Since there were several modules created in compiling the kernel, you should make sure they load automatically at bootup. You can do this by inserting these lines to your /etc/rc.d/rc.local
(or wherever you feel is appropriate).
/sbin/depmod -a /sbin/modprobe ip_masq_ftp /sbin/modprobe ip_masq_raudio /sbin/modprobe ip_masq_irc (and other modules such as ip_masq_cuseeme, ip_masq_vdolive if you have applied the patches)
Now, you need to use ipfwadm to forward appropriate packets to the appropriate machine. You need a patched version of ipfwadm to work properly with IP Masquerade. Get a copy of ipfwadm compiled with the timeout patch from the IP Masquerade Resource page. From the IP Masquerade mini HOWTO:
ipfwadm -F -p deny ipfwadm -F -a m -S yyy.yyy.yyy.yyy/x -D 0.0.0.0/0 where x is one of the following numbers according to the class of your subnet, and yyy.yyy.yyy.yyy is your network address. netmask | x | Subnet ~~~~~~~~~~~~~~~~|~~~~|~~~~~~~~~~~~~~~ 255.0.0.0 | 8 | Class A 255.255.0.0 | 16 | Class B 255.255.255.0 | 24 | Class C 255.255.255.255 | 32 | Point-to-point For example, if I'm on a class C subnet, I would have entered: ipfwadm -F -p deny ipfwadm -F -a m -S 192.168.1.0/24 -D 0.0.0.0/0 The second command could have either -V 192.168.1.1 or -W eth0 added to it to ensure that the masqueraded packets came in through the appropriate interface of the system - if you are at all security concious (otherwise known as justifiably paranoid) then you will want to do this.
Note that in the instructions above, yyy.yyy.yyy.yyy
represents your internal network address, not your remote network address. My setup contains exactly the entry he has above in that two line example.
Once again, since you want this to be set automatically at boot, add those two lines to /etc/rc.d/rc.local
.
For other types of network setups, such as bootp, or for per-machine control for example, see the IP Masquerade mini HOWTO.