ip masquerading
Post on 30-Dec-2015
45 Views
Preview:
DESCRIPTION
TRANSCRIPT
IP Masquerading
Homes and Businesses:When you only have one IP
but you have LOTS of machines
The problem• Extra IPs are an additional cost of you
internet service.– Masquerading lets you hook up multiple
machines to the same IP
• Some companies want TCP/IP services and set up a network not connected to the internet to use internal services such as www.– Eventually they want to connect and don’t want
to have to reconfigure the entire network.
Unconnected Network
• If the network is configured with IPs defined for unconnected service (like 192.168.x.x), masquerading lets you connect with minimal changes.
• Those special IPs should never directly use the internet as others might also be using the same numbers.
• Masquerading maps the numbers
Multiple machine to ONE IP
• Basically the same problem as unconnected networks.
• Use the special IPs and have a program translate your special IPs into real IPs.
How does it work?Focus on FROM (not TO) of request
TO is same for both sides of the request
Router137.155.37.33
InternalMachine
192.168.1.2
InternalMachine
192.168.1.3
From 192.168.1.2:100
(use same entry for reverse traffic)
From 137.155.37.33:34567
To 137.155.37.33:34567 To 192.168.1.2:100
OUTSIDE NEVER SEES NET 192.168.1.x, only 137.155.37.33!
192.168.1.2:100 -> 137.155.37.33:34567
Problem/Considerations
Ports range 0-65536
Internal machine
Ports range 0-65536
Internal machine
Ports range 0-65536
Router
2*65536ports
65536ports
Not a problem only becausethe internal machines seldom usea large number of the available ports
Problem/Considerations
Waiting on port 80
Internal SERVER(www)
Gateway
192.168.1.2137.155.37.33
To 137.155.37.33:80-> NO SUCH SERVICE
To 192.168.1.2:80-> ILLEGAL ADDRESS
No way to access the service. -> Can’t provide external services from the inside.(you can but it requires some extra effort and another software package … more later)
How do you set it up?
• It’s actually packaged in a firewall solution which effectively does – packet level filtering AND– masquerading
• This will be explained in the section concerning setting up a firewall.
• In linux– ipchains or– iptables
top related