Solved

Need help with NAT

Posted on 1998-12-23
11
242 Views
Last Modified: 2010-03-18
I'm using RedHat 5.2. I have 2 ethernet cards. One for internet (195.28.198.0) and the other one for my internal network (10.0.0.0). I want to allow workstations from my internal network to go to the internet with an IP address of the 195.28.198.0 network. i know that it's possible but i don't know how to do this. Any idea would be welcome. Thanks, Fred.
0
Comment
Question by:jacoby
11 Comments
 
LVL 51

Expert Comment

by:ahoffmann
ID: 1587967
195.28.198.0  is a invalid IP address (as long as you do not own a class A or class B network).
0
 
LVL 1

Expert Comment

by:mart010897
ID: 1587968

Hi,

I think you're looking for info in IP Masquerading.  Some vendors, such as Ascend, call this "Network Address Translation (NAT)".  Linux supports IP Masquerading natively.  Compile your kernel with support for IP Masquerading, and use the "ipfwadm" tool to set up the proper firewall rules.

Check out the Linux IP Masquerading mini-HOWTO at http://metalab.unc.edu/LDP/HOWTO/mini/IP-Masquerade.html for a lot more detailed information on how to set this up.  It's pretty cool.

good luck!

Mart
0
 
LVL 1

Author Comment

by:jacoby
ID: 1587969
Thanks Mart, I'll look for this mini HOWTO and let you know.
0
Master Your Team's Linux and Cloud Stack!

The average business loses $13.5M per year to ineffective training (per 1,000 employees). Keep ahead of the competition and combine in-person quality with online cost and flexibility by training with Linux Academy.

 
LVL 5

Expert Comment

by:n0thing
ID: 1587970
ahoffmann,
   I think he reffered to it as a network class number. Not specific IP addr.
Jacoby,

    Are you using your Linux machine as a router ? You have many options as far as
NAT.
1- Make it a firewall, read the IP firewall and ipw HOWTO for more information. Also read the IP forwarding FAQ/HOWTO available at www.linux.org.  
2- If it goes thru a router, like a Cisco box, you could enable NAT on therouter  itself.
3- If you've some pc on the 195.28.198.0 net. You could install one of the "gateway" software available. Like Wingate(www.deerfied.com), MidPoint Companion(www.mindpoint.com), ... and share your connection with your other Win95 PC.

PS: If your internal network is small. I would suggest you to use the class 198.x.x.x as your private class number. If your org. grows ... it'll help the routing table. Specialy if you use classfull routing protocol as RIP/IGRP, etc.
0
 
LVL 1

Expert Comment

by:mart010897
ID: 1587971

Guys, 10.x.x.x addresses are just fine for reserved addresses.  I like them better actually, since they make it visually obvious that it's a reserved address class.

195.28.198.0 is a perfectly valid network address.  Belongs to someone called "Proxima Information Xchange" in fact.

Linux works great as a masquerading firewall... no need to jump on the Micro$oft boat for that one.  Wingate?  *shiver*

Cheers,

Mart
0
 
LVL 1

Author Comment

by:jacoby
ID: 1587972
Thanks nOthing, you're right. 195.28.198.0 is a network (Class C) and 10.0.0.0 is another one.
My server is not the router. It's a Linux Server (Primary DNS and Mail) and this one is know from internet as 195.28.198.254.
I think Mart is right when he talk 'bout IP Masquerading. I come from Microsoft's World (oups  :) ) and i used to do that under Nt with a firewall called Guardian (from Netguard) and it was called Network Address Translation, so i was able to go to the internet with a station from 10.x.x.x network with some security.
Know i have to find how to setup IP Masquerading properly.
Thanks
0
 
LVL 1

Expert Comment

by:mart010897
ID: 1587973

Right jacoby, your masquerading firewall can go anywhere on your routed IP network-- doesn't need to go on the router.  195.28.198.254 is fine.  The only requirement is that the Linux box running IP Masquerading be able to reach both the internet and your private network.  In fact, if your private network runs on the same wire as your real one, Linux can even be multi-homed using only one network adapter (IP Aliasing) but the 2-adapter approach is just fine too.


0
 
LVL 1

Author Comment

by:jacoby
ID: 1587974
I want to thanks everybody here for your help and/or advices.
I've done it with Linuxconf tools and now it works.

Mart post an answer and i'll grade it.

Merry Christmas and Happy new Year, Fred.
0
 
LVL 1

Accepted Solution

by:
mart010897 earned 200 total points
ID: 1587975

Glad to hear you got it working...

Mart

0
 
LVL 1

Author Comment

by:jacoby
ID: 1587976
hehe, if you well know apache, just let me know, i've more
questions ...
Fred.
0
 
LVL 1

Expert Comment

by:mart010897
ID: 1587977

Sure I know a little apache... post it on the board and i'll take a crack at it.

0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question