Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- BACK TO BASICS Port forwarding
- A concrete application of DNAT is port forwarding. Incoming connections to a given port of a machine are forwarded to a port on another machine. Other solutions may exist for achieving a similar effect, though, especially at the application level with ssh (see Section 9.2.2.3, “Creating Encrypted Tunnels with Port Forwarding”) or redir.
- Enough theory, let's get practical. Turning a Debian system into a gateway is a simple matter of enabling the appropriate option in the Linux kernel, by way of the /proc/ virtual filesystem:
- # echo 1 > /proc/sys/net/ipv4/conf/default/forwarding
- This option can also be automatically enabled on boot if /etc/sysctl.conf sets the net.ipv4.conf.default.forwarding option to 1.
- Example 10.1. The /etc/sysctl.conf file
- net.ipv4.conf.default.forwarding = 1
- net.ipv4.conf.default.rp_filter = 1
- net.ipv4.tcp_syncookies = 1
- The same effect can be obtained for IPv6 by simply replacing ipv4 with ipv6 in the manual command and using the net.ipv6.conf.all.forwarding line in /etc/sysctl.conf.
- Enabling IPv4 masquerading is a slightly more complex operation that involves configuring the netfilter firewall.
- Similarly, using NAT (for IPv4) requires configuring netfilter. Since the primary purpose of this component is packet filtering, the details are listed in Chapter 14: “Security” (see Section 14.2, “Firewall or Packet Filtering”).
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement