Difference between revisions of "NAT Linux"
m (→Basic NAT using IP Tables) |
m (→Linux IP Tables) |
||
| Line 4: | Line 4: | ||
*Redhat | *Redhat | ||
*Centos | *Centos | ||
| + | == Enable IP Forwarding (Routing) between interfaces == | ||
| + | Before you can route packets from the Inside network Interface to the outside network Interface, you need to enable IP forwarding. | ||
| + | === Enabling forwarding until next boot === | ||
| + | To enable IP forwarding you need to toggle a switch in the kernel, you can do that with the following command. But remember, next time you boot the machine, it will be switched of again. | ||
| + | <pre> | ||
| + | echo "1" > /proc/sys/net/ipv4/ip_forward | ||
| + | </pre> | ||
| + | === Enable IP forwarding permanently === | ||
| + | To enable IP forwarding permanently, you either need to issue the command below in a boot-script. '''/etc/rc.local''' or similar<br/> | ||
| + | or<br/> | ||
| + | Change the file /etc/sysctl.conf to include the following line. Perhaps you only need to uncomment a line. (Remove the # from beginning of the line) | ||
== Basic NAT example using IP Tables == | == Basic NAT example using IP Tables == | ||
In the example below the internal network 192.168.1.0/24 is Source Natted (SNAT) to the external IP Address 83.90.47.30. Source nat also makes port translations. So the example uses NAT/PAT, and would be sufficient as a NAT/PAT solution for a private network. | In the example below the internal network 192.168.1.0/24 is Source Natted (SNAT) to the external IP Address 83.90.47.30. Source nat also makes port translations. So the example uses NAT/PAT, and would be sufficient as a NAT/PAT solution for a private network. | ||
Revision as of 11:43, 7 March 2009
Contents
Linux IP Tables
IP Tables is used for packet filtering and NAT/PAT translation on several Linux distributions including
- Ubunto
- Redhat
- Centos
Enable IP Forwarding (Routing) between interfaces
Before you can route packets from the Inside network Interface to the outside network Interface, you need to enable IP forwarding.
Enabling forwarding until next boot
To enable IP forwarding you need to toggle a switch in the kernel, you can do that with the following command. But remember, next time you boot the machine, it will be switched of again.
echo "1" > /proc/sys/net/ipv4/ip_forward
Enable IP forwarding permanently
To enable IP forwarding permanently, you either need to issue the command below in a boot-script. /etc/rc.local or similar
or
Change the file /etc/sysctl.conf to include the following line. Perhaps you only need to uncomment a line. (Remove the # from beginning of the line)
Basic NAT example using IP Tables
In the example below the internal network 192.168.1.0/24 is Source Natted (SNAT) to the external IP Address 83.90.47.30. Source nat also makes port translations. So the example uses NAT/PAT, and would be sufficient as a NAT/PAT solution for a private network.
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -d 0.0.0.0/0 -j SNAT --to 83.90.47.30
use the command iptables -L -t nat to see the rule in the IPTABLES chains.
[root@bkshost etc]# iptables -L -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination SNAT all -- 192.168.1.0/24 anywhere to:83.90.47.30 Chain OUTPUT (policy ACCEPT) target prot opt source destination
Webserver located on internal network
To redirect WEB traffic originating from the outside to a WEB-server on the inside you would use a rule as showed below.