Academic Tutorials



English | French | Portugese | German | Italian
Home Advertise Payments Recommended Websites Interview Questions FAQs
News Source Codes E-Books Downloads Jobs Web Hosting
Chats

IP-Masquerading
IP Masquerading Intorduction
IP Masquerading Setting Up
IP Masquerading Setting Up - Part 2
IP Masquerading Easy Links
IP Masquerading Linux Networking
IP Masquerading Network Address
IP Masquerading IPCHAINS 101
IP Masquerading IP_MASQ 101
IP Masquerading Setting Up The Router
IP Masquerading Caveats

HTML Tutorials
HTML Tutorial
XHTML Tutorial
CSS Tutorial
TCP/IP Tutorial
CSS 1.0
CSS 2.0
HLML
XML Tutorials
XML Tutorial
XSL Tutorial
XSLT Tutorial
DTD Tutorial
Schema Tutorial
XForms Tutorial
XSL-FO Tutorial
XML DOM Tutorial
XLink Tutorial
XQuery Tutorial
XPath Tutorial
XPointer Tutorial
RDF Tutorial
SOAP Tutorial
WSDL Tutorial
RSS Tutorial
WAP Tutorial
Web Services Tutorial
Browser Scripting
JavaScript Tutorial
VBScript Tutorial
DHTML Tutorial
HTML DOM Tutorial
WMLScript Tutorial
E4X Tutorial
Server Scripting
ASP Tutorial
PERL Tutorial
SQL Tutorial
ADO Tutorial
CVS
Python
Apple Script
PL/SQL Tutorial
SQL Server
PHP
.NET (dotnet)
Microsoft.Net
ASP.Net
.Net Mobile
C# : C Sharp
ADO.NET
VB.NET
VC++
Multimedia
SVG Tutorial
Flash Tutorial
Media Tutorial
SMIL Tutorial
Photoshop Tutorial
Gimp Tutorial
Matlab
Gnuplot Programming
GIF Animation Tutorial
Scientific Visualization Tutorial
Graphics
Web Building
Web Browsers
Web Hosting
W3C Tutorial
Web Building
Web Quality
Web Semantic
Web Careers
Weblogic Tutorial
SEO
Web Site Hosting
Domain Name
Java Tutorials
Java Tutorial
JSP Tutorial
Servlets Tutorial
Struts Tutorial
EJB Tutorial
JMS Tutorial
JMX Tutorial
Eclipse
J2ME
JBOSS
Programming Langauges
C Tutorial
C++ Tutorial
Visual Basic Tutorial
Data Structures Using C
Cobol
Assembly Language
Mainframe
Forth Programming
Lisp Programming
Pascal
Delphi
Fortran
OOPs
Data Warehousing
CGI Programming
Emacs Tutorial
Gnome
ILU
Soft Skills
Communication Skills
Time Management
Project Management
Team Work
Leadership Skills
Corporate Communication
Negotiation Skills
Database Tutorials
Oracle
MySQL
Operating System
BSD
Symbian
Unix
Internet
IP-Masquerading
IPC
MIDI
Software Testing
Testing
Firewalls
SAP Module
ERP
ABAP
Business Warehousing
SAP Basis
Material Management
Sales & Distribution
Human Resource
Netweaver
Customer Relationship Management
Production and Planning
Networking Programming
Corba Tutorial
Networking Tutorial
Microsoft Office
Microsoft Word
Microsoft Outlook
Microsoft PowerPoint
Microsoft Publisher
Microsoft Excel
Microsoft Front Page
Microsoft InfoPath
Microsoft Access
Accounting
Financial Accounting
Managerial Accounting
Network Sites


IPCHAINS 101


Previoushome Next






IPCHAINS 101


The ipchains program was written by Paul Russell and it is included in most Linux distributions. There is an IPCHAINS-HowTo available at this site, and the online documentation is extensive. This section provides a general overview of the syntax and semantics of ipchains.

A D V E R T I S E M E N T

The ipchains program is very powerful, and surprisingly simple once you get the basics down. The general format is:

ipchains <command> <chain> [<options>]

The complete syntax for ipchains is a little more complex, but this is sufficient for our needs. The online help enumerates the complete syntax including a useful command like:

ipchains -L

that lists the currently loaded ipchains configuration.

Linux keeps a set of tables for ipchains that it uses when routing packets to non-local destinations as well as routing incoming packets destined for other computers. The ipchains program changes these tables. Typically this is done when the system boots or as part of a script associated with a particular network adapter, such as a modem adapter discussed in the next article.

The three commands that we look at are -F, -P, and -A. The -F command flushes a chain so it starts fresh. The -P command sets up the default handling, while the -A command adds conditions or rules to a chain.

As yet we have not defined what a chain is. With ipchains, three chains are predefined: input, output, and forward. The following two commands are normally used to set up a chain:

ipchains -F input
ipchains -P input REJECT

This causes any rules for the input chain to be discarded and sets up the default condition so incoming packets are rejected. It is easier to discuss how chains work using an example, so we'll assume that the following command is next:

ipchains -A input -i eth0 -s 10.1.0.0/16 -d 0.0.0.0/0 -j ACCEPT

This is used to accept packets that meet the criteria specified in this command. In particular, the -i option is followed by the interface name, eth0. The -s and -d options are followed by source and destination values. If a packet is received on eth0 and it is from the specified source and going to the specified destination then it will be accepted by the router.

The source and destination values are IP address and mask bit pairs. In this case, the source will match any IP address of the form 10.1.x.x. The destination matches anything. Therefore, the rule accepts any packet with an address like 10.1.54.103 going anywhere. If a source or destination criteria is not specified then 0.0.0.0/0 is used.

The output chain controls what packets can be sent. A packet may be accepted by the input chain but rejected by the output chain. Likewise, the forward chain controls what packets will be routed.

In general, the input chain controls incoming packet filtering. The packet is either destined for the router or for another computer. In the latter case, the packet is processed by the forward chain. Packets that make it through this chain will then be processed by the output chain.

Additional -A, or add, commands can be used with the same chain name. The rules can also be used to reject packets as well. For example:

ipchains -A input -i eth0 -s 10.2.0.0/16 -d 0.0.0.0/0 -j REJECT

will reject packets with a source address like 10.2.x.x to any destination. This is actually redundant for the current set of rules since anything that does not match the first example rule for 10.1.x.x will be rejected. Including a rule like:

ipchains -A input -i eth0 -s 10.2.0.0/16 -d 10.1.0.0/16 -j ACCEPT

will accept a packet if it is from a source address like 10.2.x.x and destined for an IP address of the form 10.1.x.x. Note that rules are order dependent in a first-come-first-used basis so this rule should be added before the rule that rejects a more general condition.

We have used the -j option in a simplistic fashion to designate whether a packet will be accepted or rejected. This option is actually called a jump and can be used to link to user-defined chains, as well as using ACCEPT and REJECT. User-defined chains are manipulated in the same fashion as the standard chains. Only the names have been changed. User-defined chains are typically used to manage more complicated routing configurations. The bottom line is that the rules are followed until the packet is ACCEPTed or REJECTed.

Other argument values for the -j option when used with the forward chain. These include DENY and MASQ. DENY is similar to REJECT in that it terminates checking of the chain. MASQ indicates that a packet should be masqueraded using the built-in NAT support. In this case, the accepted packet will be modified so its IP address and port address are changed as described with NAT earlier. The reverse translation for response packets is done automatically. Selective use of MASQ allows a Linux router to forward some packets NAT-fashion and others with no translation. This is handy for small companies that have been assigned more than one IP address and use them for PCs on the local network.

For simple router support when an ISP provides a single IP address, MASQ is typically used. User-defined chains are usually unnecessary.

The ipchains program can also delete a rule using the -D command. A rule must match exactly with a command's argument to be deleted.

The ipchains commands are normally included in a script that runs when Linux boots or when a particular network adapter is started. The following section addresses masquerading of special protocols.

One last item for ipchains is to enable forwarding using the following command:

echo "1" > /proc/sys/net/ipv4/ip_forward

This creates a single byte file containing the number "1". Note: Linux distributions based on Red Hat Linux can normally specify this feature by adding the following to /etc/sysconfig/network:

FORWARD_IPV4=true



Be the first one to comment on this page.




  IP-Masquerading eBooks

No eBooks on IP-Masquerading could be found as of now.

 
 IP-Masquerading FAQs
More Links » »
 
 IP-Masquerading Interview Questions
More Links » »
 
 IP-Masquerading Articles

No IP-Masquerading Articles could be found as of now.

 
 IP-Masquerading News

No News on IP-Masquerading could be found as of now.

 
 IP-Masquerading Jobs

No IP-Masquerading Articles could be found as of now.


Share And Enjoy:These icons link to social bookmarking sites where readers can share and discover new web pages.
  • blinkbits
  • BlinkList
  • blogmarks
  • co.mments
  • connotea
  • del.icio.us
  • De.lirio.us
  • digg
  • Fark
  • feedmelinks
  • Furl
  • LinkaGoGo
  • Ma.gnolia
  • NewsVine
  • Netvouz
  • RawSugar
  • Reddit
  • scuttle
  • Shadows
  • Simpy
  • Smarking
  • Spurl
  • TailRank
  • Wists
  • YahooMyWeb

Previoushome Next

Keywords: IPCHAINS 101, IP-Masquerading, IP-Masquerading, IP-Masquerading tutorial, IP-Masquerading tutorial pdf, history of IP-Masquerading, Custamizing Style Sheet, learn IP-Masquerading

HTML Quizzes
HTML Quiz
XHTML Quiz
CSS Quiz
TCP/IP Quiz
CSS 1.0 Quiz
CSS 2.0 Quiz
HLML Quiz
XML Quizzes
XML Quiz
XSL Quiz
XSLT Quiz
DTD Quiz
Schema Quiz
XForms Quiz
XSL-FO Quiz
XML DOM Quiz
XLink Quiz
XQuery Quiz
XPath Quiz
XPointer Quiz
RDF Quiz
SOAP Quiz
WSDL Quiz
RSS Quiz
WAP Quiz
Web Services Quiz
Browser Scripting Quizzes
JavaScript Quiz
VBScript Quiz
DHTML Quiz
HTML DOM Quiz
WMLScript Quiz
E4X Quiz
Server Scripting Quizzes
ASP Quiz
PERL Quiz
SQL Quiz
ADO Quiz
CVS Quiz
Python Quiz
Apple Script Quiz
PL/SQL Quiz
SQL Server Quiz
PHP Quiz
.NET (dotnet) Quizzes
Microsoft.Net Quiz
ASP.Net Quiz
.Net Mobile Quiz
C# : C Sharp Quiz
ADO.NET Quiz
VB.NET Quiz
VC++ Quiz
Multimedia Quizzes
SVG Quiz
Flash Quiz
Media Quiz
SMIL Quiz
Photoshop Quiz
Gimp Quiz
Matlab Quiz
Gnuplot Programming Quiz
GIF Animation Quiz
Scientific Visualization Quiz
Graphics Quiz
Web Building Quizzes
Web Browsers Quiz
Web Hosting Quiz
W3C Quiz
Web Building Quiz
Web Quality Quiz
Web Semantic Quiz
Web Careers Quiz
Weblogic Quiz
SEO Quiz
Web Site Hosting Quiz
Domain Name Quiz
Java Quizzes
Java Quiz
JSP Quiz
Servlets Quiz
Struts Quiz
EJB Quiz
JMS Quiz
JMX Quiz
Eclipse Quiz
J2ME Quiz
JBOSS Quiz
Programming Langauges Quizzes
C Quiz
C++ Quiz
Visual Basic Quiz
Data Structures Using C Quiz
Cobol Quiz
Assembly Language Quiz
Mainframe Quiz
Forth Programming Quiz
Lisp Programming Quiz
Pascal Quiz
Delphi Quiz
Fortran Quiz
OOPs Quiz
Data Warehousing Quiz
CGI Programming Quiz
Emacs Quiz
Gnome Quiz
ILU Quiz
Soft Skills Quizzes
Communication Skills Quiz
Time Management Quiz
Project Management Quiz
Team Work Quiz
Leadership Skills Quiz
Corporate Communication Quiz
Negotiation Skills Quiz
Database Quizzes
Oracle Quiz
MySQL Quiz
Operating System Quizzes
BSD Quiz
Symbian Quiz
Unix Quiz
Internet Quiz
IP-Masquerading Quiz
IPC Quiz
MIDI Quiz
Software Testing Quizzes
Testing Quiz
Firewalls Quiz
SAP Module Quizzes
ERP Quiz
ABAP Quiz
Business Warehousing Quiz
SAP Basis Quiz
Material Management Quiz
Sales & Distribution Quiz
Human Resource Quiz
Netweaver Quiz
Customer Relationship Management Quiz
Production and Planning Quiz
Networking Programming Quizzes
Corba Quiz
Networking Quiz
Microsoft Office Quizzes
Microsoft Word Quiz
Microsoft Outlook Quiz
Microsoft PowerPoint Quiz
Microsoft Publisher Quiz
Microsoft Excel Quiz
Microsoft Front Page Quiz
Microsoft InfoPath Quiz
Microsoft Access Quiz
Accounting Quizzes
Financial Accounting Quiz
Managerial Accounting Quiz
Testimonials | Contact Us | Link to Us | Site Map
Copyright 2008. Academic Tutorials.com. All rights reserved Privacy Policies | About Us
Our Portals : Academic Tutorials | Best eBooksworld | Beyond Stats | City Details | Interview Questions | Discussions World | Excellent Mobiles | Free Bangalore | Give Me The Code | Gog Logo | Indian Free Ads | Jobs Assist | New Interview Questions | One Stop FAQs | One Stop GATE | One Stop GRE | One Stop IAS | One Stop MBA | One Stop SAP | One Stop Testing | Webhosting in India | Dedicated Server in India | Sirf Dosti | Source Codes World | Tasty Food | Tech Archive | Testing Interview Questions | Tests World | The Galz | Top Masala | Vyom | Vyom eBooks | Vyom International | Vyom Links | Vyoms | Vyom World
Copyright 2003-2017 Vyom Technosoft Pvt. Ltd., All Rights Reserved.