Download IP Masquerading

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
Document related concepts
no text concepts found
Transcript 
IP Masquerading
Homes and Businesses:
When you only have one IP
but you have LOTS of machines
The problem
• Extra IPs are an additional cost of you
internet service.
– Masquerading lets you hook up multiple
machines to the same IP
• Some companies want TCP/IP services and
set up a network not connected to the
internet to use internal services such as
www.
– Eventually they want to connect and don’t want
to have to reconfigure the entire network.
Unconnected Network
• If the network is configured with IPs
defined for unconnected service (like
192.168.x.x), masquerading lets you
connect with minimal changes.
• Those special IPs should never directly use
the internet as others might also be using
the same numbers.
• Masquerading maps the numbers
Multiple machine to ONE IP
• Basically the same problem as
unconnected networks.
• Use the special IPs and have a program
translate your special IPs into real IPs.
How does it work?
Focus on FROM (not TO) of request
TO is same for both sides of the request
From 137.155.37.33:34567
Router
137.155.37.33
From 192.168.1.2:100
192.168.1.2:100 -> 137.155.37.33:34567
(use same entry for reverse traffic)
To 137.155.37.33:34567
Internal
Machine
192.168.1.2
Internal
Machine
192.168.1.3
To 192.168.1.2:100
OUTSIDE NEVER SEES NET 192.168.1.x, only 137.155.37.33!
Problem/Considerations
Internal machine
65536
ports
Router
Ports range
0-65536
Ports range
0-65536
2*65536
ports
Internal machine
Not a problem only because
the internal machines seldom use
a large number of the available ports
Ports range
0-65536
Problem/Considerations
Internal SERVER
(www)
To 137.155.37.33:80
-> NO SUCH SERVICE
Gateway
To 192.168.1.2:80
-> ILLEGAL ADDRESS
137.155.37.33
Waiting on
port 80
192.168.1.2
No way to access the service.
-> Can’t provide external services from the inside.
(you can but it requires some extra effort
and another software package … more later)
How do you set it up?
• It’s actually packaged in a firewall solution
which effectively does
– packet level filtering AND
– masquerading
• This will be explained in the section
concerning setting up a firewall.
• In linux
– ipchains or
– iptables
Related documents
Interpersonal Skills
Interpersonal Skills
CLIMATE CHANGE & ITS IMPACT ON INDIGENOUS PEOPLES
CLIMATE CHANGE & ITS IMPACT ON INDIGENOUS PEOPLES
DPI as a means of access segregation in a corporate
DPI as a means of access segregation in a corporate
Introduction to Computers - CS Community – Computer Science
Introduction to Computers - CS Community – Computer Science
LIFE presentation - lansstyrelsen.se
LIFE presentation - lansstyrelsen.se
Potential therapeutic applications of pluripotent stem cells
Potential therapeutic applications of pluripotent stem cells
Mature cells can be rejuvenated
Mature cells can be rejuvenated
Stem Cell
Stem Cell
A winding road to pluripotency Shinya Yamanaka CiRA, Kyoto University (Japan)
A winding road to pluripotency Shinya Yamanaka CiRA, Kyoto University (Japan)
India`s Infrastructure
India`s Infrastructure
Alan Chu Patrick Pahmeyer
Alan Chu Patrick Pahmeyer
Ports and IPv6
Ports and IPv6
Difficulty (part of the hypothesis)
Difficulty (part of the hypothesis)
Overview: Employment and Individual Placement and
Overview: Employment and Individual Placement and
25 word - American Dynamics
25 word - American Dynamics
NLA AUDIO PRESERVATION TECHNICAL STANDARDS
NLA AUDIO PRESERVATION TECHNICAL STANDARDS
MS Word documentation example for Demonstrating
MS Word documentation example for Demonstrating
Joint and Individual Accounts
Joint and Individual Accounts
Print edition PDF
Print edition PDF
Journal Club
Journal Club
Intrusion Detection Systems - University of California, Santa Cruz
Intrusion Detection Systems - University of California, Santa Cruz
How to test an IPS
How to test an IPS