Andy Wilson - IP Masquerade - February 2000 IP Masquerade Andy Wilson UNC Chapel Hill February 16, 2000.

Slides:



Advertisements
Similar presentations
1 Linux IP Masquerading Brian Vargyas XNet Information Systems.
Advertisements

Configuring Internet Access for a Network. Overview Options for Connecting a Network to the Internet Configuring Internet Access by Using a Router Configuring.
AOC-2406n Operation Mode configuration guide
DMZ (De-Militarized Zone)
IP Masquerading Homes and Businesses: When you only have one IP but you have LOTS of machines.
IST 201 Chapter 9. TCP/IP Model Application Transport Internet Network Access.
Ipchains and Iptables Linux operating system natively supports packet-filtering rules: Kernel versions 2.2 and earlier support the ipchains command. Kernel.
Cosc 4765 Network Security: Routers, Firewall, filtering, NAT, and VPN.
Basic Network Concepts And Troubleshooting. A Simple Computer Network for File Sharing.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
Transparent Caching The art of caching network traffic without requiring user / browser side configuration.
Linux Networking TCP/IP stack kernel controls the TCP/IP protocol Ethernet adapter is hooked to the kernel in with the ipconfig command ifconfig sets the.
Small Office Service Serial Router Connects Internal Stations to Shared Broadband Access Service Small Office Serial Router Shared Broadband Line ISP.
1 Some TCP/IP Basics....NFSDNSTELNETSMTPFTP UDPTCP IP and ICMP Ethernet, serial line,..etc. Application Layer Transport Layer Network Layer Low-level &
1 Computer System Evolution Central Data Processing System: - with directly attached peripherals (card reader, magnetic tapes, line printer). Local Area.
Scaling Service Requests Linux: ipvsadm & iptoip.
Wi-Fi Structures.
Module 10 Linux Gateway (NAT) 10.1 – Introduction 10.2 – Official website and list 10.3 – Two types of NAT 10.4 – Controlling what to NAT 10.5 – How to.
Computer Network (MASQ/NAT/PROXY)
Andrew Smith 1 NAT and DHCP ( Network Address Translation and Dynamic Host Configuration Protocol )
1 Enabling Secure Internet Access with ISA Server.
1 Chapter Overview Subnet. What is a subnet When you break a network into a few smaller networks, you have created several subnets Like IP address where.
Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.
SUSE Linux Enterprise Server Administration (Course 3037) Chapter 7 Connect the SUSE Linux Enterprise Server to the Network.
Basic Network Training. Cable/DSL Modem The modem is the first link in the chain It is usually provided by the ISP and often has a coax cable connector.
The Basics of Networking. Rick Graziani What is networking? Communication! An interconnection of computers and other devices: –Printers.
Day15 IP Space/Setup. IP Suite of protocols –TCP –UDP –ICMP –GRE… Gives us many benefits –Routing of packets over internet –Fragmentation/Reassembly of.
One to One instructions Installing and configuring samba on Ubuntu Linux to enable Linux to share files and documents with Windows XP.
CBAC L AB. Nmap Port scanner Nmap: the beef, Zenmap: GUI frontend Findings before CBAC firewall c. What services are running and available on R1 from.
DHCP: Dynamic Host Configuration Protocol
Network Address Translation (NAT)
Basic Configuration-Modify LAN IP address for DFL Firewall
NetFilter – IPtables Firewall –Series of rules to govern what Kind of access to allow on your system –Packet filtering –Drop or Accept packets NAT –Network.
07/11/ L10/1/63 COM342 Networks and Data Communications Ian McCrumRoom 5B18 Tel: voice.
Internet Connection Sharing Ben Ramig Erik Tierney.
9/11/2015Home Networking1 Bob.test Have Road Runner Unhappy about reports of constant probes of machines Policy decision –I want to prevent unauthorized.
Packet Filtering and Firewall
1 IP: putting it all together Part 2 G53ACC Chris Greenhalgh.
BASIC CONFIGURATION MODEM D-LINK
CTSP TRAINING Router 101 And Networking Basics. You Don’t Need Internet Access to Run or Connect your devices to an Ethernet switch or Router Enable DHCP.
SCSC 455 Computer Security Network Security. Control access to system Access control mechanisms in specific network programs  e.g. 1, wu-FTP server support.
Linux: A Wireless Solution Josh Joiner. Agenda Introduction Minimum Hardware Basic Components Steps on setting up a wireless network Security Concerns.
Module 7: Firewalls and Port Forwarding 1. Overview Firewall configuration for Web Application Hosting Forwarding necessary ports for Web Application.
0Gold 11 0Gold 11 LapLink Gold 11 Firewall Service How Connections are Created A Detailed Overview for the IT Manager.
1 The Firewall Menu. 2 Firewall Overview The GD eSeries appliance provides multiple pre-defined firewall components/sections which you can configure uniquely.
Ethernet port  Make sure that your computer has an Ethernet connection (RJ45 port).  Power the zSeries on and make sure the “network link” LED is solid.
Wireless Networks and the NetSentron By: Darren Critchley.
 The Control Panel window will pop up. Existing LAN USB-to-Ethernet adapter  Use an inexpensive USB-to-Ethernet adapter and connect it to your computer’s.
CHAPTER 3 PLANNING INTERNET CONNECTIVITY. D ETERMINING INTERNET CONNECTIVITY REQUIREMENTS Factors to be considered in internet access strategy: Sufficient.
Network Address Translations Project no. : 12 Prof. Edmund Gean Presented by DhruvaPatel( ) Sweta Patel( ) Rushika Patel ( ) Guided.
Private Network Interconnection Chapter 20. Introduction Privacy in an internet is a major concern –Contents of datagrams that travel across the Internet.
1 Firewalls. ECE Internetwork Security 2 Overview Background General Firewall setup Iptables Introduction Iptables commands “Limit” Function Explanation.
Firewalling With Netfilter/Iptables. What Is Netfilter/Iptables? Improved successor to ipchains available in linux kernel 2.4/2.6. Netfilter is a set.
NAT Network Address Translation. Reading CNI – pp Port Mapping LA – pp NAT.
,294,967,296 Q. What are private IP addresses? A. The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the.
1 Firewalls. ECE Internetwork Security 2 Overview Background General Firewall setup Iptables Introduction Iptables commands “Limit” Function Explanation.
Firewalls Group 11Group 12 Bryan Chapman Richard Dillard Rohan Bansal Huang Chen Peijie Shen.
© 2004, Cisco Systems, Inc. All rights reserved. CSPFA 3.2—7-1 Lesson 7 Access Control Lists and Content Filtering.
Linux Firewall For the Office and Home Nov 17, 2001 Matthew Tam, CISSP.
Computer Networks & FirewallsUniversity IT Security Office - Tom Davis, CISSP University IT Security Officer Office of the Vice.
1. At least two computers 2. Network adapters for each computer. The cost should be approximately $ If you have a 10Base-T adapters, and only.
© 2006 Intertex Data AB 1 Connect your LAN to the SIP world, while keeping your existing firewall*! The IX67 LAN SIParator (Part of the SIP Switch option.
1 CNLab/University of Ulsan Chapter 19 Firewalls  Packet Filtering Firewall  Application Gateway Firewall  Firewall Architecture.
Lab 12 – Cisco Firewall.
Firewalls.
Digital Pacman: Firewall Edition
Setting Up Firewall using Netfilter and Iptables
Firewalls By conventional definition, a firewall is a partition made
Request for Comments(RFC) 3489
IP Addresses & Ports IP Addresses – identify a device on a network
Presentation transcript:

Andy Wilson - IP Masquerade - February 2000 IP Masquerade Andy Wilson UNC Chapel Hill February 16, 2000

Andy Wilson - IP Masquerade - February 2000 Outline What’s IP Masquerade?What’s IP Masquerade? Why would you want it?Why would you want it? How it worksHow it works What you’ll needWhat you’ll need Setting upSetting up TestingTesting

Andy Wilson - IP Masquerade - February 2000 What’s IP Masquerade? Network Address Translation (NAT) under LinuxNetwork Address Translation (NAT) under Linux –almost, but not quite, the same as firewalling Allows several networked computers to talk to the Internet through a single IP addressAllows several networked computers to talk to the Internet through a single IP address

Andy Wilson - IP Masquerade - February 2000 Why would you want it? Connectivity for a home networkConnectivity for a home network –Many ISPs only allow one IP address SecuritySecurity –Hide machines containing sensitive information –Allow access only to specific services on specific machines

Andy Wilson - IP Masquerade - February 2000 How it works: Network Structure Frodo Bilbo Pippin Gateway PPP: Enet: Internet Home Network

Andy Wilson - IP Masquerade - February 2000 How it works: Example slashdot.org Gateway PPP: Enet: Frodo New connection: :1234 to :80

Andy Wilson - IP Masquerade - February 2000 How it works: Example Gateway PPP: Enet: Frodo Connected: :1234 to :80 New connection: :5432 to :80 Port map: > Frodo:1234

Andy Wilson - IP Masquerade - February 2000 How it works: Example Gateway PPP: Enet: Frodo Connected: :1234 to :80 Connected: :5432 to :80 Port map: > Frodo:1234 Connection opened: from :5432 to :80

Andy Wilson - IP Masquerade - February 2000 How it works: Example Gateway PPP: Enet: Frodo Connected: :1234 to :80 Data received: :5432 from :80 Port map: > Frodo:1234 Connection opened: from :5432 to :80

Andy Wilson - IP Masquerade - February 2000 How it works: Example Gateway PPP: Enet: Frodo Data received: :1234 from :80 Data received: :5432 from :80 Port map: > Frodo:1234 Connection opened: from :5432 to :80

Andy Wilson - IP Masquerade - February 2000 What you’ll need Two computers (at least)Two computers (at least) Local LANLocal LAN Outside connection (ISP)Outside connection (ISP) One machine running kernel 2.2.x (x > 13)One machine running kernel 2.2.x (x > 13) – is possible but not recommended »(see HOWTO for details)

Andy Wilson - IP Masquerade - February 2000 Setting Up: Overview Build a kernel with the right options enabledBuild a kernel with the right options enabled Configure your LANConfigure your LAN Configure your ISP connectionConfigure your ISP connection Configure IPCHAINSConfigure IPCHAINS Reboot and testReboot and test CelebrateCelebrate

Andy Wilson - IP Masquerade - February 2000 Setting Up: Compiling the Kernel If this is your first time compiling a kernel:If this is your first time compiling a kernel: DON’T PANIC.DON’T PANIC. Read the Kernel-HOWTO for instructions. It’s quite simple. After that...Read the Kernel-HOWTO for instructions. It’s quite simple. After that...

Andy Wilson - IP Masquerade - February 2000 Setting Up: Kernel Options Enable incomplete/development drivers Enable incomplete/development drivers Enable networking, firewalls, TCP/IP Enable networking, firewalls, TCP/IP Enable firewalling (again) Enable firewalling (again) Enable masquerading, always defragment Enable masquerading, always defragment Enable ICMP masquerade Enable ICMP masquerade Enable IP forwarding Enable IP forwarding  Disable ipautofw Enable TCP syncookies Enable TCP syncookies Enable /proc filesystem Enable /proc filesystem Enable PPP (if your ISP connection is a dialup) Enable PPP (if your ISP connection is a dialup) Don’t forget a driver for your Ethernet card! Don’t forget a driver for your Ethernet card!

Andy Wilson - IP Masquerade - February 2000 Setting Up: LAN configuration IANA Reserved Network NumbersIANA Reserved Network Numbers – /8 – /16 – /16 Select IP addresses from one of these blocksSelect IP addresses from one of these blocks Default gateway should be firewall machineDefault gateway should be firewall machine Consider running a nameserver on firewallConsider running a nameserver on firewall

Andy Wilson - IP Masquerade - February 2000 Example Network Frodo Bilbo Pippin Gateway PPP: Enet: Internet Home Network

Andy Wilson - IP Masquerade - February 2000 Setting Up: IPCHAINS Create /etc/rc.d/rc.firewall (or add to rc.local)Create /etc/rc.d/rc.firewall (or add to rc.local) #!/bin/sh # Enable IP forwarding (hopefully disabled at boot by default) echo “1” > /proc/sys/net/ipv4/ip_forward # Set masquerade timeouts (2 hours for TCP, 10sec for connection closing, # 160 sec for UDP (like ICQ)) /sbin/ipchains -M -S # Set up masquerade policies # by default, deny everything /sbin/ipchains -P forward DENY # but masquerade for just this one network /sbin/ipchains -A forward -s /24 -j MASQ

Andy Wilson - IP Masquerade - February 2000 Setting Up: IPCHAINS Configure connection to the outside world as usualConfigure connection to the outside world as usual –diald is useful! Make sure rc.firewall gets run at boot timeMake sure rc.firewall gets run at boot time –chmod 700 /etc/rc.d/rc.firewall –in /etc/rc.d/rc.local: »/etc/rc.d/rc.firewall

Andy Wilson - IP Masquerade - February 2000 Testing From firewall:From firewall: –Connect to ISP and ping outside world –Ping a machine inside your network From your network:From your network: –Ping firewall machine –Ping outside world by IP number –Ping outside world by name –Visit your favorite Web site

Andy Wilson - IP Masquerade - February 2000 Learning More IP Masquerade Resource:IP Masquerade Resource: – HOWTO (at (at –Kernel –IP masquerade –Networking overview –Ethernet

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.