Masquerading Basics - Novell LINUX ENTERPRISE SERVER 10 - INSTALLATION AND ADMINISTRATION 11-05-2007 Installation Manual

Table of Contents

Advertisement

POSTROUTING
This chain is applied to all outgoing packets.
Figure 43.1, "iptables: A Packet's Possible Paths"
which a network packet may travel on a given system. For the sake of simplicity, the
figure lists tables as parts of chains, but in reality these chains are held within the tables
themselves.
In the simplest of all possible cases, an incoming packet destined for the system itself
arrives at the eth0 interface. The packet is first referred to the PREROUTING chain
of the mangle table then to the PREROUTING chain of the nat table. The following
step, concerning the routing of the packet, determines that the actual target of the
packet is a process of the system itself. After passing the INPUT chains of the mangle
and the filter table, the packet finally reaches its target, provided that the rules of
the filter table are actually matched.

43.2 Masquerading Basics

Masquerading is the Linux-specific form of NAT (network address translation). It can
be used to connect a small LAN (where hosts use IP addresses from the private
range—see
Section 30.1.2, "Netmasks and Routing"
official IP addresses are used). For the LAN hosts to be able to connect to the Internet,
their private addresses are translated to an official one. This is done on the router, which
acts as the gateway between the LAN and the Internet. The underlying principle is a
simple one: The router has more than one network interface, typically a network card
and a separate interface connecting with the Internet. While the latter links the router
with the outside world, one or several others link it with the LAN hosts. With these
hosts in the local network connected to the network card (such as eth0) of the router,
they can send any packets not destined for the local network to their default gateway
or router.
IMPORTANT: Using the Correct Network Mask
When configuring your network, make sure both the broadcast address and
the netmask are the same for all local hosts. Failing to do so prevents packets
from being routed properly.
(page 818) illustrates the paths along
(page 547)) with the Internet (where
Masquerading and Firewalls
819

Advertisement

Table of Contents
loading

This manual is also suitable for:

Suse linux enterprise server 10

Table of Contents