Fedora NAT step by step configuration

 

Step by step Fedora NAT configuration.

 

   This step by step Fedora nat configuration is done on Fedora 15 and as it is... this version of guide on Fedora nat server are not equip to implement on working live server

 

1.  Fedora NAT... Checking the server environment, the network card

 

[fedora10@fedora ~]$ su 

Password: 

 

[root@xfedora Desktop]# service network status

Configured devices:

lo Auto_NETGEAR Auto_TKE_L2 Auto_dlinkCBD0 Auto_mr_z p1p1 p33p1

Currently active devices:

lo p33p1 p1p1 virbr0

[root@xfedora Desktop]#

 
 

2.  Differentiate the network card... check the network card name that own internet IP address an network card that intend to use for LAN network.

 

======= ifconfig command example  =========== 

 [root@xfedora Desktop]# ifconfig

lo        Link encap:Local Loopback

          inet addr:127.0.0.1  Mask:255.0.0.0

          inet6 addr: ::1/128 Scope:Host

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:7892 errors:0 dropped:0 overruns:0 frame:0

          TX packets:7892 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:761093 (743.2 KiB)  TX bytes:761093 (743.2 KiB)

 

p1p1      Link encap:Ethernet  HWaddr 00:1B:11:B4:0E:80

          inet addr:192.168.1.1  Bcast:192.168.1.255  Mask:255.255.255.0

          inet6 addr: fe80::21b:11ff:feb4:e80/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:10005232 errors:0 dropped:0 overruns:0 frame:0

          TX packets:8933115 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:1505420056 (1.4 GiB)  TX bytes:2448753535 (2.2 GiB)

          Interrupt:16

 

p33p1     Link encap:Ethernet  HWaddr 00:24:21:A0:07:D8

          inet addr:10.153.10.129  Bcast:10.153.15.255  Mask:255.255.248.0

          inet6 addr: fe80::224:21ff:fea0:7d8/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:52813074 errors:0 dropped:259492 overruns:0 frame:0

          TX packets:10043990 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:1930967688 (1.7 GiB)  TX bytes:1463250520 (1.3 GiB)

          Interrupt:43 Base address:0x4000

 

virbr0    Link encap:Ethernet  HWaddr AA:C9:20:F9:E6:D8

          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0

          UP BROADCAST MULTICAST  MTU:1500  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0

          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

 

[root@xfedora Desktop]#

======= end of ifconfig command example  =========== 
 
RESULT form command above:
 

p1p1 ==> internal ipdadress for LAN

p33p1 ==> external ipdadddress that goes to internet

 

 3.  Enable IP forwording support on Fedora.. for current session, execute command below


sysctl -w net.ipv4.ip_forward=1

 

or you can edit /etc/sysctl.conf to enable IP forwording permenent for the server

 

locate the following line:

net.ipv4.ip_forward = 0

and edit to 

net.ipv4.ip_forward = 1


======= example of /etc/sysctl.conf ===========

[root@xfedora Desktop]# vi /etc/sysctl.conf

# Kernel sysctl configuration file

#

# For binary values, 0 is disabled, 1 is enabled.  See sysctl(8) and

# sysctl.conf(5) for more details.

 

# Controls IP packet forwarding

net.ipv4.ip_forward = 1

 

# Controls source route verification

net.ipv4.conf.default.rp_filter = 1

 

# Do not accept source routing

net.ipv4.conf.default.accept_source_route = 0

 

# Controls the System Request debugging functionality of the kernel

kernel.sysrq = 0

 

# Controls whether core dumps will append the PID to the core filename.

# Useful for debugging multi-threaded applications.

kernel.core_uses_pid = 1

 

# Disable netfilter on bridges.

net.bridge.bridge-nf-call-ip6tables = 0

net.bridge.bridge-nf-call-iptables = 0

net.bridge.bridge-nf-call-arptables = 0

~
Type  :quit<Enter>  to exit Vim
======= end of example of /etc/sysctl.conf ===========

 

4.  Then create NAT script as example below, make sure that you chang the network card name to base on your system setting.

 

[root@xfedora Desktop]# vi nat-test

#!/bin/sh

INTIF="p1p1"

EXTIF="p33p1"

/sbin/depmod -a

/sbin/modprobe ip_tables

/sbin/modprobe ip_conntrack

/sbin/modprobe ip_conntrack_ftp

/sbin/modprobe ip_conntrack_irc

/sbin/modprobe iptable_nat

/sbin/modprobe ip_nat_ftp

iptables -P INPUT ACCEPT

iptables -F INPUT

iptables -P OUTPUT ACCEPT

iptables -F OUTPUT

iptables -P FORWARD DROP

iptables -F FORWARD

iptables -t nat -F

iptables -A FORWARD -i $EXTIF -o $INTIF -m state --state ESTABLISHED,RELATED -j ACCEPT

iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT

iptables -t nat -A POSTROUTING -o $EXTIF -j MASQUERADE

[root@xfedora Desktop]#

 
5.  Save and exit... then execute chmod 777 to make this NAT script executable by all
 
[root@xfedora Desktop]#  chmod 777 nat-test

 

6.  To execute and start using NAT on Fedora... execute the nat script, as show on command example below...

 

[root@xfedora Desktop]# ./nat-test

 

 

TROUBELSHOOT:

1.  Make sure your system have iptables installed.

============= example ==================

[root@xfedora network-scripts]# service iptables status

Table: nat

Chain PREROUTING (policy ACCEPT)

num  target     prot opt source               destination

 

Chain INPUT (policy ACCEPT)

num  target     prot opt source               destination

 

Chain OUTPUT (policy ACCEPT)

num  target     prot opt source               destination

 

Chain POSTROUTING (policy ACCEPT)

num  target     prot opt source               destination

1    MASQUERADE  all  --  0.0.0.0/0            0.0.0.0/0

 

Table: filter

Chain INPUT (policy ACCEPT)

num  target     prot opt source               destination

 

Chain FORWARD (policy DROP)

num  target     prot opt source               destination

1    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state RELATED,ESTABLISHED

2    ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0

 

Chain OUTPUT (policy ACCEPT)

num  target     prot opt source               destination

 

[root@xfedora network-scripts]#

============= end of example ==================

 

 

2.  Check your firewall setting, important note: make sure you add the firewall setiing base on your network requirement..

 

===== example =======

[root@xfedora network-scripts]# iptables -L

Chain INPUT (policy ACCEPT)

target     prot opt source               destination

 

Chain FORWARD (policy DROP)

target     prot opt source               destination

ACCEPT     all  --  anywhere             anywhere            state RELATED,ESTABLISHED

ACCEPT     all  --  anywhere             anywhere

 

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination

[root@xfedora network-scripts]#

===== end of example =======

 

 

3.  Check network routing configuration in /etc/sysconfig/network-scripts

===== example =======

[root@xfedora network-scripts]#  cd /etc/sysconfig/network-scripts
[root@xfedora network-scripts]# cat route-p1p1

ADDRESS0=192.168.1.0

NETMASK0=255.255.255.0

GATEWAY0=10.153.10.129

[root@xfedora network-scripts]# cat route-p33p1

[root@xfedora network-scripts]#

===== end of example =======

 

 

Please note :- that this simple Fedora NAT configuration tested on Linux Fedora 15 machine

 

Keywords:  fedora nat, nat fedora, fedora nat configuration, nat fedora configuration, fedora nat example, nat fedora example

 

Tags:
aaaaaaaaaaa