IPMasquerading+Napster mini-HOWTO
  John E. Danner
  v1.6, 11 April 2000

  This mini-HOWTO present a way to allow users behind an IPMasq'd system
  to use Napster.

  For information about Napster, please see their website at Napster
  Homepage <http://www.napster.com/>


  In order to allow Napster to work correctly, you will need to put a
  hole in the IP Masq'd system. This inherently presents potential
  security problems. Unfortunately I cannot accept responsibility for
  this hack. So if you do this, and you get burned because of it...not
  my fault. Great...now lets get into it...


  After setting up a network for my roommates and I, the problem arose
  that were not able to use Napster because of the IPMasquerading I was
  doing. So I put some time into and came up with this solution to the
  problem. I hope it works for you like it did for me...but I can't
  promise anything.


  I have tested this solution with the following variables:

  1. Napster v2.0 Beta 5a (for Windows), visit Napster Homepage
     <http://www.napster.com/> to ensure you have the newest version.

  2. One external IP to the internet.

  3. Currently 6 systems behind the IPMasq'd machine, 4 using Napster.

  4. Using Linux kernel version 2.2.12-20 (RedHat v6.1 Distribution)

  5. IPMASQADM utility version 0.42, get it Here


  First off, ensure that you have the version (or newer) as listed above
  in the previous section. Also be sure they are installed correctly.

  1. Install Napster on the Windows client PC's

  2. After installation and Napster user setup, this version of Napster
     will begin "Finding Acceptable Local Data Port", after a short time
     an error will occur.  Note: If you have already installed napster
     v2.0 beta 5a, under the file menu select 'Properties.'

  3. At this point select the second option "I am not behind a firewall
     or I configured my firewall - Use TCP port:"

  4. Enter a unique number. Each computer that will be running Napster
     will need to use a different port. It may be easier to use the last
     number of the IP address. For example: if the computer's IP is, then 6702 would be easiest to remember.  Note: make
     sure you don't pick ports for services that are running (i.e. 21,
     110, etc...see /etc/services for a listing)

  5. Repeats steps 1 - 4 for all systems that will be using Napster.

  6. Now login to your IPMasq'd system and modify a startup file of your
     choice (I choose to use /etc/rc.d/rc.local)

     The following lines pass the connection to the Napster clients running on the hosts behind your IPMasq'd system.
     (add them to the startup file - you'll need to one command for each host using Napster)

     /usr/sbin/ipmasqadm portfw -a -P tcp -L xxx.xxx.xxx.xxx 6702 -R 6702
     /usr/sbin/ipmasqadm portfw -a -P tcp -L xxx.xxx.xxx.xxx 6703 -R 6703
     /usr/sbin/ipmasqadm portfw -a -P tcp -L xxx.xxx.xxx.xxx 6704 -R 6704
     /usr/sbin/ipmasqadm portfw -a -P tcp -L xxx.xxx.xxx.xxx 6705 -R 6705

     Note: XXX.XXX.XXX.XXX is the IP address of the Linux IPMasqing system (the Internet IP).

  Note: If you are having problems with IPMASQADM or IPMasquerading in
  general see the IPMASQ-HOWTO. This document is provided to help people
  who have their systems configured. The IPMASQ-HOWTO will get into a
  deeper discussion of port forwarding and IPMasq'd in general.

  5.  DYNAMIC IP AREA (Dial-up or DHCP)

  See this and the Procedure section if your IP address changes
  everytime you connect to the internet.

  Thanks to Peter Illmayer for the following submission to me: (This
  will work out best for those of you with dynamic IP's...)

  IN debian, I created a forward file in /etc/ppp/ip-up.d and put in

  ppp_ip="`/sbin/ifconfig ppp0 | grep 'inet addr' | awk '{print $2}' | sed -e
  /usr/sbin/ipmasqadm portfw -f
  /usr/sbin/ipmasqadm portfw -a -P tcp -L ${ppp_ip} 6702 -R 6702

  This is in a 2.2.x kernel with ipmasqadm installed with the appropriate
  kernel modules compiled in.

  Charles J. Fisher pointed out that a similar script can be used if you
  are using DHCP, insert the following lines in a script that runs after
  you get your IP address.

  net_ip="`ifconfig eth0 | awk '/inet/ {sub(/addr:/,"",$2); print $2}'`"
  /usr/sbin/ipmasqadm portfw -f
  /usr/sbin/ipmasqadm portfw -a -P tcp -L ${net_ip} 6702 -R 6702

  Of course the more machines using Napster behind your IPMasq'd machine
  the more port forwards you need to do.


  This system will allow Napster to operate properly behind an IPMasq'd
  system.  Hopefully it works for you as well as it does for me! Please
  direct comments/suggestions/flames to   jed204@psu.edu


  This is the initial version of this document. Very rough. If the
  interest is out there and things changes, so will this document. If
  anyone else has a solution they think is better...please, all means,
  let me know and we can discuss what the best solution possible is.

  8.  Copyright and License

  Copyright (c) 2000 by John E. Danner

  Please freely copy and distribute (sell or give away) this document in
  any format. It's requested that corrections and/or comments be
  fowarded to the document maintainer. You may create a derivative work
  and distribute it provided that you:

  1.Send your derivative work (in the most suitable format such as sgml)
  to the LDP (Linux Documentation Project) or the like for posting on
  the Internet. If not the LDP, then let the LDP know where it is

  2.License the derivative work with this same license or use GPL.
  Include a copyright notice and at least a pointer to the license used.

  3.Give due credit to previous authors and major contributors.

  If you're considering making a derived work other than a translation,
  it's requested that you discuss your plans with the current