Difference between revisions of "Set up Network Address Translation"

From Linuxintro
imported>ThorstenStaerk
 
(8 intermediate revisions by one other user not shown)
Line 1: Line 1:
To set up NAT ([[network]] address translation), [[open a console]] and enter
+
= Overview =
 +
Network address translation (NAT) is if you have a private network with private IP addresses and all these computers share access the internet via one computer. This computer, it can also be a cluster, is said to translate the network addresses between the private network and the internet.
 +
 
 +
 +
                                                -----------------------------------------------------------
 +
                                              |                                                          |
 +
                                              |                          --------------                  |
 +
                                              |                        | internal    |                  |
 +
                                              |                        /| 172.16.0.43  |                  |
 +
                                              |                      /  --------------                  |
 +
                                        -------------                /                                    |
 +
                  ---------            | NAT-gateway |              /    --------------                  |
 +
                |internet |------------| 10.2.2.18  |            /    |  internal    |                  |
 +
                  ---------            | 172.16.0.1  |------------------| 172.16.0.42  |                  |
 +
                                        -------------                    --------------                  |
 +
                                              |                                                          |
 +
                                                -----------------------------------------------------------
 +
 
 +
= Set it up =
 +
To set up NAT ([[network]] address translation) on the NAT gateway, [[open a console]] and  
 +
* allow IP traffic forwarding on the NAT-gateway
 
  [[echo]] 1 > /proc/sys/net/ipv4/ip_forward
 
  [[echo]] 1 > /proc/sys/net/ipv4/ip_forward
  iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
+
* tell the kernel on the NAT-gateway to forward traffic to the outgoing interface ''eth0'' and masquerade it, so it will put its own IP address into each packet's header:
 +
  iptables -t nat -A POSTROUTING -o <abbr title="outgoing interface">''eth0''</abbr> -j MASQUERADE
 +
 
 +
= Test it =
 +
To test if it has worked, go to one of the internal computers and set the computer doing NAT as gateway, e.g. under Linux:
 +
route add default gw ''192.168.0.1''
 +
Then try to ping google's name server. If it works, you did it right:
 +
ping 8.8.8.8
  
 
= See also =
 
= See also =
 +
* [[set up a wireless accesspoint]]
 +
* [[Tunneling with OpenSSH]]
 
* [http://www.nerdgrind.com/set-up-nat-with-linux-and-iptables-firewall/ set up NAT]
 
* [http://www.nerdgrind.com/set-up-nat-with-linux-and-iptables-firewall/ set up NAT]
  
 
[[Category:Guides]]
 
[[Category:Guides]]

Latest revision as of 11:43, 18 June 2015

Overview

Network address translation (NAT) is if you have a private network with private IP addresses and all these computers share access the internet via one computer. This computer, it can also be a cluster, is said to translate the network addresses between the private network and the internet.


                                               -----------------------------------------------------------
                                              |                                                           |
                                              |                          --------------                   |
                                              |                         | internal     |                  |
                                              |                        /| 172.16.0.43  |                  |
                                              |                       /  --------------                   |
                                        -------------                /                                    |
                 ---------             | NAT-gateway |              /    --------------                   |
                |internet |------------| 10.2.2.18   |             /    |  internal    |                  |
                 ---------             | 172.16.0.1  |------------------| 172.16.0.42  |                  |
                                        -------------                    --------------                   |
                                              |                                                           |
                                               -----------------------------------------------------------

Set it up

To set up NAT (network address translation) on the NAT gateway, open a console and

  • allow IP traffic forwarding on the NAT-gateway
echo 1 > /proc/sys/net/ipv4/ip_forward
  • tell the kernel on the NAT-gateway to forward traffic to the outgoing interface eth0 and masquerade it, so it will put its own IP address into each packet's header:
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

Test it

To test if it has worked, go to one of the internal computers and set the computer doing NAT as gateway, e.g. under Linux:

route add default gw 192.168.0.1

Then try to ping google's name server. If it works, you did it right:

ping 8.8.8.8

See also