Survey
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
IP Masquerading Homes and Businesses: When you only have one IP but you have LOTS of machines The problem • Extra IPs are an additional cost of you internet service. – Masquerading lets you hook up multiple machines to the same IP • Some companies want TCP/IP services and set up a network not connected to the internet to use internal services such as www. – Eventually they want to connect and don’t want to have to reconfigure the entire network. Unconnected Network • If the network is configured with IPs defined for unconnected service (like 192.168.x.x), masquerading lets you connect with minimal changes. • Those special IPs should never directly use the internet as others might also be using the same numbers. • Masquerading maps the numbers Multiple machine to ONE IP • Basically the same problem as unconnected networks. • Use the special IPs and have a program translate your special IPs into real IPs. How does it work? Focus on FROM (not TO) of request TO is same for both sides of the request From 137.155.37.33:34567 Router 137.155.37.33 From 192.168.1.2:100 192.168.1.2:100 -> 137.155.37.33:34567 (use same entry for reverse traffic) To 137.155.37.33:34567 Internal Machine 192.168.1.2 Internal Machine 192.168.1.3 To 192.168.1.2:100 OUTSIDE NEVER SEES NET 192.168.1.x, only 137.155.37.33! Problem/Considerations Internal machine 65536 ports Router Ports range 0-65536 Ports range 0-65536 2*65536 ports Internal machine Not a problem only because the internal machines seldom use a large number of the available ports Ports range 0-65536 Problem/Considerations Internal SERVER (www) To 137.155.37.33:80 -> NO SUCH SERVICE Gateway To 192.168.1.2:80 -> ILLEGAL ADDRESS 137.155.37.33 Waiting on port 80 192.168.1.2 No way to access the service. -> Can’t provide external services from the inside. (you can but it requires some extra effort and another software package … more later) How do you set it up? • It’s actually packaged in a firewall solution which effectively does – packet level filtering AND – masquerading • This will be explained in the section concerning setting up a firewall. • In linux – ipchains or – iptables