IPMasquerading+Napster mini-HOWTO John E. Danner v1.6, 11 April 2000 This mini-HOWTO present a way to allow users behind an IPMasq'd system to use Napster. For information about Napster, please see their website at Napster Homepage 1. DISCLAIMER In order to allow Napster to work correctly, you will need to put a hole in the IP Masq'd system. This inherently presents potential security problems. Unfortunately I cannot accept responsibility for this hack. So if you do this, and you get burned because of it...not my fault. Great...now lets get into it... 2. INTRODUCTION After setting up a network for my roommates and I, the problem arose that were not able to use Napster because of the IPMasquerading I was doing. So I put some time into and came up with this solution to the problem. I hope it works for you like it did for me...but I can't promise anything. 3. BEFORE YOU BEGIN I have tested this solution with the following variables: 1. Napster v2.0 Beta 5a (for Windows), visit Napster Homepage to ensure you have the newest version. 2. One external IP to the internet. 3. Currently 6 systems behind the IPMasq'd machine, 4 using Napster. 4. Using Linux kernel version 2.2.12-20 (RedHat v6.1 Distribution) 5. IPMASQADM utility version 0.42, get it Here 4. PROCEDURE First off, ensure that you have the version (or newer) as listed above in the previous section. Also be sure they are installed correctly. 1. Install Napster on the Windows client PC's 2. After installation and Napster user setup, this version of Napster will begin "Finding Acceptable Local Data Port", after a short time an error will occur. Note: If you have already installed napster v2.0 beta 5a, under the file menu select 'Properties.' 3. At this point select the second option "I am not behind a firewall or I configured my firewall - Use TCP port:" 4. Enter a unique number. Each computer that will be running Napster will need to use a different port. It may be easier to use the last number of the IP address. For example: if the computer's IP is 192.168.1.2, then 6702 would be easiest to remember. Note: make sure you don't pick ports for services that are running (i.e. 21, 110, etc...see /etc/services for a listing) 5. Repeats steps 1 - 4 for all systems that will be using Napster. 6. Now login to your IPMasq'd system and modify a startup file of your choice (I choose to use /etc/rc.d/rc.local) The following lines pass the connection to the Napster clients running on the hosts behind your IPMasq'd system. (add them to the startup file - you'll need to one command for each host using Napster) /usr/sbin/ipmasqadm portfw -a -P tcp -L xxx.xxx.xxx.xxx 6702 -R 192.168.1.2 6702 /usr/sbin/ipmasqadm portfw -a -P tcp -L xxx.xxx.xxx.xxx 6703 -R 192.168.1.3 6703 /usr/sbin/ipmasqadm portfw -a -P tcp -L xxx.xxx.xxx.xxx 6704 -R 192.168.1.4 6704 /usr/sbin/ipmasqadm portfw -a -P tcp -L xxx.xxx.xxx.xxx 6705 -R 192.168.1.5 6705 Note: XXX.XXX.XXX.XXX is the IP address of the Linux IPMasqing system (the Internet IP). Note: If you are having problems with IPMASQADM or IPMasquerading in general see the IPMASQ-HOWTO. This document is provided to help people who have their systems configured. The IPMASQ-HOWTO will get into a deeper discussion of port forwarding and IPMasq'd in general. 5. DYNAMIC IP AREA (Dial-up or DHCP) See this and the Procedure section if your IP address changes everytime you connect to the internet. Thanks to Peter Illmayer for the following submission to me: (This will work out best for those of you with dynamic IP's...) ------------------------------------------------------------ IN debian, I created a forward file in /etc/ppp/ip-up.d and put in #!/bin/sh ppp_ip="`/sbin/ifconfig ppp0 | grep 'inet addr' | awk '{print $2}' | sed -e /usr/sbin/ipmasqadm portfw -f /usr/sbin/ipmasqadm portfw -a -P tcp -L ${ppp_ip} 6702 -R 192.168.0.2 6702 This is in a 2.2.x kernel with ipmasqadm installed with the appropriate kernel modules compiled in. --------------------------------------------------------------- Charles J. Fisher pointed out that a similar script can be used if you are using DHCP, insert the following lines in a script that runs after you get your IP address. net_ip="`ifconfig eth0 | awk '/inet/ {sub(/addr:/,"",$2); print $2}'`" /usr/sbin/ipmasqadm portfw -f /usr/sbin/ipmasqadm portfw -a -P tcp -L ${net_ip} 6702 -R 192.168.1.2 6702 Of course the more machines using Napster behind your IPMasq'd machine the more port forwards you need to do. 6. FINISHED PRODUCT This system will allow Napster to operate properly behind an IPMasq'd system. Hopefully it works for you as well as it does for me! Please direct comments/suggestions/flames to jed204@psu.edu 7. HOWTO MAINTENANCE This is the initial version of this document. Very rough. If the interest is out there and things changes, so will this document. If anyone else has a solution they think is better...please, all means, let me know and we can discuss what the best solution possible is. 8. Copyright and License Copyright (c) 2000 by John E. Danner Please freely copy and distribute (sell or give away) this document in any format. It's requested that corrections and/or comments be fowarded to the document maintainer. You may create a derivative work and distribute it provided that you: 1.Send your derivative work (in the most suitable format such as sgml) to the LDP (Linux Documentation Project) or the like for posting on the Internet. If not the LDP, then let the LDP know where it is available. 2.License the derivative work with this same license or use GPL. Include a copyright notice and at least a pointer to the license used. 3.Give due credit to previous authors and major contributors. If you're considering making a derived work other than a translation, it's requested that you discuss your plans with the current maintainer.