Forwarding and masquerding

Rick Stevens rstevens at vitalstream.com
Wed Jan 26 22:38:11 UTC 2005 

Marcos Osorio wrote:
> Hi, i installed a Red Hat Enterprise Edition 3 and i want to use this 
> server as a gateway, so, my quiestion is:
> How can i forward and do masquerading of the others pcs, i have to nics, 
> eth0 and eth1, so is there any aplication or script?

Depends on whether you're using sendmail, postfix or qmail--they're all
different.

If you're going to be toying with sendmail, make sure you get a copy of
the "Bat Book" ("sendmail" by Costales and Allman, O'Reilly).  It
describes all of the stuff.

For sendmail in a nutshell, do this as root:

1.	cd /etc/mail

2.	Edit "sendmail.mc" and uncomment the various "masquerade*"
	options you need by deleting the "dnl " bit in front and
	modifying the contents as needed.  The lines you're probably
	interested in would look like this after you edit them:

	MASQUERADE_AS(`mydomain.com')dnl
		(note that the first quote is a grave, on the "~" key)
	FEATURE(masquerade_envelope)dnl
	FEATURE(masquerade_entire_domain)dnl
	MASQUERADE_DOMAIN(localhost)dnl
	MASQUERADE_DOMAIN(localhost.localdomain)dnl
	MASQUERADE_DOMAIN(mydomain.com)dnl

	You also need to remove the "Addr=127.0.0.1," bit from the
	"DAEMON_OPTIONS" line:

	DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl


3.	Edit "access" and add "Connect:xxx.xxx.xxx.xxx RELAY" lines as
	needed for the machines you are willing to relay for, where the
	"xxx.xxx.xxx.xxx" is the IP address for the client machines.

4.	Do a "make" to rebuild "sendmail.cf" from "sendmail.mc" and
	build "access.db" from "access".

5.	Restart sendmail via "/etc/rc.d/init.d/sendmail restart"

I REALLY, REALLY (and I mean REALLY!) recommend you peruse the bat book
FIRST.  The LAST thing the Internet needs is another bloody open relay
server.  What I've given you above is VERY cursory and you can get
yourself into lots of trouble if you screw up.

MAJOR POINT HERE!
If you don't know what you're doing or you don't understand what I said
above, go find someone who knows what to do.  DO NOT try this if you
have ANY doubts.  If you do, the odds are you'll end up with an open
relay server and then you'll come back to us complaining that you got
blacklisted on SORBS or dnsbl.org.  Ignoring our warnings will make us
rather unsympathetic to your plight.

I don't want to sound mean, but I run a mail service that handles 18M
messages a day and I'm really, really tired of open relay servers (90%
of which are Windows machines or badly-configured sendmail machines)
spamming us or trying to propagate viruses.  Fully 50% of the traffic
we see is crap of that sort.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens at vitalstream.com -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-          Consciousness: that annoying time between naps.           -
----------------------------------------------------------------------

More information about the Redhat-install-list mailing list