Monday, December 28, 2009

Configuration of NAT with iptables in debian


1.We have to create two network one for public ip eth0-192.168.1.xx/255.255.2550 and other eth1-192.1.68.2.1/255.255.0.0
2.ifup -a for link up state for woth the cards as ifup eth0, ifup eth1 and #/etc/init.d/networking restart
3.#ifconfig -a, or #ifconfig etho or #ifconfig eth1 or #ifconfig and #vim /etc/network/interfaces to show Ips configure or not
    4.check the output #route -n // it shows default gateway of eth0 and eht1 without more information


  1. Delete and flush. Default table is "filter". Others like "nat" must be explicitly stated.
    #iptables –flush
    #iptables --table nat –flush
    #iptables –delete-chain




  2. Delete all chains that are not in default filter and nat table
    #iptables --table nat –delete-chain


  3. Set up IP FORWARDing and Masquerading
    #iptables --table nat --append POSTROUTING --out-interface eth0 -j MASQUERADE
    #iptables --append FORWARD --in-interface eth1 -j ACCEPT
  4. Enables packet forwarding by kernel
    #echo 1 > /proc/sys/net/ipv4/ip_forward
  5. Ping the Gateway of the network from client system
    #ping 192.168.2.1
  6. Try it on your client systems
    #ping google.com
  7. check iptables by #iptables -L
  8. #iptables -t nat -L
  9. now configure client system-
     "Gateway": Use the internal network IP address of the Linux box. (192.168.2.1)
    "DNS Configuration": Use the IP addresses of the ISP Domain Name Servers. (Actual internet IP address)
    "IP Address": The IP address (192.168.XXX.XXX - static) and netmask (typically 255.255.0.0 for a small local office network) of the PC can also be set here.
  10. Restart the client system and get experiences
  11. But if you want to restart iptables satting when system bootin time you have to save script file in /etc/init.d/filename.Otherwise will have to configure again and again.
  12. Now intsall firestarter package for (Firewall GUI)
    #apt-get install firestarter
    It shows policies/rule for easy implimentation.

Now block a website through iptables NAT configuration

#iptables -I FORWARD -d (domain.name.com) -j DROP
#iptables -I INPUT -s 192.168.2.1(gateway local) or 192.168.2.x(ip local) or both -j DROP
#echo 1 > /proc/sys/net/ipv4/ip-forward

On the other hand allow the access-- Inplace of DROP you write the ACCEPT .

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)