Re: NAT implemation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



yogesh@xxxxxxxxxxxxxxx wrote on Wednesday 25 July 2007:

First of all: are you sure that you are not mixing things up? Squid is a 
proxy. The intended use of a web-proxy is to cache web-pages to speed 
things up the next time someone calls the same page and to reduce 
outgoing internet traffic.

NAT stands for Network Adress Translation and is commonly used on routers 
to hide the private network behind the router and to allow computers 
behind the router to use the internet, exposing only the routers IP.

> eth0=10.1.1.32(local)
> eth1=203.199.40.4(global)--for internet

> i want to make NAT for 10.1.1.53(local) from where i can ping
> yahoo.com/google.com directly can any one help me

This can be done by some iptable rules. First you have to allow IP 
forwarding on the router. In your case it is 10.1.1.32.

echo 1 > /proc/sys/net/ipv4/ip_forward

will allow forwarding for the current session, as long as your router 
stays powered up. To make this change permanent edit /etc/sysctl.conf and 
change the entry of IP forwarding to

net.ipv4.ip_forward = 1

The following command will rewrite all outgoing traffic local network to 
eth1 to your routers IP, allowing it to cross the net.

iptables -t nat -A POSTROUTING -o eth1 -s 10.1.1.0/24 -j SNAT --to-source 
203.199.40.4

If your have a dynamic external IP address (in opposite to static IP 
address) use this line instead

iptables -t nat -A POSTROUTING -o eth1 -s 10.1.1.0/24 -j MASQUERADE

Finally you have to specify the traffic which is allowed to pass through. 
The following lines will allow established connections, outgoing 
connections from the box you mentioned and drop everyting else.

iptables -P FORWARD drop
iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 10.1.1.53 -o eth1 -j ACCEPT

See also http://www.netfilter.org/documentation/HOWTO/NAT-HOWTO.html

-- 
bye,
Adalbert

Real Programmers don't write in PL/I. PL/I is for programmers who can't 
decide whether to write in COBOL or FORTRAN.

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux