linux ip masquerading
play

Linux IP Masquerading Brian Vargyas XNet Information Systems 1 - PowerPoint PPT Presentation

May 30, 2023 •258 likes •483 views

Linux IP Masquerading Brian Vargyas XNet Information Systems 1 Agenda What is IP Masquerade How does it work Example Setting Up IP Masquerade References 2 What not to expect Teaching you how to set up Redhat Linux 5.1

  1. Linux IP Masquerading Brian Vargyas XNet Information Systems 1

  2. Agenda • What is IP Masquerade • How does it work • Example • Setting Up IP Masquerade • References 2

  3. What not to expect • Teaching you how to set up Redhat Linux 5.1 • How to compile and install a new kernel 3

  4. Why is IP Masquerading HOT? • Demand to share a single Internet address across multiple machines. • Demand to save Internet IPv4 address space. • Demand for better internal network security. 4

  5. Emerging Applications • Network Hiding • Cable Modem Solutions • xDSL Solutions • Dial on Demand Internet 5

  6. So what is it? • A Developing networking function built in to RedHat Linux 5.1 • Allows machines connected to the Linux system to access the Internet as if they were coming from a single IP address. • Provides a secure way of hiding internal networks. 6

  7. A Simple Setup ISP eth0 ISDN 10.0.0.0/8 Linux 204.248.50.100/32 Static Class A Network Gateway Dynamic IP Address 7

  8. How it works • Translation Tables Manage Inside to Outside Address Translation • IPFWADM (IP Firewall Administration) • IPPORTFW (IP Port Forwarding) • Loadable kernel modules for special IP services like FTP, IRC, QUAKE. 8

  9. IP Translation Tables Net • Maintains IP Address Source/Dest. Port Pairs. • Pool of 4096 Ports. Inside Addresses Outside Address 10.0.0.1 23 100.0.0.1 2000 10.0.0.2 80 100.0.0.1 2001 10.0.0.3 25 100.0.0.1 2002 Address / Dest. Port Pairs Address / Source Port Pairs 9

  10. IPFWADM (Firewall) • Manages Permit/Deny Firewall Access Lists • Controls which networks are allowed to IP Masquerade • Deny access to all other networks. 10

  11. IPPORTFW (Port Forwarding) • Controls mapping of incoming port requests to a inside address. • Lets you run mail/web server on another host inside your network. • Provides complete flexibility on where to place IP services. • Not included in standard Redhat 5 distribution. 11

  12. Loadable Kernel Modules • Lets special IP services such as FTP operate correctly. I.E. Back Channel Data (Not Passive). • Only loads into memory if needed • Some services not supported. • PPTP Patches. 12

  13. Example (My Home) • 3 Machines needs Internet access • 1 DHCP dynamic address provided from Cable Company. • Backup ISDN dialup • Windows NT web/mail server 14

  14. Example Config ISP ISDN eth1 eth0 Cable Modem 10.0.0.0/8 Linux Static Class A Network Gateway Cable Network 15

  15. Setup Procedure • Configure all system interfaces. Make sure you can ping remote machines. Verify connectivity to your ISP is working. • Install IPPORTFW Kernel Patches, Rebuilt Kernel, Install and Reboot. (Kernel 2.0.33/2.0.34) Compile IPPORTFW utility and install in /bin. • Edit your /etc/rc.d/rc2.d/S99local file and include the necessary IPFWADM and IPPORTFW configuration. • Make sure you have a default route (0.0.0.0/0) pointed at your ISP Interface. 15

  16. Setup Configuration (S99local) # S99local echo "1" > /proc/sys/net/ipv4/ip_forwarding /sbin/ipfwadm -F -p deny /sbin/ipfwadm -F -a m -S 10.0.0.0/24 -D 0.0.0.0/0 /sbin/ipportfw -A -t 24.131.169.80/80 -R 10.0.0.3/80 /sbin/ipportfw -A -t 24.131.169.80/25 -R 10.0.0.3/25 route add default 24.131.169.1 16

  17. Verify Configuration [root@bv-gw /]# netstat -M IP masquerading entries, free ports: UDP 4095 TCP 4096 prot expire source destination ports udp 4:52.95 10.0.0.3 204.91.243.41 1085 -> 4000 (61058) [root@bv-gw /]# ipfwadm -F -l IP firewall forward rules, default policy: deny type prot source destination ports acc/m all 10.0.0.0/24 anywhere n/a [root@bv-gw /]# ipportfw -L Prot Local Addr/Port > Remote Addr/Port TCP 24.131.169.80/25 > 10.0.0.3/25 TCP 24.131.169.80/80 > 10.0.0.3/80 17

  18. Problems • Not every IP protocol works • Difficult to run web/mail when you have a DHCP address that keeps changing. • DNS needs to be hosted by ISP 18

  19. Private IP Address Space (RFC 1918) • Must use following address space for internal networks: • 10.0.0.0/8 255.0.0.0 • 172.16.0.0/12 255.240.0.0 • 192.168.0.0/16 255.255.0.0 19

  20. Illegal Address Space Issues • Problems getting to the network being used. (DNS Related Issues) • Need to use another vendor implementation to solve problem • IP NAT Overlapping (CISCO) 20

  21. References • IP Masquerade Web Page http://ipmasq.home.ml.org/ • Port Forwarding Web Page http://www.ox.compsoc.org.uk/~ steve/portforwarding.html • My Web Page http://www.xnet.com/~brianv 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Masquerading Malicious DNS Traffic Bayesian Inference, Rainier, Spark David Rodriguez March 28,

Masquerading Malicious DNS Traffic Bayesian Inference, Rainier, Spark David Rodriguez March 28,

Masquerading Malicious DNS Traffic Bayesian Inference, Rainier, Spark David Rodriguez March 28, 2019 The Outline Masquerading Time Series Rainier Anomaly DNS Modeling + Detection Traffic Spark The Outline Masquerading Time Series

615 views • 39 slides
Talks outline iptables versus ipchains The goal (or: my goal) The packets way through

Talks outline iptables versus ipchains The goal (or: my goal) The packets way through

IP Masquerading using iptables Eli Billauer eli billauer@yahoo.com IP Masquerading using iptables p.1 Talks outline iptables versus ipchains The goal (or: my goal) The packets way through iptables Classic masquerading (SNAT)

785 views • 31 slides
Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client

Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client

Linux Kung Fu Introduction What is Linux? Why Linux? What is the difference between a client and a server? What is Linux? Linux generally refers to a group of Unix-like free and open-source operating system distributions that use the Linux

562 views • 53 slides
Ruptured abdominal aortic aneurysm masquerading as isolated hip pain: an unusual presentation

Ruptured abdominal aortic aneurysm masquerading as isolated hip pain: an unusual presentation

C ASE R EPORT R APPORT DE CAS Ruptured abdominal aortic aneurysm masquerading as isolated hip pain: an unusual presentation Sriram Vaidyanathan, MRCS; * Himanshu Wadhawan, MRCS; * Pedro Welch; Murad El-Salamani, FRCS ABSTRACT The

149 views • 4 slides
Linux from Sensors to Servers ! When is Linux Not Linux? ! 1 1 Linux runs across a huge range

Linux from Sensors to Servers ! When is Linux Not Linux? ! 1 1 Linux runs across a huge range

Linux from Sensors to Servers ! When is Linux Not Linux? ! 1 1 Linux runs across a huge range of systems ! CC BY-SA 2.0 FHKE, Flickr 2 Whats the difference between Linux on a big thing and Linux on a little thing? ! 3 ! Whats the

900 views • 52 slides
Computing using Linux: The Good and the Bad Christoph Lameter HPC and Linux Most of the

Computing using Linux: The Good and the Bad Christoph Lameter HPC and Linux Most of the

High Performance Computing using Linux: The Good and the Bad Christoph Lameter HPC and Linux Most of the supercomputers today run Linux. All of the computational clusters in corporations that I know of run Linux. Support for

419 views • 12 slides
Linux Overview Amir Hossein Payberah payberah@gmail.com 1 Agenda Linux Overview Linux

Linux Overview Amir Hossein Payberah payberah@gmail.com 1 Agenda Linux Overview Linux

Linux Overview Amir Hossein Payberah payberah@gmail.com 1 Agenda Linux Overview Linux Distributions Linux vs Windows Linux Architecture Linux Security 2 What is Linux? Similar Operating System To Microsoft Windows, Sun

1.11k views • 55 slides
Interviews with Different Users About Their Linux Setups Steven Ovadia My Linux Rig

Interviews with Different Users About Their Linux Setups Steven Ovadia My Linux Rig

The State of Desktop Linux: Interviews with Different Users About Their Linux Setups Steven Ovadia My Linux Rig www.mylinuxrig.com @steven_ovadia *** Associate Professor/Web Services Librarian LaGuardia Community College About My Linux

458 views • 27 slides
Introduction to Linux Fundamentals of Computer Science Outline Operating Systems Linux

Introduction to Linux Fundamentals of Computer Science Outline Operating Systems Linux

Introduction to Linux Fundamentals of Computer Science Outline Operating Systems Linux History Linux Architecture Logging in to Linux Command Format Linux Filesystem Directory and File Commands Wildcard Characters

686 views • 19 slides
Introduction to Linux Aline Abler Aline Abler Linux, whats that? The pieces of a Linux

Introduction to Linux Aline Abler Aline Abler Linux, whats that? The pieces of a Linux

Linux, whats that? The pieces of a Linux system Linux Concepts Distributions Desktop environments Switching to Linux Epilogue Introduction to Linux Aline Abler Aline Abler Linux, whats that? The pieces of a Linux system Linux

766 views • 57 slides
GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The

GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The

GNU/Linux Why use it? What is Linux? Linux is a UNIX-like, GPL-licensed open-source kernel. The GNU userland consists of libc, the init system (SystemD) X11 GUI toolkits etc. Ask the audience Who has used

442 views • 22 slides
Linux You Can Drive My Car Embedded Linux Conference

Linux You Can Drive My Car Embedded Linux Conference

Linux You Can Drive My Car Embedded Linux Conference 2017 Walt Miner ( @VStarWalt ) Community Manager, AGL , The Linux FoundaGon

721 views • 55 slides
Linux For Beginners April 26, 2016 Dualboot Linux and Windows Dualboot Linux and Windows

Linux For Beginners April 26, 2016 Dualboot Linux and Windows Dualboot Linux and Windows

Linux For Beginners April 26, 2016 Dualboot Linux and Windows Dualboot Linux and Windows Reinstall usually keeps personal files Advantages of Linux More secure Package manager Software installation is easy, fast and secure Keeps

528 views • 15 slides
Linux Kung Fu Stephen James UBNetDef, Spring 2017 Introduction What is Linux? What is the

Linux Kung Fu Stephen James UBNetDef, Spring 2017 Introduction What is Linux? What is the

Linux Kung Fu Stephen James UBNetDef, Spring 2017 Introduction What is Linux? What is the difference between a client and a server? What is Linux? Linux generally refers to a group of Unix-like free and open-source operating system

607 views • 48 slides
AOS Linux Tutorial Introduction to Linux Michael Havas Dept. of Atmospheric and Oceanic Sciences

AOS Linux Tutorial Introduction to Linux Michael Havas Dept. of Atmospheric and Oceanic Sciences

AOS Linux Tutorial Introduction to Linux Michael Havas Dept. of Atmospheric and Oceanic Sciences McGill University September 15, 2011 Outline 1 Introduction to Linux Benefits of Linux What Exactly is Linux? The Free-Software Philosophy 2

898 views • 69 slides
The State of the Linux Desktop An OSDL Perspective John Cherry OSDL Desktop Linux (DTL)

The State of the Linux Desktop An OSDL Perspective John Cherry OSDL Desktop Linux (DTL)

The State of the Linux Desktop An OSDL Perspective John Cherry OSDL Desktop Linux (DTL) September 23, 2006 1 2 The State of the Linux Desktop Riding the Open Software Wave The Linux Desktop Markets Linux Desktop Market Data The Linux

543 views • 40 slides
Product Life Cycle Theory and the Maturation of the Internet Christopher S. Yoo University of

Product Life Cycle Theory and the Maturation of the Internet Christopher S. Yoo University of

Product Life Cycle Theory and the Maturation of the Internet Christopher S. Yoo University of Pennsylvania Law School December 13, 2017 Classic Product Diffusion Curve adoption Innovators Early Early Laggards Late Adopters

358 views • 7 slides
Chapter 1: Introduction to Computers, Programs, and Java CS1: Java Programming Colorado State

Chapter 1: Introduction to Computers, Programs, and Java CS1: Java Programming Colorado State

Chapter 1: Introduction to Computers, Programs, and Java CS1: Java Programming Colorado State University Original slides by Daniel Liang Modified slides by Chris Wilcox Liang, Introduction to Java Programming, Tenth Edition, (c) 2015 Pearson

1.45k views • 69 slides
Week 9 March 20, 22

Week 9 March 20, 22

Week 9 March 20, 22 !

1.54k views • 27 slides
EnGiNeErInG HtMl5 aPpLiCaTiOnS fOr bEtTeR pErFoRmAnCe LaUrI SvAn @ LaUrI S An @lAuRiS

EnGiNeErInG HtMl5 aPpLiCaTiOnS fOr bEtTeR pErFoRmAnCe LaUrI SvAn @ LaUrI S An @lAuRiS

EnGiNeErInG HtMl5 aPpLiCaTiOnS fOr bEtTeR pErFoRmAnCe LaUrI SvAn @ LaUrI S An @lAuRiS lAuRiSvAn An Sc5 OnLiNe @sC5 Sc5 OnLiNe @sC5 ViCe HtMl5 eXpErTiSe a HtMl5 eXpErTiSe aT y T yOuR sEr OuR sErViCe GiVe mE sOmEtHiNg tHaT I

521 views • 37 slides
Contents Introduction Basic Model High Availability, Scalable Storage, Availability

Contents Introduction Basic Model High Availability, Scalable Storage, Availability

Contents Introduction Basic Model High Availability, Scalable Storage, Availability and Redundancy Dynamic Peer Networks: Pick Two Discussion High Availability, Scalable Storage, Nov. 24, 2003 Dynamic Peer Networks: Pick

545 views • 5 slides
Usb serial design and experience in Plan 9 Gorka Guardiola Francisco J. Ballesteros Enrique

Usb serial design and experience in Plan 9 Gorka Guardiola Francisco J. Ballesteros Enrique

Usb serial design and experience in Plan 9 Gorka Guardiola Francisco J. Ballesteros Enrique Soriano Salvador (paurea, nemo, esoriano)@lsub.org Lsub, Universidad Rey Juan Carlos No serial on new computers Most computers don't come with

583 views • 23 slides
VLSI Architectures for Communications and Signal Processing Kiran Gunnam IEEE SSCS Distinguished

VLSI Architectures for Communications and Signal Processing Kiran Gunnam IEEE SSCS Distinguished

VLSI Architectures for Communications and Signal Processing Kiran Gunnam IEEE SSCS Distinguished Lecturer Director of Engineering, Violin Memory 1 Outline Part I Trends in Computation and Communication Basics Pipelining and

1.34k views • 77 slides
Introduction Introduction Srinidhi Varadarajan What is a network? What is a network?

Introduction Introduction Srinidhi Varadarajan What is a network? What is a network?

Introduction Introduction Srinidhi Varadarajan What is a network? What is a network? Carrier of information between connected entities What does a network consist of? End hosts connected to the network Routers/switches that move

690 views • 42 slides

More recommend