Using a Linux server to route packages between a private networks and the Internet

Another scenario where a Linux machine can be used as router is when you need to share your Internet connection with a private LAN.
Router: Debian Wheezy 7.7 [eth0: Public IP, eth1: 10.0.0.15/24] - dev2
Client: openSUSE 13.2 [enp0s3: 10.0.0.18/24] - dev4
In addition to set up packet forwarding and the static routing table in the client as in the previous example, we need to add a few iptables rules in the router:
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# iptables -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT
# iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
The first command adds a rule to the POSTROUTING chain in the nat (Network Address Translation) table, indicating that the eth0 NIC should be used for outgoing packages.
MASQUERADE indicates that this NIC has a dynamic IP and that before sending the package to the “wild wild world” of the Internet, the private source address of the packet has to be changed to that of the public IP of the router.
In a LAN with many hosts, the router keeps track of established connections in /proc/net/ip_conntrack so it knows where to return the response from the Internet to.
Only part of the output of:
# cat /proc/net/ip_conntrack
is show in the following screenshot.
Route Packages in Linux
Route Packages in Linux
Where the origin (private IP of openSUSE box) and destination (Google DNS) of packets is highlighted. This was the result of running:
# curl www.tecmint.com
on the openSUSE box.
As I’m sure you can already guess, the router is using Google’s 8.8.8.8 as nameserver, which explains why the destination of outgoing packets points to that address.

Comments

Post a Comment

Popular posts from this blog

KVM & Qemu

QEMU is a powerful emulator, which means that it can emulate a variety of processor types. Xen uses QEMU for HVM guests, more specifically for the HVM guest's device model. The Xen-specific QEMU is called qemu-dm (short for QEMU device model) QEMU uses emulation; KVM uses processor extensions (intel-VT) for virtualization. Both Xen and KVM merge their various functionality to upstream QEMU, that way upstream QEMU can be used directly to accomplish Xen device model emulation, etc. Xen is unique in that it has paravirtualized guests that don't require hardware virtualization. Both Xen and KVM have paravirtualized device drivers that can run on top of the HVM guests. The QEMU hypervisor is very similar to the KVM hypervisor. Both are controlled through libvirt, both support the same feature set, and all virtual machine images that are compatible with KVM are also compatible with QEMU. The main difference is that QEMU does not support native virtualization. Consequently, QEMU has ...
Read more

PHP Fatal error: Class 'JFactory' not found

I have faced this issue in Joomla site and searched the forums but none of the forums including joomla did not give solution for me. They simply suggest to check joomla version, php version compatibility and php extensions. Finally I have fixed the issue. Issue:- ---------  [26-Sep-2014 18:11:29 Europe/Berlin] PHP Fatal error: Class 'JFactory' not found in /home/test/public_html/index.php on line 31 Cause & Solution:- ----------------------- In my case, it seems file which gives the class JFactory was missed. /home/test/public_html/libraries/joomla/factory.php --->Core file for Joomla. Simply restore that file under proper path to fix the issue.
Read more

docker.errors.APIError: 400 Client Error client is newer than server

You can face this issue when you are trying to use docker python library. Error: docker.errors.APIError: 400 Client Error: Bad Request for url: http+docker://localunixsocket/v1.26/images/json?only_ids=0&all=0 ("client is newer than server (client API version: 1.26, server API version: 1.24)") Solution: client= docker.from_env(version='auto') Use parameter "version" when instantiating a client.
Read more