1.76 to 1.77 - 7/26/99
Fixed a typo in the Port fowarding section that used "ipmasqadm ipportfw -C" instead of "ipmasqadm portfw -f"
Changes from 1.75 to 1.76 - 7/19/99
Updated the "ipfwadm: setsockopt failed: Protocol not available" message in the FAQ to be clearer instead of making the user hunt for the answer in the Forwarders section.
Fixed incorrect syntax in section 6.7 for IPMASQADM and "portfw"
Changes from 1.72 to 1.75 - 6/19/99
Fixed the quake module port setup order for the weak IPFWADM & IPCHAINS ruleset and the strong IPFWADM ruleset as well.
Added a user report about port forwarding ICQ 4000 directly in and using ICQ's default settings WITHOUT enabling the "Non-Sock" proxy setup.
Updated the URLs for the IPMASQADM tool
Added references to Taro Fukunaga, [email protected] for his MkLinux port of the HOWTO
Updated the blurb about Sonny Parlin's FWCONFIG tool to note new IPCHAINS support
Noted that Fred Vile's patch for portfw'ed FTP access is ONLY available for the 2.0.x kernels
Updated the 2.2.x kernel step with a few clarifications on the Experiemental tag
Added Glen Lamb's name to the credits for the LooseUDP patch
Added a clarification on installing the LooseUDP patch that it should use "cat" for non-compressed patches.
Fixed a typo in the IPAUTO FAQ section
I had the DHCP client port numbers reversed for the IPFWADM and IPCHAINS rulesets. The order I had was if your Linux server was a DHCP SERVER.
Added explict /sbin path to all weak and strong ruleset examples.
Made some clarifications in the strong IPFWADM section regarding Dynamic IP addresses for PPP and DHCP users. I also noted that the strong rulesets should be re-run when PPP comes up or when a DHCP lease is renewed.
Added references in the 2.2.x requirements, updated the ICQ FAQ section, and added Andrew Deryabin to the credits section for his ICQ MASQ module.
Added some clarifcations to the FAQ section explaining why the 2.1.x and 2.2.x kernels went to IPCHAINS.
Added a little FAQ section on Microsoft File/Print/Domain services (Samba) through a MASQ server. I also added an URL to a Microsoft Knowledge based document for more details.
Added clarifications to the FAQ section that NO Debian distribution supports IP masq out of the box.
Updated the supported MASQ distributions in the FAQ section.
Added to the Aliased NIC section of the FAQ that you CANNOT masq out of an aliased interface.
Wow.. never caught this before but the "ppp-ip" variable in the strong ruleset section is an invalid variable name! It has been renamed to "ppp_ip"
In both the IPFWADM and IPCHAINS simple ruleset setup areas, I had a commented out section on enabling DHCP traffic. Problem is, it was below the final reject line! Doh! I moved both up a section.
In the simple IPCHAINS setup, the #d out line for DHCP users, I was using the IPFWADM "-W" command instead of IPCHAINS's "-i" parameter.
Added a little blurb to the Forwarders section the resolution to the famous "ipfwadm: setsockopt failed: Protocol not available" error. This also includes a little /proc test to let users confirm if IPPORTFW is enabled in the kernel. I also added this error to a FAQ section for simple searching.
Added a Strong IPCHAINS ruleset to the HOWTO
Added a FAQ section explaining the "kernel: ip_masq_new(proto=UDP): no free ports." error.
Added an example of scripting IPMASQADM PORTFW rules
Updated a few of the Linux Documentation Project (LDP) URLs
Added Quake III support in the module loading sections of all the rc.firewall rulesets.
Fixed the IPMASQADM forwards for ICQ
1.72 - 4/14/99 - Dranch: Added a large list of Windows NAT/Proxy alternatives with rough pricing and URLs to the FAQ.
1.71 - 4/13/99 - Dranch: Added IPCHAINS setups for multiple internal MASQed networks. Changed the ICQ setup to use ICQ's default 60 second timeout and changed IPFWADM/IPCHAINS timeout to 160 seconds. Updated the MASQ and MASQ-DEV email list and archive subscription instructions.
1.70 - 3/30/99 - Dranch: Added two new FAQ sections that cover SMTP/POP-3 timeout problems and how to masquerade multiple internal networks out onto different external IP addresses with IPROUTE2.
1.65 - 3/29/99 - Dranch: Typo fixes, clarifications of required 2.2.x kernel options, added dynamic PPP IP address support to the strong firewall section, additional quake II module ports, noted that the LooseUDP patch is built into later 2.2.x kernels and its from Glenn Lamb and not Dan Kegel, added more game info in the compatibility section.
1.62 - Dranch: Make the final first-draft changes to the doc and now announce it in the MASQ email list.
1.61 - Dranch: Made editorial changes, cleaned things up and fixed some errors in the Windows95 and NT setups.
1.58 - Dranch: Addition of the port forwarding sections; LooseUDP setup; Ident servers for IRC users, how to read firewall logs, deleted the CuSeeme Mini-HOWTO since it is rarely used.
1.55 - Dranch: Complete overhaul, feature and FAQ addition, and editing sweep of the v1.50 HOWTO. Completed the 2.2.x kernel and IPCHAINS configurations. Did a conversion from IPAUTOFW to IPPORTFW for the examples that applied. Added many URLs to various other documentation and utility sites. There are so many changes.. I hope everyone likes it. Final publishing of this new rev of the HOWTO to the LDP project won't happen until the doc is looked over and approved by the IP MASQ email list (then v2.00).
1.50 - Ambrose: A serious update to the HOWTO and the initial addition of the 2.2.0 and IPCHAINS configurations.
1.20 - Ambrose: One of the more recent HOWTO versions that solely dealt with < 2.0.x kernels and IPFWADM.