This document describes how to enable the Linux IP Masquerade feature on a given Linux host. IP Masq is a form of Network Address Translation or NAT that allows internally connected computers that do not have one or more registered Internet IP addresses to have the ability to communicate to the Internet via your Linux box's single Internet IP address. It is possible to connect your internal machines to the Linux host with LAN technologies like Ethernet, TokenRing, FDDI, as well as other kinds of connections such as dialup PPP or SLIP links. This document uses Ethernet for the primary example since it is the most common scenario.
This document is intended for users using either of the stable Linux kernels: 2.0.38+ and 2.2.17+ on a IBM-compatible PC. Older kernels such as 1.2.x, 1.3.x, and 2.1.x are NOT covered in this document and, in some kernel versions, can be considered broken. Please upgrade to one of the stable Linux kernels before using IP Masquerading. The new 2.3 and 2.4 kernels with the new NetFilter code aren't covered yet but URLs are provided below. Once the feature set for Netfilter is final, the new code will be covered in this HOWTO.If you are configuring IP Masq for use on a Macintosh, please email Taro Fukunaga, for a copy of his short MkLinux version of this HOWTO.
As a new user, I found it very confusing to setup IP masquerade on Linux kernel, (1.2.x kernel back then). Although there is a FAQ and a mailing list, there was no document that was dedicated to it. There were also some requests on the mailing list for such a HOWTO. So, I decided to write this HOWTO as a starting point for new users and possibly create a building block for other knowledgeable users to use add to in the future. If you have any ideas for this document, corrections, etc., feel free to tell us so that we can make it better.
This document was originally based on the original FAQ by Ken Eves and numerous helpful messages from the IP Masquerade mailing list. A special thanks to Mr. Matthew Driver whose mailing list message inspired me to set up IP Masquerade and eventually writing this. Recently, David Ranch re-wrote the HOWTO and added a substantial number of sections to the HOWTO to make this document as complete as possible.
Please feel free to send any feedback or comments to and if you have any corrections or if any information/URLs/etc. is missing. Your invaluable feedback will certainly influence the future of this HOWTO!
This HOWTO is meant to be a fairly comprehensive guide on getting your Linux IP Masquerading network working in the shortest time possible. David is not a technical writer by trade so you might find the information in this document not as general and/or objective as it could be. The latest news and information regarding this HOWTO and other IP MASQ details can be found at the IP Masquerade Resource web page that we actively maintain. If you have any technical questions on IP Masquerade, please join the IP Masquerade Mailing List instead of sending email to David. Most MASQ problems are common for ALL MASQ users and can be easily solved by someone on the list. In addition to this, the response time of the IP MASQ email list will be much faster than a reply from David.
The latest version of this document can be found at the following sites which also contains HTML and postscript versions
This document is copyright(c) 2000 David Ranch
and it is a FREE document. You may redistribute it under the terms of the GNU General Public License.
The information herein this document is, to the best of David's knowledge, correct. However, the Linux IP Masquerade feature is written by humans and thus, there is the chance that mistakes, bugs, etc. might happen from time to time.
No person, group, or other body is responsible for any damage on your computer(s) and any other losses by using the information on this document. i.e.
THE AUTHORS AND ALL MAINTAINERS ARE NOT RESPONSIBLE FOR ANY DAMAGES INCURRED DUE TO ACTIONS TAKEN BASED ON THE INFORMATION IN THIS DOCUMENT.
Ok, with all this behind us... On with the show..