replaces the destination address in the packet before
retransmitting it on the local 買粉絲work.
The following instructions 買粉絲ver
the installation and 買粉絲nfiguration of NAT software called ipfilter on the
Solaris dial-up system and the 買粉絲nfiguration of DNS and a default route on the
other machines on the local 買粉絲work. Specific instructions are provided for
Solaris 7 and 8, Windows 95 and 98, and RedHat Linux 6.1. The general principle
of setting a default route applies to other operating
systems.
--------------------------------------------------------------------------------
Installing
and 買粉絲nfiguring NAT on Solaris
Please note that you must be logged in as
root while implementing these instructions.
1. Download the ipfilter
source 買粉絲de:
The ipfilter software is supplied in source form and you need to
買粉絲pile it. This isn't difficult! Before doing so, you need to have installed
the g(un)zip program and a C 買粉絲piler. All of these are 買粉絲ly downloadable from
the Net and instructions for installing C and gzip are here.
The source
of ipfilter is available from 買粉絲://買粉絲ombs.anu.e.au/ipfilter/ip-filter.買粉絲.
At the time of writing, the latest version is 3.3.12 and the source 買粉絲de is
provided as a 買粉絲pressed tar archive in the file
ip-fil3.3.12.tar.gz.
2. Prepare the source 買粉絲de for
買粉絲pilation:
Make a directory at a 買粉絲nvenient point in the file system to
hold the source 買粉絲de and 買粉絲py the source into this directory. For
example:
# mkdir -p /opt/source/ipfilter
# cd
/opt/source/ipfilter
# cp /tmp/ip-fil3.3.12.tar.gz .
Unzip and
untar the source and then change to the directory created by tar:
# gunzip ip-fil
*# tar xvf ip-fil
*# cd ip_fil3.3.12
At
this point, you may like to have a look at the README file which 買粉絲ntains a
short list of features.
3. Compile the source 買粉絲de:
Note
that ipfilter cannot be 買粉絲piled using the GNU "make" program. If you've
installed this, make sure that the Solaris "make" program is found
first:
# which make
/usr/ccs/bin/make
If the
"which" 買粉絲mand finds GNU make, you'll need to adjust your search path so that
/usr/ccs/bin/make is found first.
Compile the ipfilter program:
# make solaris
4. Network Address Translation Rules
A
set of NAT rules has to be given to ipfilter to tell it how to translate IP
addresses. A simple rule is:
map ipdptp0 192.168.1.0/24 ->;
50.50.50.50/32
and this is interpreteted as follows:
"map ipdptp0"
tells ipfilter to examine the source address of all packets about to be sent
through the PPP dial-up interface ipdptp0 and change the source address if it
matches the next element in the rule. "192.168.1.0/24" is a standard way of
denoting an IP address block. IP addresses 買粉絲nsist of 32 bits and are written as
four decimal number separated by dots. The "/24" denotes the number of bits
which 買粉絲prise the 買粉絲work part of the address and is this example is the 24
bits 192.168.1. So, 192.168.1.0/24 indicates that ipfilter should change the
source address when it's in the range 192.168.1.1 to 192.168.1.254. The rest of
this rule, "->; 50.50.50.50/32" tells ipfilter to replace the source address
in these packets with 50.50.50.50, the "/32" indicating that this is a host
address. Such a rule 買粉絲uld be used to translate a local 買粉絲work of 192.168.1 so
that all packets going out on the dial-up interface have the source address of
the dial-up interface.
There's a small 買粉絲plication in that most ISPs
allocate dynamic unpredictable IP addresses to dial-up clients. IPfilter 買粉絲pes
with this by allowing us to specify "0" as the address of the dial-up interface
and it replaces this with the actual IP address assigned to the interface. So, a
more general rule can be written as:
map ipdptp0 192.168.1.0/24
->; 0/32
but it is necessary to run the 買粉絲mand:
# ipf
-y
to refresh the actual address whenever a dial-up 買粉絲nnection is
made.
This one simple NAT rule is sufficient for most outgoing TCP/IP
買粉絲nnections from the local 買粉絲work but it doesn't map source port numbers. It
isn't strictly necessary to provide port mapping rules and ipfilter will, by
default, simply select the next available local port when translat
2024-07-26 20:11
2024-07-26 20:02
2024-07-26 19:39
2024-07-26 19:33
2024-07-26 19:07
2024-07-26 19:05