Network Address Translation (NAT) is a way to map an entire network (or networks) to a single IP address. NAT is necessary when the number of IP addresses assigned to you by your Internet Service Provider is less than the total number of computers that you wish to provide Internet access for.
How NAT Works
WAN = eth0 with public IP 14.139.85.12
LAN = eth1 with private IP 10.0.0.1/ 255.0.0.0
When a client on the internal network contacts a machine on the Internet, it
sends out IP packets destined for that machine. These packets contain all the
addressing information necessary to get them to their destination. NAT is
concerned with these pieces of information: - Source IP address (for example, 10.0.0.69)
- Source TCP or UDP port (for example, 2132)
i)reverse the changes on return packets and
ii) ensure that return packets are passed through the firewall and are not blocked.
For example, the following changes might be made
- Source IP: replaced with the external address of the gateway (for example, 14.139.85.12)
- Source port: replaced with a randomly chosen, unused port on the gateway (for example, 53136)
IP Forwarding
Since NAT is almost always used on routers and network gateways, it will probably be necessary to enable IP forwarding so that packets can travel between network interfaces on the OpenBSD machine. IP forwarding is enabled using the sysctl mechanism:
# sysctl net.inet.ip.forwarding=1
# echo ‘net.inet.ip.forwarding=1’ >> /etc/sysctl.conf
#iptables –table nat –append
POSTROUTING –out-interface eth0 -j MASQUERADE
#iptables –append FORWARD –in-interface eth1 -j ACCEPT
Apply the configuration by using the following command # systemctl restart iptables
No comments:
Post a Comment