Networking options ---> [*] Network firewalls [*] TCP/IP networking [*] IP: firewalling [*] IP: masquerading --- Protocol-specific masquerading support will be built as modules. [*] IP: ipautofw masq support [*] IP: ICMP masquerading
Note that some of the masquerade support is available only as a kernel module.
This means that you must ensure that you
make modules" in addition to the usual
make zImage" when building
Networking options ---> [M] Network packet filtering (replaces ipchains)
In the 2.2 series kernels, a number of protocol-specific helper modules are created during kernel compilation. Some protocols begin with an outgoing request on one port, and then expect an incoming connection on another. Normally these cannot be masqueraded, as there is no way of associating the second connection with the first without peering inside the protocols themselves. The helper modules do just that; they actually look inside the datagrams and allow masquerading to work for supported protocols that otherwise would be impossible to masquerade. The supported protocols are:
|ip_masq_vdolive||For VDO Live|
You must load these modules manually using the insmod command to implement them. Note that these modules cannot be loaded using the kerneld daemon. Each of the modules takes an argument specifying what ports it will listen on. For the RealAudio™ module you might use:
insmod ip_masq_raudio.o ports=7070,7071,7072
The ports you need to specify depend on the protocol. An IP masquerade mini-HOWTO written by Ambrose Au explains more about the IP masquerade modules and how to configure them.
The netfilter package includes modules that perform
similar functions. For example, to provide connection tracking of FTP
sessions, you’d load and use the