Download
1 / 10
150 likes | 595 Views
NAT. Network Address Translation. Private IP Address . • Unique address will be exhausted. • Defined in RFC 1918 • Address range:. NAT : IP Masquerade . Defined in RFC 1631. ?. router. 140.113.56.71. 198.168.1.2. NAT applications. Modem Connections To the Internet
E N D
NAT Network Address Translation
Private IP Address • Unique address will be exhausted. •Defined in RFC 1918 • Address range:
NAT : IP Masquerade • Defined in RFC 1631 ? router 140.113.56.71 198.168.1.2
NAT applications • Modem Connections To the Internet -- IP masquerading • Multiple Servers -- port forwarding • Transparent Proxying -- redirection
NAT on Linux • Linux 2.2 -ipchains + ipmasqadm Three kinds of chains (rules on packets): input:as packets come in output:as packets out forward:as packets pass by
Simple examples ipchains -P forward –j DENY ipchains-A forward -b –s 192.168.0.0/24 –d 0/0 -j MASQ echo 1 > /proc/sys/net/ipv4/ip_forward 啟動 IP masquerade Ipmasqadm portfw –a –P tcp –L 1.2.3.4 8080 192.168.1.1 80 做 Port forwarding , 所有到 1.2.3.4 8080的封包都會被 Forward到 192.168.1.1 80
NAT on Linux • Linux 2.4 -iptables Three kinds of chains : PREROUTING:as packets come in POSROUTING:as packets leave OUTPUT:locally-generated packets
Example iptabes -t nat –A POSTROUTING –o ppp0 –j MASQUERADE 啟動 IP msquerade Iptables –A PREROUTING –t nat –p tcp –d 1.2.3.4 –dport 8080 –j DNAT –to 192.168.1.1:80 IP forward packets to 192.168.1.1:80
參考資料 • Linux 2.4 NAT HOWTO • www.study-area.org • Linux Security Toolkit David A. Bandel
