Step By Step Configuration of NAT
This tutorial shows how to set up network‐address‐translation (NAT) on a Linux system
with iptables rules so that the system can act as a gateway and provide internet access to
multiple hosts on a local network using a single public IP address. This is achieved by
rewriting the source and/or destination addresses of IP packets as they pass through the
NAT system.
WAN = eth0 with public IP (120.50.4.162)
LAN = eth1 with Private IP (192.168.1.100)
ISP Line:
IP Address: 120.50.4.160/30
Usable IP (ISP): 120.50.4.161
Usable IP (OFFICE): 120.50.4.162
IP Address: 120.50.4.162
Subnet mask: 255.255.255.252
Gateway: 120.50.4.161
Primary DNS: 203.112.194.243
Secondary DNS: 203.112.194.15
Step #1. Add 2 Network cards to the Linux System
Step #2. Verify the Network cards, Wether they installed properly or not
Step #3. Configure eth0 for Internet with a Public (IP External network or Internet)
Ethernet Card Configuration: (For Public IP address)
[root@gateway ~]# vim /etc/sysconfig/network‐scripts/ifcfg‐eth0
DEVICE=eth0
BOOTPROTO=none
BROADCAST=120.50.4.163 # Optional Entry
HWADDR=00:21:27:c7:c0:0f
IPADDR=120.50.4.162
NETMASK=255.255.255.252 # Provided by the ISP
NETWORK=120.50.4.160 # Optional
ONBOOT=yes
TYPE=Ethernet
GATEWAY=120.50.4.161 # Provided by the ISP
Step #4. Configure eth1 for LAN with a Private IP (Internal private network)
Ethernet Card Configuration: (For Private IP address)
[root@gateway ~]# vim /etc/sysconfig/network‐scripts/ifcfg‐eth1
DEVICE=eth1
BOOTPROTO=none
BROADCAST=192.168.1.255
HWADDR=00:24:21:9a:6a:9a
IPADDR=192.168.1.100 # Gateway of the LAN
NETMASK=255.255.255.0 # Specify based on your requirement
NETWORK=192.168.1.0
ONBOOT=yes
TYPE=Ethernet
Step #5. Host Configuration (Optional)
[root@gateway ~]# cat /etc/hosts
127.0.0.1 gateway localhost.localdomain localhost
Step #6. Gateway Configuration
[root@gateway ~]# vim /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=gateway
GATEWAY=120.50.4.161 # Internet Gateway, provided by the ISP
Step #7. DNS Configuration
[root@gateway ~]# vim /etc/resolv.conf
nameserver 203.112.194.243 # Primary DNS Server provided by the ISP
nameserver 203.112.194.15 # Secondary DNS Server provided by the ISP
Step #8. NAT configuration with IP Tables
# Delete and flush. Default table is "filter". Others like "nat" must be explicitly stated.
[root@gateway ~]# cat /etc/sysconfig/iptables
[root@gateway ~]# iptables –L
[root@gateway ~]# service iptables stop
[root@gateway ~]# iptables ‐F
[root@gateway ~]# service iptables save
[root@gateway ~]# iptables ‐t nat ‐A POSTROUTING ‐s 192.168.1.0/24 ‐j SNAT ‐‐tosource
120.50.4.162
[root@gateway ~]# service iptables save
[root@gateway ~]# service iptables status
[root@gateway ~]# service iptables restart
[root@gateway ~]# cat /etc/sysconfig/iptables
num target pro opt source destination
1 SNAT all ‐‐ 192.168.1.0/24 0.0.0.0/0 to:120.50.4.162
Step #8. Ip Forwarding Enable
[root@gateway ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1 [ Change “0” to “1” for ip forwarding enable]
Step #9. Testing
[root@gateway ~]# ping www.google.com
[root@gateway ~]# ping 192.168.2.1
[root@gateway ~]# route ‐n
Destination Gateway Genmask Flags Metric Ref Use Iface
120.50.4.160 0.0.0.0 255.255.255.252 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 120.50.4.161 0.0.0.0 UG 0 0 0 eth0
Client Configuration in Windows XP
This tutorial shows how to set up network‐address‐translation (NAT) on a Linux system
with iptables rules so that the system can act as a gateway and provide internet access to
multiple hosts on a local network using a single public IP address. This is achieved by
rewriting the source and/or destination addresses of IP packets as they pass through the
NAT system.
WAN = eth0 with public IP (120.50.4.162)
LAN = eth1 with Private IP (192.168.1.100)
ISP Line:
IP Address: 120.50.4.160/30
Usable IP (ISP): 120.50.4.161
Usable IP (OFFICE): 120.50.4.162
IP Address: 120.50.4.162
Subnet mask: 255.255.255.252
Gateway: 120.50.4.161
Primary DNS: 203.112.194.243
Secondary DNS: 203.112.194.15
Step #1. Add 2 Network cards to the Linux System
Step #2. Verify the Network cards, Wether they installed properly or not
Step #3. Configure eth0 for Internet with a Public (IP External network or Internet)
Ethernet Card Configuration: (For Public IP address)
[root@gateway ~]# vim /etc/sysconfig/network‐scripts/ifcfg‐eth0
DEVICE=eth0
BOOTPROTO=none
BROADCAST=120.50.4.163 # Optional Entry
HWADDR=00:21:27:c7:c0:0f
IPADDR=120.50.4.162
NETMASK=255.255.255.252 # Provided by the ISP
NETWORK=120.50.4.160 # Optional
ONBOOT=yes
TYPE=Ethernet
GATEWAY=120.50.4.161 # Provided by the ISP
Step #4. Configure eth1 for LAN with a Private IP (Internal private network)
Ethernet Card Configuration: (For Private IP address)
[root@gateway ~]# vim /etc/sysconfig/network‐scripts/ifcfg‐eth1
DEVICE=eth1
BOOTPROTO=none
BROADCAST=192.168.1.255
HWADDR=00:24:21:9a:6a:9a
IPADDR=192.168.1.100 # Gateway of the LAN
NETMASK=255.255.255.0 # Specify based on your requirement
NETWORK=192.168.1.0
ONBOOT=yes
TYPE=Ethernet
Step #5. Host Configuration (Optional)
[root@gateway ~]# cat /etc/hosts
127.0.0.1 gateway localhost.localdomain localhost
Step #6. Gateway Configuration
[root@gateway ~]# vim /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=gateway
GATEWAY=120.50.4.161 # Internet Gateway, provided by the ISP
Step #7. DNS Configuration
[root@gateway ~]# vim /etc/resolv.conf
nameserver 203.112.194.243 # Primary DNS Server provided by the ISP
nameserver 203.112.194.15 # Secondary DNS Server provided by the ISP
Step #8. NAT configuration with IP Tables
# Delete and flush. Default table is "filter". Others like "nat" must be explicitly stated.
[root@gateway ~]# cat /etc/sysconfig/iptables
[root@gateway ~]# iptables –L
[root@gateway ~]# service iptables stop
[root@gateway ~]# iptables ‐F
[root@gateway ~]# service iptables save
[root@gateway ~]# iptables ‐t nat ‐A POSTROUTING ‐s 192.168.1.0/24 ‐j SNAT ‐‐tosource
120.50.4.162
[root@gateway ~]# service iptables save
[root@gateway ~]# service iptables status
[root@gateway ~]# service iptables restart
[root@gateway ~]# cat /etc/sysconfig/iptables
num target pro opt source destination
1 SNAT all ‐‐ 192.168.1.0/24 0.0.0.0/0 to:120.50.4.162
Step #8. Ip Forwarding Enable
[root@gateway ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1 [ Change “0” to “1” for ip forwarding enable]
Step #9. Testing
[root@gateway ~]# ping www.google.com
[root@gateway ~]# ping 192.168.2.1
[root@gateway ~]# route ‐n
Destination Gateway Genmask Flags Metric Ref Use Iface
120.50.4.160 0.0.0.0 255.255.255.252 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 120.50.4.161 0.0.0.0 UG 0 0 0 eth0
Client Configuration in Windows XP
THE END
No comments:
Post a Comment