What is IP Masquerading?

By salman | Published: July 4, 2011

“MASQ” or “IPMASQ”, short for IP Masquerade, helps machines with non-routable IP addresses to access Internet via the machine that is actually masquerading. It is a form of NAT (Network Address Translation). IPMASQ works perfectly with LAN technologies like Token Ring, Ethernet, FDDI and dial-up connections.

In case of IPMASQ a gateway machine acts as the mediator between the machines on your network and the Internet. Connection Tracking (conntrack) feature of Linux is used to keep track of connections and their source. This helps in rerouting the packets accordingly. Henceforth, packets leaving the private network are masqueraded as if they originated from the mediator machine. Microsoft calls this feature as Internet Connection Sharing.

IPMASQ can be achieved with the help of a single command:

sudo iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE

This command works when your private IP address range is 192.168.0.0/16 and the Internet-facing machine is ppp0. Below we break the syntax so as to clear all attributes:

  • -t nat – this helps you enter the nat table.
  • -A POSTROUTING – this will append ‘–A’ to POSTROUTING chain.
  • -s 192.168.0.0/16 – this specifies the address space being used within the network.
  • -o ppp0 – this applies to traffic that is being routed via specific device in network.
  • -j MASQUERADE – this masquerades the traffic via the gateway described above.

NOTE: If your network has a firewall in front of your gateway machine then you will have to FORWARD your traffic so as to complete the network connection.

sudo iptables -A FORWARD -s 192.168.0.0/16 -o ppp0 -j ACCEPT

sudo iptables -A FORWARD -d 192.168.0.0/16 -m state --state ESTABLISHED,RELATED -i ppp0 -j ACCEPT

In above case connection is ESTABLISHED even if your firewall policies are set to REJECT or DROP.

Salman Siddiqui is an expert technology analyst. His vast experience of freelance writing is backed by his passion to swim against the tide. You can grab him on Twitter.

This entry was posted in Misc and tagged . Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

  • Stay up to date with all the latest news on VPN services, hide IP tools, online anonymity, anonymous browsing, and many more. Your email will be kept private and never shared with anyone.

    Subscribe via Email:    

    I respect your privacy. You may unsubscribe at any time with just one click.

Related Posts

  1. Who requires IP Masquerading and who must ignore it?
  2. Comparing IP Masquerading with Proxy and NAT
  3. Types Of Proxy Sites

2 Trackbacks

  1. By Comparing IP Masquerading with Proxy and NAT on July 8, 2011 at 7:02 am

    [...] IPMASQ can be tagged as 1:Many form of NAT. Basically, IPMASQ acts as the originating machine for requests thus masking the original source from the external public network. [...]

  2. By Who requires IP Masquerading and who must ignore it? on July 12, 2011 at 3:41 pm

    [...] our discussion on IPMASQ we moved on to gauge the differences between IPMASQ, Proxy and NAT. If you haven’t been through [...]

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

  • Claim Your FREE Copy Of The
    “Protect Your Privacy NOW!” E-Book

    • 6 Reasons Why YOU Should Hide Your IP Address
    • What does your IP address reveal about you?
    • Is hiding your IP address legal?
    • The pros and cons of hiding your IP address

  • Recommended Hide IP Services