• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 266
  • Last Modified:

Need help with NAT

I'm using RedHat 5.2. I have 2 ethernet cards. One for internet (195.28.198.0) and the other one for my internal network (10.0.0.0). I want to allow workstations from my internal network to go to the internet with an IP address of the 195.28.198.0 network. i know that it's possible but i don't know how to do this. Any idea would be welcome. Thanks, Fred.
0
jacoby
Asked:
jacoby
1 Solution
 
ahoffmannCommented:
195.28.198.0  is a invalid IP address (as long as you do not own a class A or class B network).
0
 
mart010897Commented:

Hi,

I think you're looking for info in IP Masquerading.  Some vendors, such as Ascend, call this "Network Address Translation (NAT)".  Linux supports IP Masquerading natively.  Compile your kernel with support for IP Masquerading, and use the "ipfwadm" tool to set up the proper firewall rules.

Check out the Linux IP Masquerading mini-HOWTO at http://metalab.unc.edu/LDP/HOWTO/mini/IP-Masquerade.html for a lot more detailed information on how to set this up.  It's pretty cool.

good luck!

Mart
0
 
jacobyAuthor Commented:
Thanks Mart, I'll look for this mini HOWTO and let you know.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
n0thingCommented:
ahoffmann,
   I think he reffered to it as a network class number. Not specific IP addr.
Jacoby,

    Are you using your Linux machine as a router ? You have many options as far as
NAT.
1- Make it a firewall, read the IP firewall and ipw HOWTO for more information. Also read the IP forwarding FAQ/HOWTO available at www.linux.org.  
2- If it goes thru a router, like a Cisco box, you could enable NAT on therouter  itself.
3- If you've some pc on the 195.28.198.0 net. You could install one of the "gateway" software available. Like Wingate(www.deerfied.com), MidPoint Companion(www.mindpoint.com), ... and share your connection with your other Win95 PC.

PS: If your internal network is small. I would suggest you to use the class 198.x.x.x as your private class number. If your org. grows ... it'll help the routing table. Specialy if you use classfull routing protocol as RIP/IGRP, etc.
0
 
mart010897Commented:

Guys, 10.x.x.x addresses are just fine for reserved addresses.  I like them better actually, since they make it visually obvious that it's a reserved address class.

195.28.198.0 is a perfectly valid network address.  Belongs to someone called "Proxima Information Xchange" in fact.

Linux works great as a masquerading firewall... no need to jump on the Micro$oft boat for that one.  Wingate?  *shiver*

Cheers,

Mart
0
 
jacobyAuthor Commented:
Thanks nOthing, you're right. 195.28.198.0 is a network (Class C) and 10.0.0.0 is another one.
My server is not the router. It's a Linux Server (Primary DNS and Mail) and this one is know from internet as 195.28.198.254.
I think Mart is right when he talk 'bout IP Masquerading. I come from Microsoft's World (oups  :) ) and i used to do that under Nt with a firewall called Guardian (from Netguard) and it was called Network Address Translation, so i was able to go to the internet with a station from 10.x.x.x network with some security.
Know i have to find how to setup IP Masquerading properly.
Thanks
0
 
mart010897Commented:

Right jacoby, your masquerading firewall can go anywhere on your routed IP network-- doesn't need to go on the router.  195.28.198.254 is fine.  The only requirement is that the Linux box running IP Masquerading be able to reach both the internet and your private network.  In fact, if your private network runs on the same wire as your real one, Linux can even be multi-homed using only one network adapter (IP Aliasing) but the 2-adapter approach is just fine too.


0
 
jacobyAuthor Commented:
I want to thanks everybody here for your help and/or advices.
I've done it with Linuxconf tools and now it works.

Mart post an answer and i'll grade it.

Merry Christmas and Happy new Year, Fred.
0
 
mart010897Commented:

Glad to hear you got it working...

Mart

0
 
jacobyAuthor Commented:
hehe, if you well know apache, just let me know, i've more
questions ...
Fred.
0
 
mart010897Commented:

Sure I know a little apache... post it on the board and i'll take a crack at it.

0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now