IPMasquerading+Napster mini-HOWTO
John E. Danner
v1.6, 11 April 2000
This mini-HOWTO present a way to allow users behind an IPMasq'd system
to use Napster.
For information about Napster, please see their website at Napster
Homepage
1. DISCLAIMER
In order to allow Napster to work correctly, you will need to put a
hole in the IP Masq'd system. This inherently presents potential
security problems. Unfortunately I cannot accept responsibility for
this hack. So if you do this, and you get burned because of it...not
my fault. Great...now lets get into it...
2. INTRODUCTION
After setting up a network for my roommates and I, the problem arose
that were not able to use Napster because of the IPMasquerading I was
doing. So I put some time into and came up with this solution to the
problem. I hope it works for you like it did for me...but I can't
promise anything.
3. BEFORE YOU BEGIN
I have tested this solution with the following variables:
1. Napster v2.0 Beta 5a (for Windows), visit Napster Homepage
to ensure you have the newest version.
2. One external IP to the internet.
3. Currently 6 systems behind the IPMasq'd machine, 4 using Napster.
4. Using Linux kernel version 2.2.12-20 (RedHat v6.1 Distribution)
5. IPMASQADM utility version 0.42, get it Here
4. PROCEDURE
First off, ensure that you have the version (or newer) as listed above
in the previous section. Also be sure they are installed correctly.
1. Install Napster on the Windows client PC's
2. After installation and Napster user setup, this version of Napster
will begin "Finding Acceptable Local Data Port", after a short time
an error will occur. Note: If you have already installed napster
v2.0 beta 5a, under the file menu select 'Properties.'
3. At this point select the second option "I am not behind a firewall
or I configured my firewall - Use TCP port:"
4. Enter a unique number. Each computer that will be running Napster
will need to use a different port. It may be easier to use the last
number of the IP address. For example: if the computer's IP is
192.168.1.2, then 6702 would be easiest to remember. Note: make
sure you don't pick ports for services that are running (i.e. 21,
110, etc...see /etc/services for a listing)
5. Repeats steps 1 - 4 for all systems that will be using Napster.
6. Now login to your IPMasq'd system and modify a startup file of your
choice (I choose to use /etc/rc.d/rc.local)
The following lines pass the connection to the Napster clients running on the hosts behind your IPMasq'd system.
(add them to the startup file - you'll need to one command for each host using Napster)
/usr/sbin/ipmasqadm portfw -a -P tcp -L xxx.xxx.xxx.xxx 6702 -R 192.168.1.2 6702
/usr/sbin/ipmasqadm portfw -a -P tcp -L xxx.xxx.xxx.xxx 6703 -R 192.168.1.3 6703
/usr/sbin/ipmasqadm portfw -a -P tcp -L xxx.xxx.xxx.xxx 6704 -R 192.168.1.4 6704
/usr/sbin/ipmasqadm portfw -a -P tcp -L xxx.xxx.xxx.xxx 6705 -R 192.168.1.5 6705
Note: XXX.XXX.XXX.XXX is the IP address of the Linux IPMasqing system (the Internet IP).
Note: If you are having problems with IPMASQADM or IPMasquerading in
general see the IPMASQ-HOWTO. This document is provided to help people
who have their systems configured. The IPMASQ-HOWTO will get into a
deeper discussion of port forwarding and IPMasq'd in general.
5. DYNAMIC IP AREA (Dial-up or DHCP)
See this and the Procedure section if your IP address changes
everytime you connect to the internet.
Thanks to Peter Illmayer for the following submission to me: (This
will work out best for those of you with dynamic IP's...)
------------------------------------------------------------
IN debian, I created a forward file in /etc/ppp/ip-up.d and put in
#!/bin/sh
ppp_ip="`/sbin/ifconfig ppp0 | grep 'inet addr' | awk '{print $2}' | sed -e
/usr/sbin/ipmasqadm portfw -f
/usr/sbin/ipmasqadm portfw -a -P tcp -L ${ppp_ip} 6702 -R 192.168.0.2 6702
This is in a 2.2.x kernel with ipmasqadm installed with the appropriate
kernel modules compiled in.
---------------------------------------------------------------
Charles J. Fisher pointed out that a similar script can be used if you
are using DHCP, insert the following lines in a script that runs after
you get your IP address.
net_ip="`ifconfig eth0 | awk '/inet/ {sub(/addr:/,"",$2); print $2}'`"
/usr/sbin/ipmasqadm portfw -f
/usr/sbin/ipmasqadm portfw -a -P tcp -L ${net_ip} 6702 -R 192.168.1.2 6702
Of course the more machines using Napster behind your IPMasq'd machine
the more port forwards you need to do.
6. FINISHED PRODUCT
This system will allow Napster to operate properly behind an IPMasq'd
system. Hopefully it works for you as well as it does for me! Please
direct comments/suggestions/flames to jed204@psu.edu
7. HOWTO MAINTENANCE
This is the initial version of this document. Very rough. If the
interest is out there and things changes, so will this document. If
anyone else has a solution they think is better...please, all means,
let me know and we can discuss what the best solution possible is.
8. Copyright and License
Copyright (c) 2000 by John E. Danner
Please freely copy and distribute (sell or give away) this document in
any format. It's requested that corrections and/or comments be
fowarded to the document maintainer. You may create a derivative work
and distribute it provided that you:
1.Send your derivative work (in the most suitable format such as sgml)
to the LDP (Linux Documentation Project) or the like for posting on
the Internet. If not the LDP, then let the LDP know where it is
available.
2.License the derivative work with this same license or use GPL.
Include a copyright notice and at least a pointer to the license used.
3.Give due credit to previous authors and major contributors.
If you're considering making a derived work other than a translation,
it's requested that you discuss your plans with the current
maintainer.