NAT ( Network Address Translation) Configuration:
What is NAT ?
Network Address Translation is the process where a network device, usually a firewall, assigns a public address to a computer (or group of computers) inside a private network. The main use of NAT is to limit the number of public IP addresses an organization or company must use, for both economy and security purposes.
NAT Configure:
You apply system that solve you nat problems----------
Step #2. Verify the Network cards, Wether they installed properly or not
Step #3. Configure eth0 for Internet with a Public ( IP Address External network or Internet)
DEVICE=eth0
BOOTPROTO=none
BROADCAST=xx.xx.xx.255 # Optional Entry
HWADDR=00:50:BA:88:72:D4 # Optional Entry
IPADDR=xx.xx.xx.xx
NETMASK=255.255.255.0 # Provided by the ISP
NETWORK=xx.xx.xx.0 # Optional
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
PEERDNS=yes
GATEWAY=xx.xx.xx.1 # Provided by the ISP
Step #4. Configure eth1 for LAN with a Private IP (Internal private network)
BOOTPROTO=none
PEERDNS=yes
HWADDR=00:50:8B:CF:9C:05 # Optional
TYPE=Ethernet
IPV6INIT=no
DEVICE=eth1
NETMASK=255.255.0.0 # Specify based on your requirement
BROADCAST=""
IPADDR=192.168.2.1 # Gateway of the LAN
NETWORK=192.168.0.0 # Optional
USERCTL=no
ONBOOT=yes
Step #5. Host Configuration
Step #6. Gateway Configuration (really set Getway)
NETWORKING=yes
HOSTNAME=nat
GATEWAY=xx.xx.xx.1 # Internet Gateway, provided by the ISP
Step #7. DNS Configuration
nameserver 102.56.250.5 # Secondary DNS Server provided by the ISP
Step #8. NAT configuration with IP Tables
# Delete and flush. Default table is "filter". Others like "nat" must be explicitly stated.
Step #9. Testing
# Ping the Gateway of the network from client system
• The DNS should be set to that of the ISP on the internet.
Windows '95, 2000, XP, Configuration:
• Select "Start" + Settings" + "Control Panel"
• Select the "Network" icon
• Select the tab "Configuration" and double click the component "TCP/IP" for the ethernet card. (NOT the TCP/IP -> Dial-Up Adapter)
• Select the tabs:
o "Gateway": Use the internal network IP address of the Linux box. (192.168.2.1)
o "DNS Configuration": Use the IP addresses of the ISP Domain Name Servers. (Actual internet IP address)
o "IP Address": The IP address (192.168.XXX.XXX - static) and netmask (typically 255.255.0.0 for a small local office network) of the PC can also be set here.
Related Books And Tips :
What is NAT ?
Network Address Translation is the process where a network device, usually a firewall, assigns a public address to a computer (or group of computers) inside a private network. The main use of NAT is to limit the number of public IP addresses an organization or company must use, for both economy and security purposes.
 | ||||
| Add caption |
You apply system that solve you nat problems----------
Configure Step by Step
Step #1. Add Two Network cards to the Linux boxStep #2. Verify the Network cards, Wether they installed properly or not
ls /etc/sysconfig/network-scripts/ifcfg-eth* | wc -l
( The output should be "Two")Step #3. Configure eth0 for Internet with a Public ( IP Address External network or Internet)
cat /etc/sysconfig/network-scripts/ifcfg-eth0
BOOTPROTO=none
BROADCAST=xx.xx.xx.255 # Optional Entry
HWADDR=00:50:BA:88:72:D4 # Optional Entry
IPADDR=xx.xx.xx.xx
NETMASK=255.255.255.0 # Provided by the ISP
NETWORK=xx.xx.xx.0 # Optional
ONBOOT=yes
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
PEERDNS=yes
GATEWAY=xx.xx.xx.1 # Provided by the ISP
Step #4. Configure eth1 for LAN with a Private IP (Internal private network)
cat /etc/sysconfig/network-scripts/ifcfg-eth1
PEERDNS=yes
HWADDR=00:50:8B:CF:9C:05 # Optional
TYPE=Ethernet
IPV6INIT=no
DEVICE=eth1
NETMASK=255.255.0.0 # Specify based on your requirement
BROADCAST=""
IPADDR=192.168.2.1 # Gateway of the LAN
NETWORK=192.168.0.0 # Optional
USERCTL=no
ONBOOT=yes
Step #5. Host Configuration
cat /etc/hosts
127.0.0.1 nat localhost.localdomain localhost
Step #6. Gateway Configuration (really set Getway)
cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=nat
GATEWAY=xx.xx.xx.1 # Internet Gateway, provided by the ISP
Step #7. DNS Configuration
cat /etc/resolv.conf
nameserver 102.108.184.25 # Primary DNS Server provided by the ISPnameserver 102.56.250.5 # Secondary DNS Server provided by the ISP
Step #8. NAT configuration with IP Tables
# Delete and flush. Default table is "filter". Others like "nat" must be explicitly stated.
iptables --flush # Flush all the rules in filter and nat tables
iptables --table nat --flush
iptables --delete-chain
# Delete all chains that are not in default filter and nat tableiptables --table nat --delete-chain
# Set up IP FORWARDing and Masqueradingiptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
iptables --append FORWARD --in-interface eth1 -j ACCEPT
# Enables packet forwarding by kernelecho 1 > /proc/sys/net/ipv4/ip_forward
#Apply the configurationservice iptables restart
Step #9. Testing
# Ping the Gateway of the network from client system
ping 192.168.2.1
Try it on your client systemsping google.com
Configuring PCs on the network (Clients)
• All PC's on the private office network should set their "gateway" to be the local private network IP address of the Linux gateway computer.• The DNS should be set to that of the ISP on the internet.
Windows '95, 2000, XP, Configuration:
• Select "Start" + Settings" + "Control Panel"
• Select the "Network" icon
• Select the tab "Configuration" and double click the component "TCP/IP" for the ethernet card. (NOT the TCP/IP -> Dial-Up Adapter)
• Select the tabs:
o "Gateway": Use the internal network IP address of the Linux box. (192.168.2.1)
o "DNS Configuration": Use the IP addresses of the ISP Domain Name Servers. (Actual internet IP address)
o "IP Address": The IP address (192.168.XXX.XXX - static) and netmask (typically 255.255.0.0 for a small local office network) of the PC can also be set here.
Common Problems in Linux:
The most common problem or question I receive about this is related to DNS. The instructions above setup the network to route the packets for you, but if your DNS isn't setup correctly (or at all) you won't be able to reference sites by their domain or hostnames. If at first you think this isn't working for you, plese try to ping an external IP address. If you can do this, then your problem is with DNS and not iptables.
Related Books And Tips :
Post a Comment