SlideShare a Scribd company logo

Nad710 Network Address Translation

Download as PPT, PDF
T
tmavroidis

Network Address Translation

Technology
1 of 20
NAD710 - Introduction to Networks Using Linux   Network Address Translation May 28, 2003 Professor Tom Mavroidis
Introduction IP Internet has had two most significant problems: ,[object Object],[object Object],[object Object],The first short-term solution was: Two types of solutions proposed: short-term and long-term
The long-term solutions consist of various proposals for new Internet protocols with larger addresses (IPv6) When CIDR failed to further maintain the IP internet structure, there came another proposal : N A T NAT is not a very far reaching or long term solution But at least it is very fast, provides extra time until better solutions are designed and almost independent from the outer networks. Proposals
When is a NAT Solution Required ? ,[object Object],[object Object],[object Object],[object Object],[object Object]
NAT is translation of either a subset or all of the IP addresses in a sub domain to globally unique address(es). From an operational point of view, it is a function imposed on the router. That is a router on the gateway border to be configured as a Network Address Translator. What is NAT?
[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Three Main Implementations
RFC 1631 RFC 2694 ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],The RFC’s are as follows
IP chains implementation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
IP chains flow of events: Local processes CRC INPUT chain Inbound packet OK Malformed? garbage yes error Deny-reject Accept packet Routing algorithm Local destination Outbound packet Malformed? forwarded packet no no FORWARD chain Deny-reject yes Malformed? yes Outbound packet no OUTPUT chain Deny-reject Outbound packet
Enable IP forwarding for the kernel Execute: echo “1” > /proc/sys/net/ipv4/ip_forward Or make it permanent ( persistent between boots ) with assigning the variable IP_FORWARD = yes in /etc/sysconfig/sysctl file This will ensure basic router functionality Use /sbin/ipchains-save > afilename to save the rules Use /sbin/ipchains-restore < afilename to restore the rules To get this thing going
IP chains syntax ipchains –[flags] [input | outout | forward | custom_chain] [options] [action] ipchains –M [-L | -S] [options] A very simple example with IP Masquerading: ROUTER WITH NAT 10.1.1.1 eth1 202.7.1.19 eth0 Internet Internal net 10.0.0.0
IP tables with Netfilter ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
[object Object],Filter table: Local processes Routing algorithm FORWARD chain OUTPUT chain INPUT chain Inbound packet Outbound packet INBOUND PACKET FLOW INBOUND PACKET FLOW FROM A LOCAL PROCESS
[object Object],[object Object],nat table: Local processes Routing algorithm POSTROUTING chain OUTPUT chain PREROUTING chain Inbound packet Outbound packet INBOUND PACKET FLOW INBOUND PACKET FLOW FROM A LOCAL PROCESS
[object Object],mangle table: Local processes Routing algorithm OUTPUT chain PREROUTING chain Inbound packet Outbound packet INBOUND PACKET FLOW INBOUND PACKET FLOW FROM A LOCAL PROCESS
IP tables syntax iptables –[flags] [chain] [options [extentions] ] [action] Syntax and examples: A very simple example with Static IP Translation: ROUTER WITH NAT 10.1.1.1 eth1 202.7.1.19 eth0 www ftp 10.1.1.4 10.1.1.5 Internet Internal net 10.0.0.0/8
192.168.0.1 192.168.0.14 192.168.1.15 192.168.0 192.168.1 192.168.1.13 192.168.0.16 192.168.1.16 RedHat 6.2 RedHat 6.2 ROUTER running SuSE 8.0 Windows 98 Windows 98 10 mb/s repeater 100 mb/s switch
192.168.0.1 192.168.0.14 192.168.1.15 ROUTER with NAT running SuSE 8.0 192.168.0 192.168.1 192.168.1.13 192.168.0.16 192.168.0.15 192.168.0.13 192.168.1.16 internet Windows 98 with NAT ppp RedHat 6.2 RedHat 6.2 Windows 98 100 mb/s switch 10 mb/s repeater
Why – Why not? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Bibliography: ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Recommended

Network address translation
Network address translationNetwork address translation
Network address translation
Karppinen Ngoc Anh
 
Network address translation pdf
Network address translation pdfNetwork address translation pdf
Network address translation pdf
Madhusudhan Anand
 
network address translate
network address translate network address translate
network address translate
ahmedOday
 
Network address translation
Network address translationNetwork address translation
Network address translation
Mohak Kaushik
 
Network Address Translation (NAT)
Network Address Translation (NAT)Network Address Translation (NAT)
Network Address Translation (NAT)
Joud Khattab
 
Dynamic NAT
Dynamic NATDynamic NAT
Dynamic NAT
NetProtocol Xpert
 
Network address translation
Network address translationNetwork address translation
Network address translation
Varsha Honde
 
What is Network Address Translation (NAT)
What is Network Address Translation (NAT)What is Network Address Translation (NAT)
What is Network Address Translation (NAT)
Amit Kumar , Jaipur Engineers
 

Recommended

Network address translation
Network address translationNetwork address translation
Network address translation
Karppinen Ngoc Anh
 
Network address translation pdf
Network address translation pdfNetwork address translation pdf
Network address translation pdf
Madhusudhan Anand
 
network address translate
network address translate network address translate
network address translate
ahmedOday
 
Network address translation
Network address translationNetwork address translation
Network address translation
Mohak Kaushik
 
Network Address Translation (NAT)
Network Address Translation (NAT)Network Address Translation (NAT)
Network Address Translation (NAT)
Joud Khattab
 
Dynamic NAT
Dynamic NATDynamic NAT
Dynamic NAT
NetProtocol Xpert
 
Network address translation
Network address translationNetwork address translation
Network address translation
Varsha Honde
 
What is Network Address Translation (NAT)
What is Network Address Translation (NAT)What is Network Address Translation (NAT)
What is Network Address Translation (NAT)
Amit Kumar , Jaipur Engineers
 
Nat
NatNat
Nat
Humaira Saleem
 
Nat pat
Nat patNat pat
Nat pat
CYBERINTELLIGENTS
 
Static NAT
Static NATStatic NAT
Static NAT
NetProtocol Xpert
 
Nat presentation
Nat presentationNat presentation
Nat presentation
hassoon3
 
IP adress and routing(networking)
IP adress and routing(networking)IP adress and routing(networking)
IP adress and routing(networking)
welcometofacebook
 
NAT (network address translation) & PAT (port address translation)
NAT (network address translation) & PAT (port address translation)NAT (network address translation) & PAT (port address translation)
NAT (network address translation) & PAT (port address translation)
Netwax Lab
 
Internet Protocol Address
Internet Protocol AddressInternet Protocol Address
Internet Protocol Address
adil raja
 
What is a static ip address
What is a static ip addressWhat is a static ip address
What is a static ip address
Hexa Howe
 
Unit 2 : Internet Address
Unit 2 : Internet AddressUnit 2 : Internet Address
Unit 2 : Internet Address
Chandan Gupta Bhagat
 
Internet protocol (ip)
Internet protocol (ip)Internet protocol (ip)
Internet protocol (ip)
junnubabu
 
Ipv4 and Ipv6
Ipv4 and Ipv6Ipv4 and Ipv6
Ipv4 and Ipv6
Rishav Bhurtel
 
IPV4 vs IPV6
IPV4 vs IPV6IPV4 vs IPV6
IPV4 vs IPV6
Devang Doshi
 
Ip v4 & ip v6
Ip v4 & ip v6Ip v4 & ip v6
Ip v4 & ip v6
Ronan Dunne, CEH, SSCP
 
IPv4 to IPv6
IPv4 to IPv6IPv4 to IPv6
IPv4 to IPv6
mithilak
 
NAT- Network Address Translation
NAT- Network Address TranslationNAT- Network Address Translation
NAT- Network Address Translation
Eng. Emad Al-Atoum
 
Ipv4
Ipv4Ipv4
Ipv4
asimnawaz54
 
IPv6: Internet Protocol version 6
IPv6: Internet Protocol version 6IPv6: Internet Protocol version 6
IPv6: Internet Protocol version 6
Ankita Mahajan
 
IPv4 and IPv6
IPv4 and IPv6IPv4 and IPv6
IPv4 and IPv6
saurav kumar mourya
 
IPv4 VS IPv6
IPv4 VS IPv6IPv4 VS IPv6
IPv4 VS IPv6
Humayra Khanum
 
Mac Filtering
Mac FilteringMac Filtering
Mac Filtering
Devang Doshi
 
CCNA
CCNACCNA
CCNA
Abhishek Parihari
 
Training Day Slides
Training Day SlidesTraining Day Slides
Training Day Slides
adam_merritt
 

More Related Content

What's hot

IP adress and routing(networking)
IP adress and routing(networking)IP adress and routing(networking)
IP adress and routing(networking)
welcometofacebook
 

What's hot (20)

Nat
NatNat
Nat
 
Nat pat
Nat patNat pat
Nat pat
 
Static NAT
Static NATStatic NAT
Static NAT
 
Nat presentation
Nat presentationNat presentation
Nat presentation
 
IP adress and routing(networking)
IP adress and routing(networking)IP adress and routing(networking)
IP adress and routing(networking)
 
NAT (network address translation) & PAT (port address translation)
NAT (network address translation) & PAT (port address translation)NAT (network address translation) & PAT (port address translation)
NAT (network address translation) & PAT (port address translation)
 
Internet Protocol Address
Internet Protocol AddressInternet Protocol Address
Internet Protocol Address
 
What is a static ip address
What is a static ip addressWhat is a static ip address
What is a static ip address
 
Unit 2 : Internet Address
Unit 2 : Internet AddressUnit 2 : Internet Address
Unit 2 : Internet Address
 
Internet protocol (ip)
Internet protocol (ip)Internet protocol (ip)
Internet protocol (ip)
 
Ipv4 and Ipv6
Ipv4 and Ipv6Ipv4 and Ipv6
Ipv4 and Ipv6
 
IPV4 vs IPV6
IPV4 vs IPV6IPV4 vs IPV6
IPV4 vs IPV6
 
Ip v4 & ip v6
Ip v4 & ip v6Ip v4 & ip v6
Ip v4 & ip v6
 
IPv4 to IPv6
IPv4 to IPv6IPv4 to IPv6
IPv4 to IPv6
 
NAT- Network Address Translation
NAT- Network Address TranslationNAT- Network Address Translation
NAT- Network Address Translation
 
Ipv4
Ipv4Ipv4
Ipv4
 
IPv6: Internet Protocol version 6
IPv6: Internet Protocol version 6IPv6: Internet Protocol version 6
IPv6: Internet Protocol version 6
 
IPv4 and IPv6
IPv4 and IPv6IPv4 and IPv6
IPv4 and IPv6
 
IPv4 VS IPv6
IPv4 VS IPv6IPv4 VS IPv6
IPv4 VS IPv6
 
Mac Filtering
Mac FilteringMac Filtering
Mac Filtering
 

Similar to Nad710 Network Address Translation

Sharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linuxSharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linux
jasembo
 
Improving Network Efficiency with Simplemux
Improving Network Efficiency with SimplemuxImproving Network Efficiency with Simplemux
Improving Network Efficiency with Simplemux
Jose Saldana
 
Networking in Gnu/Linux
Networking in Gnu/LinuxNetworking in Gnu/Linux
Networking in Gnu/Linux
Ahmed Mekkawy
 
Session 2 Tp 2
Session 2 Tp 2Session 2 Tp 2
Session 2 Tp 2
githe26200
 

Similar to Nad710 Network Address Translation (20)

CCNA
CCNACCNA
CCNA
 
Training Day Slides
Training Day SlidesTraining Day Slides
Training Day Slides
 
TCP/IP Basics
TCP/IP BasicsTCP/IP Basics
TCP/IP Basics
 
Netfilter: Making large iptables rulesets scale
Netfilter: Making large iptables rulesets scaleNetfilter: Making large iptables rulesets scale
Netfilter: Making large iptables rulesets scale
 
Short Introduction to IPv6
Short Introduction to IPv6Short Introduction to IPv6
Short Introduction to IPv6
 
Sharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linuxSharing your-internet-connection-on-linux
Sharing your-internet-connection-on-linux
 
Ccna Imp Guide
Ccna Imp GuideCcna Imp Guide
Ccna Imp Guide
 
ccna project on topic company infrastructure
ccna project on topic company infrastructureccna project on topic company infrastructure
ccna project on topic company infrastructure
 
Ccna pres
Ccna presCcna pres
Ccna pres
 
cFrame framework slides
cFrame framework slidescFrame framework slides
cFrame framework slides
 
Improving Network Efficiency with Simplemux
Improving Network Efficiency with SimplemuxImproving Network Efficiency with Simplemux
Improving Network Efficiency with Simplemux
 
1-Isp-Network-Design-1
1-Isp-Network-Design-11-Isp-Network-Design-1
1-Isp-Network-Design-1
 
Networking in Gnu/Linux
Networking in Gnu/LinuxNetworking in Gnu/Linux
Networking in Gnu/Linux
 
Session 2 Tp 2
Session 2 Tp 2Session 2 Tp 2
Session 2 Tp 2
 
Link i pv4
Link i pv4Link i pv4
Link i pv4
 
ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...
ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...
ccna summer training ppt ( Cisco certified network analysis) ppt. by Traun k...
 
Internet protocol (ip) ppt
Internet protocol (ip) pptInternet protocol (ip) ppt
Internet protocol (ip) ppt
 
Internet protocol
Internet protocolInternet protocol
Internet protocol
 
Tcp ip management &amp; security
Tcp ip management &amp; securityTcp ip management &amp; security
Tcp ip management &amp; security
 
L6 6 lowpan
L6 6 lowpanL6 6 lowpan
L6 6 lowpan
 

More from tmavroidis

More from tmavroidis (18)

What Is Tcp Ip
What Is Tcp IpWhat Is Tcp Ip
What Is Tcp Ip
 
Transport Layer
Transport LayerTransport Layer
Transport Layer
 
Tcp Udp Icmp And The Transport Layer
Tcp Udp Icmp And The Transport LayerTcp Udp Icmp And The Transport Layer
Tcp Udp Icmp And The Transport Layer
 
Splitting A Class C Network Into 4 Subnets
Splitting A Class C Network Into 4 SubnetsSplitting A Class C Network Into 4 Subnets
Splitting A Class C Network Into 4 Subnets
 
Samba
SambaSamba
Samba
 
Physical And Data Link Layers
Physical And Data Link LayersPhysical And Data Link Layers
Physical And Data Link Layers
 
Nfs
NfsNfs
Nfs
 
Network Basics
Network BasicsNetwork Basics
Network Basics
 
Nad710 Introduction To Networks Using Linux
Nad710 Introduction To Networks Using LinuxNad710 Introduction To Networks Using Linux
Nad710 Introduction To Networks Using Linux
 
Manchester Encoding
Manchester EncodingManchester Encoding
Manchester Encoding
 
Linux Networking Commands
Linux Networking CommandsLinux Networking Commands
Linux Networking Commands
 
Ip Addressing Basics
Ip Addressing BasicsIp Addressing Basics
Ip Addressing Basics
 
Introduction To Networks Using Linux
Introduction To Networks Using LinuxIntroduction To Networks Using Linux
Introduction To Networks Using Linux
 
Introduction To Networks
Introduction To NetworksIntroduction To Networks
Introduction To Networks
 
Dynamic Routing
Dynamic RoutingDynamic Routing
Dynamic Routing
 
Dns
DnsDns
Dns
 
About Connection Types
About Connection TypesAbout Connection Types
About Connection Types
 
What Is A Carrier
What Is A CarrierWhat Is A Carrier
What Is A Carrier
 

Recently uploaded

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
Enterprise Knowledge
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
vu2urc
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Recently uploaded (20)

Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 

Nad710 Network Address Translation

  • 1. NAD710 - Introduction to Networks Using Linux   Network Address Translation May 28, 2003 Professor Tom Mavroidis
  • 2.
  • 3. The long-term solutions consist of various proposals for new Internet protocols with larger addresses (IPv6) When CIDR failed to further maintain the IP internet structure, there came another proposal : N A T NAT is not a very far reaching or long term solution But at least it is very fast, provides extra time until better solutions are designed and almost independent from the outer networks. Proposals
  • 4.
  • 5. NAT is translation of either a subset or all of the IP addresses in a sub domain to globally unique address(es). From an operational point of view, it is a function imposed on the router. That is a router on the gateway border to be configured as a Network Address Translator. What is NAT?
  • 6.
  • 7.
  • 8.
  • 9. IP chains flow of events: Local processes CRC INPUT chain Inbound packet OK Malformed? garbage yes error Deny-reject Accept packet Routing algorithm Local destination Outbound packet Malformed? forwarded packet no no FORWARD chain Deny-reject yes Malformed? yes Outbound packet no OUTPUT chain Deny-reject Outbound packet
  • 10. Enable IP forwarding for the kernel Execute: echo “1” > /proc/sys/net/ipv4/ip_forward Or make it permanent ( persistent between boots ) with assigning the variable IP_FORWARD = yes in /etc/sysconfig/sysctl file This will ensure basic router functionality Use /sbin/ipchains-save > afilename to save the rules Use /sbin/ipchains-restore < afilename to restore the rules To get this thing going
  • 11. IP chains syntax ipchains –[flags] [input | outout | forward | custom_chain] [options] [action] ipchains –M [-L | -S] [options] A very simple example with IP Masquerading: ROUTER WITH NAT 10.1.1.1 eth1 202.7.1.19 eth0 Internet Internal net 10.0.0.0
  • 12.
  • 13.
  • 14.
  • 15.
  • 16. IP tables syntax iptables –[flags] [chain] [options [extentions] ] [action] Syntax and examples: A very simple example with Static IP Translation: ROUTER WITH NAT 10.1.1.1 eth1 202.7.1.19 eth0 www ftp 10.1.1.4 10.1.1.5 Internet Internal net 10.0.0.0/8
  • 17. 192.168.0.1 192.168.0.14 192.168.1.15 192.168.0 192.168.1 192.168.1.13 192.168.0.16 192.168.1.16 RedHat 6.2 RedHat 6.2 ROUTER running SuSE 8.0 Windows 98 Windows 98 10 mb/s repeater 100 mb/s switch
  • 18. 192.168.0.1 192.168.0.14 192.168.1.15 ROUTER with NAT running SuSE 8.0 192.168.0 192.168.1 192.168.1.13 192.168.0.16 192.168.0.15 192.168.0.13 192.168.1.16 internet Windows 98 with NAT ppp RedHat 6.2 RedHat 6.2 Windows 98 100 mb/s switch 10 mb/s repeater
  • 19.
  • 20.