IP Masquerade

Zaharioudakis Nikos ee2494 at ee.teiath.gr
Mon Apr 5 22:28:37 EEST 2004 

vasika iparxoun diafora senaria

1) the easy way ---> kanis ena masquarade sto linuxokouto ws eksis

           estw oti ta iptables trexoun gia na to epivevewsis trexis
              service iptables status
                       ----gia na ta energopiisis
              service iptables start
              katwpin gia na ise sigouri oti 8a sikwnonte panta me to boot 
              chkconfig --level 35 iptables on
twra pou ta iptables ok kai trexoun pame gia ta ipolipa
lsmod | grep iptable_nat gia na ise sigouri oti to module exi sikw8i
            an den paris apantisi apo auto min anisixisis apla trekse
             modprobe iptable_nat   gia na to fortwsi
 kai twra i magiki entoli pou kerdizi
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
gia na swsoume tin allagi otan kani boot na iparxi trexoume
             service iptables save
min ksexasis na energopiisis to ipforwarding ston kernel
echo "1" > /proc/sys/net/ipv4/ip_forward
meta gia na iparxi kai auti i allagi otan kani reboot to linuxokouto
anikse to arxio /etc/sysctl.conf
kai tin grammi net.ipv4.ip_forward = 0 tin allazis apo 0 se 1
kai ise etimi !!!
twra an 8es na koufanis to kosmo sto ergastirio fasi 8a ixe na anevasis kai ena
dhcp server prokimenou na dini to linuxokouto automata ip sous clients tou
ergastiriou. Kata auto ton tropo oi ri8misis TCP/IP sta M$ clients 8a ine ola
ston automato
kai pame ws eksis
rpm -qa |grep dhcp
              an gia apantisi sou dwsi mia ekdwsi tou dhcp rpm paketou tote pame
kala.an oxi tote trekse to eksi gia na to kanis egatastasi ke mias ke ise sto
politexnio trekse
rpm -Uvh
ftp://ftp.ntua.gr/pub/linux/redhat/linux/9/en/os/i386/RedHat/RPMS/dhcp-3.0pl1-23.i386.rpm

auto 8a sou kani egatastasi tou dhcp server


meta anikse to arxio
/etc/dhcpd.conf (mpori na ine ke sto /etc/dhcpd/dhcpd.conf den 8imame akrivws)

ke kane paste to parakatw periexomeno ke mono auto {sigoura exi idi kapies
ri8misis tis opies an tis afisis tote den 8a pezi tipota.sinepws i ta svinis ola
ke vazis to parakatw conf i kata voulisi sou dior8wnis to iparxon

ddns-update-style interim;

default-lease-time              600;
max-lease-time                  7200;

subnet 192.168.10.0 netmask 255.255.255.0 {
  option routers 192.168.10.1;
  option subnet-mask 255.255.255.0;
  option 147.102.222.230, 147.102.222.210, 147.102.222.220;
  range 192.168.100.2 192.168.100.100;
} 

Exe ipopsin sou oti prepi na epivevewsis gia to an mporis na xrisimopoisis to
diktio 192.168.10/24 kai oti gia dns mporis na xrisimopiisis gia dns tous
147.102. ktl. kata vasi an to ergastirio den sindeete me to ipolipo idrima ara
mono mesa apo to server sou tote den enoxlis kanena. Alla kalou kakou rwta gia
tin dieu8insiodwtisi twn pc
telos an exi palia pc me win 95 ke 98 kamia fora gia na paroun ip xriazet ke to 

sbin/route add -host 255.255.255.255 dev eth0

twra grafis service dhcpd start
ke gia na trexi to service sto reboot
chkconfig --level 35 dhcpd on

An ola exoun pai kala tote sta pc tou ergastiriou exis internet. (min ksexasis
na valis tis ri8misis diktiou automata ola.



senario 2) pio eukolo ke ginete me dio kinisis
setaris to squid (proxy server ) me auto ton tropo omws oi clients exoun web ke
ftp traffic mesa apo to server sou. Kazaa ke irc ktl mallon 8a ta ksexasoun.
pame lipon ws eksis. Exe ipopsin sou oti o squid ine ena iperoxo ergalio pou
omws 8eli arketo diavasma mexri na ton pisis na kani ta vodoo pou exis diabasi.
Gia to logo auto 8a kanoume to minimoum tou configuration mono ke mono gia na
dis internet. 
kat'arxin na ma8oume an to paketo ine egatestimeno (kata pasa pi8anotita ine )
rpm -qa|grep squid

an ne kalws alliws
rpm -Uvh
ftp://ftp.ntua.gr/pub/linux/redhat/linux/9/en/os/i386/RedHat/RPMS/squid-2.5.STABLE1-2.i386.rpm



anigis to arxio /etc/squid/squid.conf 8a pas stin grami 1430 ke 8a grapsis tin
eksis grammi

acl laura src192.168.10.0/24

meta stin grammi 1465 ke anamesa apo tis eggraffes
http_access allow localhost
http_access deny all

esi 8a pros8esis mia grammi opote 8a gin ws eksis

http_access allow localhost
http_access allow laura
http_access deny all

meta to staurwnis ke grafis service squid start
ke fisika 
chkconfig --level 35 squid on gia to reboot

twra pigenis se ena pc vasis ston internet explorer gia proxy tin ip tou proxy
stin port 3128. ke meta  mporis na arxisis to sserfarisma. to kommati tou dhcp
mporis na to kanis an to epi8imis ite oxi.


3) senario ine pio gledzediko alla nomizw oti ksefeugis ligo 
se auto kanis to linuxokouto transparent proxy. ousiastika ine to senario 2 me
extra ri8misis gia to iptables ke kati mikroXtra gia ton squid


Kali epitixia , an kati den pai kati kala mail stin lista

Zaharioudakis Nikos


Quoting Stavroula Skylaki <el00189 at mail.ntua.gr>:

> Hello se olous,
> 
> eimai ki egw kainourgia me to linux omws exw ena dyskolo task. Thelw na
> ftiaksw firewall kai proxy server me linux wste na mporw na exw ena eswteriko
> diktyo me "aorates IP" kai enan ypologisth pou na diakinei thn kinisi tou
> diktyou pros ta eksw. 
> 
> Kserei kaneis an tha xreiastw IP masquerade?Ypothetw pws nai. Pws ylopoieitai
> auto se RedHat 9.0?
> 
> Thanks,
> Laura.


--

More information about the Migrate2linux mailing list