Heres what i consider, tricky
How if possible can i use a shared internet connection.
Our server is connected to the internet but our other computer which im installing linux on uses the internet through the other computer so is it possible to use it through the other comp like on windows? Thanks |
Yes, either using some form of NAT, iptables or a proxy server.
|
Quote:
but if you use iptables for conection sharing it does NAT ;) As for the original question: Quote:
Cheers, Tink |
Quote:
Can't win them all. |
Quote:
developers and the kernel maintainers :) Quote:
Cheers, Tink |
If you took offence, I did mean anything by the post.
|
No worries...
Cheers, Tink |
Just to chime in on iptables capabilities. I believe it can do both full fledged NAT (Network Address Translation) and another form of NAT that is more specifically called IP masquerading. The earlier program ipchains, which iptables replaced, was, I believe, only capable of doing IP masquerading, so that may be why someone said that iptables is not capable of doing NAT.
The difference between IP masquerading and full fledged NAT is as follows: With NAT the Linux router picks up traffic directed to any of a number of ouside IP addresses and translates certain outside addresses to inside addresses on a one to one basis, and also translates the internal addresses to outside addresses on the same basis. It is also possible to make it so users of several inside addresses have Internet browsing access using a NAT pool of fewer outside addresses (I haven't seen this done on a Linux box; I've never checked to see if it was possible with iptables, but I imagine that it is), but this arrangement will not make the inside machines that are using the pool visible to the outside world as servers. You can combine one to one translations for servers and a pool for other Internet access on the same router. With IP masquerading you share Internet access through a single outside address by making it so different ports of the outside address are used to represent different inside IP addresses. This can even be used to make servers available to the outside by creating virtual servers on the router that simply redirect traffic addressed to them to different inside addresses (usually) on the same port. |
I am using iptables to do just that.
I have several server that are NAT'ed, and internal users that are pooled. You can load balance with NAT, etc. Sample Rules: This set assumes that you have some knowledge of iptables. ########################### # Configure Interfaces # ########################### # /sbin/ifconfig eth0:1 "enter_public_ip_here" broadcast "b-cast" netmask 255.255.255.0 /sbin/ifconfig eth1:0 192.168.2.1 broadcast 192.168.2.255 netmask 255.255.255.0 ########################### # Flush Rules # ########################### # iptables -F iptables -X iptables -F FORWARD iptables -F INPUT iptables -F OUTPUT iptables -Z # Zero ALL counters # ########################## # Set policies for rules # ########################## # iptables -P INPUT ACCEPT iptables -P OUTPUT ACCEPT iptables -P FORWARD DROP # ######################## # Setup NAT forwarding # ######################## # iptables -N nat iptables -t nat -F # iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT # ################ # Drop PING ################ # iptables -A INPUT -s 0.0.0.0/0 -d "enter_public_ip_here" -p icmp -j DROP # ################ # The following systems, unspecified with NAT, # to have the IP of "enter_public_ip_here" when visiting the internet ################ # iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to "enter_public_ip_here" # ####################### # NAT translations start below ####################### # ####################### # Server Config ####################### # iptables -t nat -A PREROUTING -d "enter_other_public_ip_here" -j DNAT --to 192.168.2.2 iptables -t nat -A POSTROUTING -s 192.168.2.2 -j SNAT --to "enter_other_public_ip_here" # ############## # End Of File ############## |
Just a little extra info:
SNAT and MASQUERADE are essentially the same in that internal addresses are changed to match the public IP when outgoing and changed back to the internal address when incoming. The incoming packets are identified as belonging to a certain internal IP through connection_tracking and are allowed in with state matching (iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT) The difference between the two is that SNAT is used with a fixed IP address whereas MASQUERADE is used when the IP address is assigned from a pool of IP addresses assigned by an ISP either through PPP or DHCP. Obviously, MASQUERADE involves a little more overhead in determining what IP address has been assigned by the ISP, but will work automatically no matter which IP address is being used currently. You can use SNAT with an indicated IP address, but you will have to change it in the firewall script each time an assigned address changes. |
All times are GMT -5. The time now is 04:47 AM. |