NAT(Network Address Translation)
Network Address Translation (NAT) is a way to map an entire network (or networks) to a single IP address. NAT is necessary when the number of IP addresses assigned to you by your Internet Service Provider is less than the total number of computers that you wish to provide Internet access for.
How NAT Works
WAN = eth0 with public IP 14.139.85.12
LAN = eth1 with private IP 10.0.0.1/ 255.0.0.0
- Source IP address (for example, 10.0.0.69)
- Source TCP or UDP port (for example, 2132)
i)reverse the changes on return packets and
ii) ensure that return packets are passed through the firewall and are not blocked.
For example, the following changes might be made
- Source IP: replaced with the external address of the gateway (for example, 14.139.85.12)
- Source port: replaced with a randomly chosen, unused port on the gateway (for example, 53136)
Neither the internal machine nor the Internet host is aware of these translation steps. To the internal machine, the NAT system is simply an Internet gateway. To the Internet host, the packets appear to come directly from the NAT system; it is completely unaware that the internal workstation even exists. Translation of ICMP packets happens in a similar fashion but without the source port modification.
IP Forwarding
Since NAT is almost always used on routers and network gateways, it will probably be necessary to enable IP forwarding so that packets can travel between network interfaces on the OpenBSD machine. IP forwarding is enabled using the sysctl mechanism:
# sysctl net.inet.ip.forwarding=1
# echo 'net.inet.ip.forwarding=1' >> /etc/sysctl.conf
#iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
#iptables --append FORWARD --in-interface eth1 -j ACCEPT
Apply the configuration by using the following command # systemctl restart iptables 
No comments:
Post a Comment