I think the NET2-HOWTO has something outdated in it. Here are the
lines I use from my /etc/rc.d/rc.local...
## Masquerading/Firewalling for 1.3.66 and later (?)
if [ -x /sbin/ipfwadm ]; then
/sbin/ipfwadm -I -f # flush "Input" rules
/sbin/ipfwadm -O -f # flush "Output" rules
/sbin/ipfwadm -F -f # flush "Forwarding" rules
# Enable masquerading as the default forwarding policy
#/sbin/ipfwadm -F -p masquerade
# Set default forwarding policy to deny and masquerade the private
# network
/sbin/ipfwadm -F -p deny
/sbin/ipfwadm -F -a masquerade -S 192.168.2.0/24 -D 0.0.0.0/0
# Don't let any packets from the internal network "leak" out
/sbin/ipfwadm -O -a deny -W ppp0 -S 192.168.2.0/24 \
-D 0.0.0.0/0
# Disable access to certain tcp ports that we don't want to give
# any access to.
/sbin/ipfwadm -I -a deny -W ppp0 -P tcp -S 0.0.0.0/0 \
-D 0.0.0.0/0 23 513 514
# Enable access from the outside for the reserved tcp ports only when the
# ACK bit is set. We also give total access to identd (port 113). The
# reason for giving total access to identd is so that hosts which we
# rlogin to can verify who we are.
/sbin/ipfwadm -I -a accept -W ppp0 -P tcp -k -S 0.0.0.0/0 \
-D 0.0.0.0/0 1:1023
/sbin/ipfwadm -I -a accept -W ppp0 -P tcp -S 0.0.0.0/0 \
-D 0.0.0.0/0 113
/sbin/ipfwadm -I -a deny -W ppp0 -P tcp -S 0.0.0.0/0 \
-D 0.0.0.0/0 1:1023
# Enable (udp) dns
/sbin/ipfwadm -I -a accept -W ppp0 -P udp -S 0.0.0.0/0 \
-D 0.0.0.0/0 53
# Disable the low numbered udp ports
/sbin/ipfwadm -I -a deny -W ppp0 -P udp -S 0.0.0.0/0 \
-D 0.0.0.0/0 1:1023
fi
Obviously you'll only be interested in the lines which deal with masquerading.
In particular, this line:
/sbin/ipfwadm -F -a masquerade -S 192.168.2.0/24 -D 0.0.0.0/0
You can find info and links to the ipfwadm utility at
http://simba.xos.nl/linux/ipfwadm/
Kevin