smr’s blog

NAT and port forwarding are all different terms but very related.

NAT is Network Address Translation. that allows me to connect to any external(public) ip directly. what happens is i first connect to my gateway, and it creates a connection to the public ip using some port. it now saves some mapping between the port used and my ip. the destination(public) ip sees the source ip of my gateway and replies back to it. The gateway sees that the reply is meant for me (using the port mapping) and forwards the packet to me.

In NAT MASQUERADE chain is required when you got a dynamic ip. **just a concept, don’t understand the chain MASQUERADE

this concept is called ip masquerading. in linux i use iptables for this. i thought iptables is just a firewall to allow and deny packets in and out of your system. but its much more than it. almost complete routing powers.

how do we do it ??

first enable NAT. bole to bring you to the external net. bole to give you the feeling that you are no longer using a private ip, but a public ip.

$ iptables -t nat -A POSTROUTING -o eth0 -j SNAT –to YOUR_GATEWAY_IP

so its simple. you can change the proxy ip of your connection. ie the ip where the requests seems to be coming from to the target public ip. but it has to be of your system.

someone tell me what does POSTROUTING/PREROUTING stands for ??

now the private ip must be allowed to send direct requests to public ips. that is done by using FORWARD chain. a simplest FORWARD rule is

$ iptables -t filters -A FORWARD -i eth0 -s ANY_PRIVATE_IP -j ACCEPT

this means that any request coming from ANY_PRIVATE_IP on eth0 is sent through eth1 (the other interface for web). NAT comes into picture during this FORWARDing.

Now comes a nice concept of port forwarding. “forwarding on a specific port”
that means whenever someone connects you on a specific port you can redirect the connection to some other machine on some other port.

$ iptables -t nat -A PREROUTING -i eth0 -p tcp -d 172.16.14.18 –dport 80 -j DNAT –to 192.168.36.200:80

** hope now i will be able to play age on empires on net with all this knowledge

NOTE : forwarding must be enabled in kernel
$ echo 1 > /proc/sys/net/ipv4/ip_forward

Assumptions :
eth0 is interface to private network
eth1 is interface to public network
no security concerns
some knowledge of iptables **if u dont have don’t worry, my next post is about iptables

Refrences :

http://www.yolinux.com/TUTORIALS/LinuxTutorialIptablesNetworkGateway.html
http://www.aplawrence.com/Linux/iptables.html
http://www.linux.ie/articles/tutorials/firewall/
http://www.ibiblio.org/pub/Linux/docs/HOWTO/other-formats/html_single/Adv-Routing-HOWTO.html

testing on proxyserver

the conecpt of #!/anycommandpath in bash

eg a.txt
#!/usr/bin/less
any text that goes into a.txt

on executing a.txt it does less a.txt

just had a nice doubt…
whats the result.

obviously… the process killall is created, and then it will try to search for process named killall. It finds it and send it signal 9. so the process will be
killed. Right???

thats what I thought. Check out is it right??

b/w i liked “killall -9 killall”. So i put it as my signature.

found album - A album creator. A very nice perl script. But very sexy. I loved it. Nice work by David.
Photo album generated by album a Marginal Hack written by David Madison

–
killall -9 killall
http://students.iiit.net/~sunilmohan/

i had a real experiance of the power of linux

job was simple. had to take few printouts of addresses, for the councelling work. all we wanted to do is take printout of four addresses together. and most
important sort the addresses according to the ranks, which are written in a file. so how do i do it in windows. ok i cannot do the sorting work in windows, to i
did that throught linux, using a very simple perl script. i would had preferred a shell script, but nir wrote a perl script. anyway now jp had a software to take
four images togehter and print them together using that. it gave kinda wired results. nothing was configurable. and most important needed some manual work. so we
switched to linux. ImageMagic did all the work. we joined 4 images together. the command was pretty simple
“montage -sharpen 5×2 -tile 2×2 -geometry 346×185+5+5 4inputimages outputimage”.
something important no note is that sharpening is being done, which is improving the image quality. so we again used windows for the printing stuff. it was going
ok till the printer was stopped for a while. after we started the printer again, it started printing with some 10 times more speed. and we realised that the
printer can print that fast, but its not getting data that fast. opened http://localhost:631, added the printer to my sys. and gave the lpr commannd. really took
no time to do all this, and the test page came out successfully. and we were amazed to see the difference. it was printing about 10 times faster. we finised the
job in no time.

all i can say is “linux gives me the power”

i love linux

b/w i am not feeling like sleeping. i already wasted time doing all this stuff. so i think i will do some work now. i’m in serverroom. so plan to work here only.