Solved

Need help with NAT

Posted on 1998-12-23
11
213 Views
Last Modified: 2010-03-18
I'm using RedHat 5.2. I have 2 ethernet cards. One for internet (195.28.198.0) and the other one for my internal network (10.0.0.0). I want to allow workstations from my internal network to go to the internet with an IP address of the 195.28.198.0 network. i know that it's possible but i don't know how to do this. Any idea would be welcome. Thanks, Fred.
0
Comment
Question by:jacoby
11 Comments
 
LVL 51

Expert Comment

by:ahoffmann
Comment Utility
195.28.198.0  is a invalid IP address (as long as you do not own a class A or class B network).
0
 
LVL 1

Expert Comment

by:mart010897
Comment Utility

Hi,

I think you're looking for info in IP Masquerading.  Some vendors, such as Ascend, call this "Network Address Translation (NAT)".  Linux supports IP Masquerading natively.  Compile your kernel with support for IP Masquerading, and use the "ipfwadm" tool to set up the proper firewall rules.

Check out the Linux IP Masquerading mini-HOWTO at http://metalab.unc.edu/LDP/HOWTO/mini/IP-Masquerade.html for a lot more detailed information on how to set this up.  It's pretty cool.

good luck!

Mart
0
 
LVL 1

Author Comment

by:jacoby
Comment Utility
Thanks Mart, I'll look for this mini HOWTO and let you know.
0
 
LVL 5

Expert Comment

by:n0thing
Comment Utility
ahoffmann,
   I think he reffered to it as a network class number. Not specific IP addr.
Jacoby,

    Are you using your Linux machine as a router ? You have many options as far as
NAT.
1- Make it a firewall, read the IP firewall and ipw HOWTO for more information. Also read the IP forwarding FAQ/HOWTO available at www.linux.org.  
2- If it goes thru a router, like a Cisco box, you could enable NAT on therouter  itself.
3- If you've some pc on the 195.28.198.0 net. You could install one of the "gateway" software available. Like Wingate(www.deerfied.com), MidPoint Companion(www.mindpoint.com), ... and share your connection with your other Win95 PC.

PS: If your internal network is small. I would suggest you to use the class 198.x.x.x as your private class number. If your org. grows ... it'll help the routing table. Specialy if you use classfull routing protocol as RIP/IGRP, etc.
0
 
LVL 1

Expert Comment

by:mart010897
Comment Utility

Guys, 10.x.x.x addresses are just fine for reserved addresses.  I like them better actually, since they make it visually obvious that it's a reserved address class.

195.28.198.0 is a perfectly valid network address.  Belongs to someone called "Proxima Information Xchange" in fact.

Linux works great as a masquerading firewall... no need to jump on the Micro$oft boat for that one.  Wingate?  *shiver*

Cheers,

Mart
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 1

Author Comment

by:jacoby
Comment Utility
Thanks nOthing, you're right. 195.28.198.0 is a network (Class C) and 10.0.0.0 is another one.
My server is not the router. It's a Linux Server (Primary DNS and Mail) and this one is know from internet as 195.28.198.254.
I think Mart is right when he talk 'bout IP Masquerading. I come from Microsoft's World (oups  :) ) and i used to do that under Nt with a firewall called Guardian (from Netguard) and it was called Network Address Translation, so i was able to go to the internet with a station from 10.x.x.x network with some security.
Know i have to find how to setup IP Masquerading properly.
Thanks
0
 
LVL 1

Expert Comment

by:mart010897
Comment Utility

Right jacoby, your masquerading firewall can go anywhere on your routed IP network-- doesn't need to go on the router.  195.28.198.254 is fine.  The only requirement is that the Linux box running IP Masquerading be able to reach both the internet and your private network.  In fact, if your private network runs on the same wire as your real one, Linux can even be multi-homed using only one network adapter (IP Aliasing) but the 2-adapter approach is just fine too.


0
 
LVL 1

Author Comment

by:jacoby
Comment Utility
I want to thanks everybody here for your help and/or advices.
I've done it with Linuxconf tools and now it works.

Mart post an answer and i'll grade it.

Merry Christmas and Happy new Year, Fred.
0
 
LVL 1

Accepted Solution

by:
mart010897 earned 200 total points
Comment Utility

Glad to hear you got it working...

Mart

0
 
LVL 1

Author Comment

by:jacoby
Comment Utility
hehe, if you well know apache, just let me know, i've more
questions ...
Fred.
0
 
LVL 1

Expert Comment

by:mart010897
Comment Utility

Sure I know a little apache... post it on the board and i'll take a crack at it.

0

Featured Post

Enabling OSINT in Activity Based Intelligence

Activity based intelligence (ABI) requires access to all available sources of data. Recorded Future allows analysts to observe structured data on the open, deep, and dark web.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now