Academic Tutorials



English | French | Portugese | German | Italian
Home Advertise Payments Recommended Websites Interview Questions FAQs
News Source Codes E-Books Downloads Jobs Web Hosting
Chats

BSD
BSD Introduction
BSD Overview
BSD Installation Synopsis
Pre-installation Tasks
Starting the Installation
Introducing Sysinstall
Allocating Disk Space
Choosing What to Install
Installation Media
Committing the Installation
Post-installation
Advanced Installation Guide
Preparing Your Own Installation Media
Installation Process
Post Installation
FreeBSD OS Basic Example
The FreeBSD Kernel
FreeBSD Network interfaces
FreeBSD DNS
FreeBSD Firewall
FreeBSD Gatewya/Router
Nat and IPFW

HTML Tutorials
HTML Tutorial
XHTML Tutorial
CSS Tutorial
TCP/IP Tutorial
CSS 1.0
CSS 2.0
HLML
XML Tutorials
XML Tutorial
XSL Tutorial
XSLT Tutorial
DTD Tutorial
Schema Tutorial
XForms Tutorial
XSL-FO Tutorial
XML DOM Tutorial
XLink Tutorial
XQuery Tutorial
XPath Tutorial
XPointer Tutorial
RDF Tutorial
SOAP Tutorial
WSDL Tutorial
RSS Tutorial
WAP Tutorial
Web Services Tutorial
Browser Scripting
JavaScript Tutorial
VBScript Tutorial
DHTML Tutorial
HTML DOM Tutorial
WMLScript Tutorial
E4X Tutorial
Server Scripting
ASP Tutorial
PERL Tutorial
SQL Tutorial
ADO Tutorial
CVS
Python
Apple Script
PL/SQL Tutorial
SQL Server
PHP
.NET (dotnet)
Microsoft.Net
ASP.Net
.Net Mobile
C# : C Sharp
ADO.NET
VB.NET
VC++
Multimedia
SVG Tutorial
Flash Tutorial
Media Tutorial
SMIL Tutorial
Photoshop Tutorial
Gimp Tutorial
Matlab
Gnuplot Programming
GIF Animation Tutorial
Scientific Visualization Tutorial
Graphics
Web Building
Web Browsers
Web Hosting
W3C Tutorial
Web Building
Web Quality
Web Semantic
Web Careers
Weblogic Tutorial
SEO
Web Site Hosting
Domain Name
Java Tutorials
Java Tutorial
JSP Tutorial
Servlets Tutorial
Struts Tutorial
EJB Tutorial
JMS Tutorial
JMX Tutorial
Eclipse
J2ME
JBOSS
Programming Langauges
C Tutorial
C++ Tutorial
Visual Basic Tutorial
Data Structures Using C
Cobol
Assembly Language
Mainframe
Forth Programming
Lisp Programming
Pascal
Delphi
Fortran
OOPs
Data Warehousing
CGI Programming
Emacs Tutorial
Gnome
ILU
Soft Skills
Communication Skills
Time Management
Project Management
Team Work
Leadership Skills
Corporate Communication
Negotiation Skills
Database Tutorials
Oracle
MySQL
Operating System
BSD
Symbian
Unix
Internet
IP-Masquerading
IPC
MIDI
Software Testing
Testing
Firewalls
SAP Module
ERP
ABAP
Business Warehousing
SAP Basis
Material Management
Sales & Distribution
Human Resource
Netweaver
Customer Relationship Management
Production and Planning
Networking Programming
Corba Tutorial
Networking Tutorial
Microsoft Office
Microsoft Word
Microsoft Outlook
Microsoft PowerPoint
Microsoft Publisher
Microsoft Excel
Microsoft Front Page
Microsoft InfoPath
Microsoft Access
Accounting
Financial Accounting
Managerial Accounting
Network Sites


Nat and IPFW


Previoushome






Nat and IPFW


Introduction

One of the most common things to do with FreeBSD is to use it as a gateway to the internet. Most internet connections have 1 IP assigned to them (via dialup, dhcp, or PPPoE) and have to serve that connection to the whole network.

A D V E R T I S E M E N T
That means that an entire network must share 1 public IP. How is this possible? Well, a concept called NAT or Network Address Translation was invented to do this very thing.

NAT was originally designed to address the lack of IP address space on the internet and also to relieve IP routing tables.




About NAT

So how does this work? Let's take a look at our network (it's animated so be patient):

A machine on the Local Ethernet wants to go to the internet, it must traverse the FreeBSD machine (via their default gateway). It is the job of the FreeBSD machine to route them to the right place. However, you can see that the IP address of Workstation-1 is 192.168.0.10. The BSD machine must change that address before it sends the packets out to the internet. In fact, he must change the source address to an address that is routeable across the internet. Once the FreeBSD machine changes the address, the packets get sent out on the internet. When the packet returns, the same thing happens, but instead of changing the source address in the pakcet headers, it changes the destination address back to 192.168.0.10 and the packet gets sent back to your local workstation-1.

This process is called NAT or sometimes referred to as IP Maquerading. The point is that the client workstation does not have to know that this process is happening.

The program that does this change is called natd. natd is a userland daemon that runs seperate from the kernel on your FreeBSD machine.

So How does natd change the packets? Well, that is where ipfw comes in. Through the ipfw `divert` command packets are sent to natd first, natd changes the packet header information, then the packets get reinjected back into the "IP packet processing system" and away they go. (See figure 1.1 above).




Installation

natd comes default with system so you do not need to install it. However, the default kernel does not have support for "diverting" packets. You have to rebuild the kernel with this support. To do this :

	# cd /sys/i386/conf
	# cp GENERIC LOCAL
	# vi LOCAL

Add the following line into the file:

	optionsIPDIVERT

Save the file.  Then type:

	# config LOCAL
	# cd ../../compile/LOCAL
	# make depend && make && make install

You will see a bunch of garbage going across your screen.  When it is done:

	# vi /etc/rc.conf

Add the following line into this file:

	firewall_enable="YES"
	firewall_type="OPEN"
	gateway_enable="YES"
	natd_enable="YES"
	natd_interface="xl0"

Now you will need to reboot your system:

	# shutdown -r now

Your system will reboot and should come up with natd running. To verify lets see if everythings setup:

First let's check that the firewall has the proper ruleset running:

	# ipfw -a l
	00050 1566423  901667271 divert 8668 ip from any to any via xl0
	00100  116714   10731910 allow ip from any to any via lo0
	00200       0          0 deny ip from any to 127.0.0.0/8
	65000 3342945 1813053300 allow ip from any to any
	65535       0          0 deny ip from any to any

OK, looks as if the firewall is working. Let's look at what rule 50 above (first line) is doing. It basically says, "Send any packet incoming or outgoing on interface xl0 to port 8668 on the local machine".

Luckily natd is running on port 8668, so natd will get the packets from this line. After natd is done with the packets, they get reinjected at the next rule...in this case, it happens to be rule 100.

Now let's see if natd is running:

	# ps -auxw |grep nat
	root       182  0.0  1.4   528  180  ??  Rs   20Apr01  28:23.03 /sbin/natd -n xl0

WOW! it looks as if its running! The "-n" option tells natd to use the IP assigned to xl0 as the address to alias packets to. So when packets leave the local network their source address will be the address assigned to interface xl0. You added this option when you specified "natd_interface=xl0" in /etc/rc.conf above.

Let's test it out to see if we can get to the internet:
	# ping ftp.freebsd.org
	PING ftp.freebsd.org (209.180.6.225): 56 data bytes
	64 bytes from 209.180.6.225: icmp_seq=0 ttl=240 time=81.597 ms
	64 bytes from 209.180.6.225: icmp_seq=1 ttl=240 time=115.910 ms
	64 bytes from 209.180.6.225: icmp_seq=2 ttl=240 time=50.444 ms
	^C
	--- ftp.freebsd.org ping statistics ---
	3 packets transmitted, 3 packets received, 0% packet loss
	round-trip min/avg/max/stddev = 50.444/82.650/115.910/26.737 ms
	#

OMFG! It works...




natd redirection

OK, so natd is up and running, but what if we have a web server or dns server on the inside network. How can we extend service through the firewall to an internal machine on incoming requests from the internet? The answer is to supply options to natd to "point" to the right machine and service". For example, another diagram (hehe):

Since web server traffic runs on port 80 tcp we need to add the following option to nat:

natd -n xl0 -redirect_port tcp 192.168.0.10:80 80

The redirect_port option given to natd says "send any tcp traffic destined for port 80 to 192.168.0.10 on port 80".

Another option is to send all traffic destined for your outside IP (from the internet) to an internal machine. This option is called redirect_address. So the following line:

natd -n xl0 -redirect_address 192.168.0.10 20.30.40.50

The redirect_address option given to natd says "send ALL traffic destined for 20.30.40.50 (my outside IP) to 192.168.0.10". This option is sometimes called static nat, whereas normal nat operation is sometimes called PAT (Port Address Translation or Overloaded NAT).

Another point of interest for static nat is that internal machines that have a redirect_address option assigned to them will keep their public IP out on the internet. ie, They will appear to be coming from the public IP assigned to them by redirect_address when that machine is out on the internet. It's symmetrical!

These options can be added to /etc/rc.conf so they will stay in effect even after a reboot:

	natd_flags="-redirect_address 192.168.0.10 20.30.40.50"





Customizing natd

There are several options that can be given to natd to make it do really cool stuff. See the natd man page for more info.

If you look at these options they can be quite long. So I like to put them into a seperate config file...so let's do it



Be the first one to comment on this page.




  BSD eBooks

No eBooks on BSD could be found as of now.

 
 BSD FAQs
More Links » »
 
 BSD Interview Questions
More Links » »
 
 BSD Articles

No BSD Articles could be found as of now.

 
 BSD News

No News on BSD could be found as of now.

 
 BSD Jobs

No BSD Articles could be found as of now.


Share And Enjoy:These icons link to social bookmarking sites where readers can share and discover new web pages.
  • blinkbits
  • BlinkList
  • blogmarks
  • co.mments
  • connotea
  • del.icio.us
  • De.lirio.us
  • digg
  • Fark
  • feedmelinks
  • Furl
  • LinkaGoGo
  • Ma.gnolia
  • NewsVine
  • Netvouz
  • RawSugar
  • Reddit
  • scuttle
  • Shadows
  • Simpy
  • Smarking
  • Spurl
  • TailRank
  • Wists
  • YahooMyWeb

Previoushome

Keywords: bsd programming language, bsd language programming tutorial pdf, history of bsd programming, basic bsd programming, bsd band satellite programming, syntax use in bsd programming, bsd programming software download, turbo bsd programming, bsd programming code, learn bsd programming

HTML Quizzes
HTML Quiz
XHTML Quiz
CSS Quiz
TCP/IP Quiz
CSS 1.0 Quiz
CSS 2.0 Quiz
HLML Quiz
XML Quizzes
XML Quiz
XSL Quiz
XSLT Quiz
DTD Quiz
Schema Quiz
XForms Quiz
XSL-FO Quiz
XML DOM Quiz
XLink Quiz
XQuery Quiz
XPath Quiz
XPointer Quiz
RDF Quiz
SOAP Quiz
WSDL Quiz
RSS Quiz
WAP Quiz
Web Services Quiz
Browser Scripting Quizzes
JavaScript Quiz
VBScript Quiz
DHTML Quiz
HTML DOM Quiz
WMLScript Quiz
E4X Quiz
Server Scripting Quizzes
ASP Quiz
PERL Quiz
SQL Quiz
ADO Quiz
CVS Quiz
Python Quiz
Apple Script Quiz
PL/SQL Quiz
SQL Server Quiz
PHP Quiz
.NET (dotnet) Quizzes
Microsoft.Net Quiz
ASP.Net Quiz
.Net Mobile Quiz
C# : C Sharp Quiz
ADO.NET Quiz
VB.NET Quiz
VC++ Quiz
Multimedia Quizzes
SVG Quiz
Flash Quiz
Media Quiz
SMIL Quiz
Photoshop Quiz
Gimp Quiz
Matlab Quiz
Gnuplot Programming Quiz
GIF Animation Quiz
Scientific Visualization Quiz
Graphics Quiz
Web Building Quizzes
Web Browsers Quiz
Web Hosting Quiz
W3C Quiz
Web Building Quiz
Web Quality Quiz
Web Semantic Quiz
Web Careers Quiz
Weblogic Quiz
SEO Quiz
Web Site Hosting Quiz
Domain Name Quiz
Java Quizzes
Java Quiz
JSP Quiz
Servlets Quiz
Struts Quiz
EJB Quiz
JMS Quiz
JMX Quiz
Eclipse Quiz
J2ME Quiz
JBOSS Quiz
Programming Langauges Quizzes
C Quiz
C++ Quiz
Visual Basic Quiz
Data Structures Using C Quiz
Cobol Quiz
Assembly Language Quiz
Mainframe Quiz
Forth Programming Quiz
Lisp Programming Quiz
Pascal Quiz
Delphi Quiz
Fortran Quiz
OOPs Quiz
Data Warehousing Quiz
CGI Programming Quiz
Emacs Quiz
Gnome Quiz
ILU Quiz
Soft Skills Quizzes
Communication Skills Quiz
Time Management Quiz
Project Management Quiz
Team Work Quiz
Leadership Skills Quiz
Corporate Communication Quiz
Negotiation Skills Quiz
Database Quizzes
Oracle Quiz
MySQL Quiz
Operating System Quizzes
BSD Quiz
Symbian Quiz
Unix Quiz
Internet Quiz
IP-Masquerading Quiz
IPC Quiz
MIDI Quiz
Software Testing Quizzes
Testing Quiz
Firewalls Quiz
SAP Module Quizzes
ERP Quiz
ABAP Quiz
Business Warehousing Quiz
SAP Basis Quiz
Material Management Quiz
Sales & Distribution Quiz
Human Resource Quiz
Netweaver Quiz
Customer Relationship Management Quiz
Production and Planning Quiz
Networking Programming Quizzes
Corba Quiz
Networking Quiz
Microsoft Office Quizzes
Microsoft Word Quiz
Microsoft Outlook Quiz
Microsoft PowerPoint Quiz
Microsoft Publisher Quiz
Microsoft Excel Quiz
Microsoft Front Page Quiz
Microsoft InfoPath Quiz
Microsoft Access Quiz
Accounting Quizzes
Financial Accounting Quiz
Managerial Accounting Quiz
Testimonials | Contact Us | Link to Us | Site Map
Copyright 2008. Academic Tutorials.com. All rights reserved Privacy Policies | About Us
Our Portals : Academic Tutorials | Best eBooksworld | Beyond Stats | City Details | Interview Questions | Discussions World | Excellent Mobiles | Free Bangalore | Give Me The Code | Gog Logo | Indian Free Ads | Jobs Assist | New Interview Questions | One Stop FAQs | One Stop GATE | One Stop GRE | One Stop IAS | One Stop MBA | One Stop SAP | One Stop Testing | Webhosting in India | Dedicated Server in India | Sirf Dosti | Source Codes World | Tasty Food | Tech Archive | Testing Interview Questions | Tests World | The Galz | Top Masala | Vyom | Vyom eBooks | Vyom International | Vyom Links | Vyoms | Vyom World
Copyright 2003-2019 Vyom Technosoft Pvt. Ltd., All Rights Reserved.