NAT in linux

network-address-translation (NAT) on a Linux system with iptables rules so that the system can act as a gateway and provide internet access to multiple hosts on a local network using a single public IP address. This is achieved by rewriting the source and/or destination addresses of IP packets as they pass through the NAT system.

The system on which NAT is set up will act as the gateway for private network. According to this tutorial this computer should meet the following requirements:
1) It should have at least 2 NICs(network interface controllers). One to connect to Internet and the other to connect to the private network.
2) It should be running Linux.
3) It should have a kernel supporting iptables.

Terminologies and Concepts

The 2 interfaces concerned will be eth0 and eth1.
eth0 -> This will be the interface connected to the Internet.
eth1 -> This interface will be connected to the private network.

Now, let us see if they are being recognized as networking devices too or not. Run these commands to confirm it.
[jasonleon]$ ifconfig eth0
[jasonleon]$ ifconfig eth1
ifconfig is a utility to configure the network interfaces. If you see the output of both of the commands similar to this
eth0    Link encap:Ethernet  HWaddr 00:21:70:94:56:b2  
    inet addr:10.0.0.1  Bcast:10.0.0.255  Mask:255.255.255.0
    inet6 addr: fe80::221:70ff:fe94:56b2/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
    RX packets:690495 errors:0 dropped:0 overruns:0 frame:0
    TX packets:748777 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000 
    RX bytes:482335870 (482.3 MB)  TX bytes:763131223 (763.1 MB)
    Interrupt:250
then it means that both of the interfaces are being recognized as network devices/interfaces and so we are in a state to proceed futher.

Configure your iptables to enable NAT

Now, I am assuming that you have already configured your system to be able to connect to Internet. Now, we need to configure the iptables to enable NAT.
Assuming that you don't have any previous tables run this command to delete the previous rules so that we may define new ones.
iptables -F OR iptables --flush
iptables -t nat -F OR iptables --table nat --flush
iptables --delete-chain
iptables --table nat --delete-chain
Now we will enable Packet Forwarding by Kernel, run this command in the terminal
[jasonleon]$ echo 1 > /proc/sys/net/ipv4/ip_forward
Now, we need to create new rules. Run the following series of commands to create new rules
[jasonleon]$ iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE OR iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
[jasonleon]$ iptables -A FORWARD -i eth1 -j ACCEPT OR iptables --append FORWARD --in-interface eth1 -j ACCEPT
         service iptables save

         service iptables restart

Configuring the server's eth1 interface

Now, we need to configure the network settings of eth1 interface and assign it an IP address so that the machines on the private network may use it as a gateway. For this we will have to edit the files that contain configurations for NICs
For Fedora, centOS and Redhat users eth1 configuration file is located at /etc/sysconfig/network-scripts/ifcfg-eth1
After editing it should look as follows.
DEVICE=eth1
ONBOOT=yes
IPADDR=192.168.0.1
NETMASK=255.255.255.0
BOOTPROTO=static
In Ubuntu, Debian eth0 configuration file is at /etc/network/interfaces.
auto eth1
iface eth1 inet static
address 192.168.0.1
netmask 255.255.255.0

Configure the client side to access Internet through our Gateway

Add the following entries on the client machine to access Internet. Gateway will be the IP address we have assigned to our machine on eth1 interface. Remember to keep the IP address of the client machine in the same class of Gateway's IP address.
IP address: 192.168.10.3
Netmask: 255.255.255.0
DNS: 209:59.31.54
Gateway: 192.168.10.1

Comments

Post a Comment

Popular posts from this blog

KVM & Qemu

QEMU is a powerful emulator, which means that it can emulate a variety of processor types. Xen uses QEMU for HVM guests, more specifically for the HVM guest's device model. The Xen-specific QEMU is called qemu-dm (short for QEMU device model) QEMU uses emulation; KVM uses processor extensions (intel-VT) for virtualization. Both Xen and KVM merge their various functionality to upstream QEMU, that way upstream QEMU can be used directly to accomplish Xen device model emulation, etc. Xen is unique in that it has paravirtualized guests that don't require hardware virtualization. Both Xen and KVM have paravirtualized device drivers that can run on top of the HVM guests. The QEMU hypervisor is very similar to the KVM hypervisor. Both are controlled through libvirt, both support the same feature set, and all virtual machine images that are compatible with KVM are also compatible with QEMU. The main difference is that QEMU does not support native virtualization. Consequently, QEMU has ...
Read more

PHP Fatal error: Class 'JFactory' not found

I have faced this issue in Joomla site and searched the forums but none of the forums including joomla did not give solution for me. They simply suggest to check joomla version, php version compatibility and php extensions. Finally I have fixed the issue. Issue:- ---------  [26-Sep-2014 18:11:29 Europe/Berlin] PHP Fatal error: Class 'JFactory' not found in /home/test/public_html/index.php on line 31 Cause & Solution:- ----------------------- In my case, it seems file which gives the class JFactory was missed. /home/test/public_html/libraries/joomla/factory.php --->Core file for Joomla. Simply restore that file under proper path to fix the issue.
Read more

docker.errors.APIError: 400 Client Error client is newer than server

You can face this issue when you are trying to use docker python library. Error: docker.errors.APIError: 400 Client Error: Bad Request for url: http+docker://localunixsocket/v1.26/images/json?only_ids=0&all=0 ("client is newer than server (client API version: 1.26, server API version: 1.24)") Solution: client= docker.from_env(version='auto') Use parameter "version" when instantiating a client.
Read more