About Me

My photo
Hi Friends, I am Sandeep CC and some people know me as System Administrator. I have started my professional career from 2008. I have been working as System Administrator on Linux Server and Windows Client. I am here to share my Knowledge in which I have experienced and which I have come across till now, It could be help to you people. In case anything wrong or any improvements in my post steps, Please comment to the post, Feel free to contact me by posting comments on this blog. Thanks and Regards, Sandeep CC

Monday, July 16, 2012

NAT CONFIGURATION ON REDHAT LINUX-5



REQUIREMENT:

1. Red Hat (LINUX OS) Installed Machine
2. 2 Eth Cards
3. Internet Connection
4. Local Area Network
5. IPTABLES Installed

"HARDWARE CONNECTIONS"

ISP PROVIDED CONNECTION --> MODEM --> DIRECT LINE TO LINUX MACHINE eth0 & LINUX MACHINE eth1 CONNECT TO SWITCH --> SWITCH CONNECTED TO LAN"

SERVER & NETWORK DETAILS:

eth0 = Public IP (INTERNET) (WAN)
eth1 = Private IP (INTRANET) (LAN)
PUBLIC IP: 192.168.1.1 (Example IP)
LOCAL IP: 192.168.4.1

STEPS TO NATING:

STEP-1. CONFIRM 2 NETWORK CARD's ARE INSTALLED PROPERLY: (O/P Should 2)

[root@router ~]# ls /etc/sysconfig/network-scripts/ifcfg-eth* | wc -l
2
[root@router ~]#

STEP-2. ASSIGN IP ADDRESS SUBNET & GATEWAY TO eth0 & eth1 CARDS

eth0 (PUBLIC IP...ALL DETAILS PROVIDED BY ISP)

[root@router ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
HWADDR=xx:xx:xx:xx:xx:xx
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
PEERDNS=yes
NETMASK=255.255.255.252 ----> SUBNET MAST PROVIDED BY IPS
IPADDR=192.168.1.1 ---> IP PROVIDED BY ISP
GATEWAY=192.168.1.2 ---> GATEWAY PROVIDED BY IPS
[root@router ~]#

eth1 (PRIVATE IP...ALL YOUR LAN DETAILS)

[root@router ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
BOOTPROTO=none
HWADDR=xx:xx:xx:xx:xx:xx
ONBOOT=yes
TYPE=Ethernet
#USERCTL=no
#IPV6INIT=no
#PEERDNS=yes
NETMASK=255.255.255.0 ---> LOCAL AREA NETWORK SUBNET MASK
IPADDR=192.168.4.1 ---> LOCAL AREA NETWORK IP
NETWORK=192.168.4.0 ---> LOCAL AREA NETWORK
[root@router ~]#

STEP-3 /ETC/HOSTS FILE MODIFICATIONS

[root@router ~]# cat /etc/hosts
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 nat localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6
[root@router ~]#

STEP-4 GATEWAY CONFIGURATION (ISP PROVIDE G/W)

[root@router ~]# cat /etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=yes
HOSTNAME=LINUX-NAT
GATEWAY=192.168.1.2 ---> ISP PROVIDED GATEWAY
[root@router ~]#

STEP-5 DNS SETUP (IPS PROVIDED DNS)

[root@router ~]# cat /etc/resolv.conf
nameserver xxx.xxx.xxx.xxx ---> ISP PROVIDED PRIMARY DNS
nameserver xxx.xxx.xxx.xxx ---> ISP PROVIDED SECONDARY DNS
[root@router ~]#

STEP-6 IPTABLEs (NATING RULES WITH IPTABLES)

"Flush all the rules in filter and nat tables"

[root@router ~]# iptables --flush

[root@router ~]# iptables --table nat --flush

[root@router ~]# iptables --delete-chain

"Delete all nat chains"

[root@router ~]# iptables --table nat --delete-chain

"DO IP FORWARDing and Masquerading"

[root@router ~]# iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE

[root@router ~]# iptables --append FORWARD --in-interface eth1 -j ACCEPT

"Enable IP FORWARDING (1= Enable , 2=Disable)"

[root@router ~]# echo 1 > /proc/sys/net/ipv4/ip_forward

STEP-7 SAVE THE IPTABLES RULES and RESTART IPTABLES SERVICE

[root@router ~]# service iptables save

[root@router ~]# service iptables restart

STEP-8 "TESTING (SAME NAT MACHINE OR CLIENT MACHINE)"

1st Check Both IP's Pinging each other & Internet is coming in NAT Machine.

2nd Check Both IP's Pinging from Client Machine Note: CLIENT MACHINE SHOULD BE IN SAME LAN, AND GIVE G/W OF LINUX MACHINE IP 192.168.4.1

"PING WITH LOCAL eth1 IP"

ping 192.168.4.1

"PING WITH PUBLIC eth0 IP"

ping 192.168.1.1

"PING WITH WWW.GOOGLE.COM"

ping www.google.com

"NOW TRY TO BROWSE ANY WEBSITE" "IF NOT OPENING THEN ANY WEBSITE THEN CHECK WITH INTERNET PROPERTIES --> CONNECTIONS --> LAN SETTING --> PROXY SETTING --> PROXY SETTING SHOULD BE DISABLE (UNCHECK IF IT HAS CHECKED)AND NOW TRY TO BROWSE"


Thanks and Regards,
Sandeep CC

No comments:

Post a Comment