Private IP ? NAT - PowerPoint PPT Presentation

1 / 43
About This Presentation
Title:

Private IP ? NAT

Description:

Private IP NAT ( Jiann-Ching Liu ) Email: center5_at_cc.ncu.edu.tw URL: http://www.cc.ncu ... – PowerPoint PPT presentation

Number of Views:102
Avg rating:3.0/5.0
Slides: 44
Provided by: Jiann150
Category:

less

Transcript and Presenter's Notes

Title: Private IP ? NAT


1
Private IP ? NAT
? ? ? ? ? ? ??????? ? ? ? ( Jiann-Ching Liu
) Email center5_at_cc.ncu.edu.tw
URL http//www.cc.ncu.edu.tw/center5/
2
? ?
1. Private IP Address ??? 2. Private IP Address
???? 3. Network Address Translation 4. Port
Redirection 5. Transparent Proxy 6. FreeBSD
??????? 7. Linux ??????? 8. NAT Server
?????? 9. ????
3
Private IP Address
RFC 1597 Sectin 3 Private Address Space
Internet
10.0.0.0
10.255.255.255
172.16.0.0
172.31.255.255
192.168.0.0
192.168.255.255
?
Private IP
4
Private IP Packet ?????
5
Proxy Server
1. Local net ? Internet ? Proxy Server
?? 2. Local net ??? Proxy Server ?? Internet ??
?? Proxy Server ??? 1. ??? Clinet ?????? Proxy
????? 2. ??? Proxy ???????? Internet ??,?
telnet, NFS ? 3. ????? Server ???????,?????????
Proxy Server
6
NAT (? IP Masquerade)
  • NAT ? Network Address Translation ???
  • NAT ?????? PC ????? NAT ??? Router ? Dedicate NAT
    Server
  • NAT ???
  • NAT ?????? Private IP Transparently ?? Internet
    ???

7
NAT ???
8
NAT (Masquerading) ?????
NAT
src 10.1.1.31257 dst 140.115.17.10823
src 140.115.1.163451 dst 140.115.17.10823
10.1.1.254
140.115.1.1
src 10.1.1.51257 dst 163.28.1.2280
src 140.115.1.163452 dst 163.28.1.2280
9
Port Redirection
  • NAT Server ? Port Redirection ??????????? Port
    Number ? Packet Redirection ?????
  • Port Redirection ?????? Service ??????

Redirect Port 80 ? 10.0.0.1
???WWW ???
10
Transparent Proxy
  • ??? Transparent Proxy ??????????????????????????
    Service Port
  • ??????? WWW ?,???????? Proxy Server ?????? Proxy
    Server ???

Proxy Server
Transparent Proxy Redirector
Client
Server
Request
Reply
Redirect
Request
Request if miss
Reply
Reply
11
FreeBSD ?? NAT ???
1. IPNAT Dynamic NAT (???) 2. Network
Address Translation Daemon Masquerading (???)
12
FreeBSD ?IPNAT
???? 1. ?? FreeBSD ????????? options
IPFILTER 2. ?? gateway ??? ?? /etc/rc.conf ??
gateway_enableYES ??????? sysctl -w
net.inet.ip.forwarding1 3. ipnat ????
(?????????) ?? /etc/ipnat.conf ???? map ed1
10.0.0.0/8 -gt 140.115.11.252/30 portmap tcp/udp
102565000 map ed1 10.0.0.0/8 -gt
140.115.11.252/30 4. ?? ipnat -F ( delete
all active entries in the current NAT table )
ipnat -C ( delete all entries in the current
NAT listing ) ipnat -f /etc/ipnat.conf 5. ?
Ethernet ??? nat ???? proxyarp, ? arp -s
140.115.11.253 00001c301e29 pub
13
FreeBSD ?NATD
NATD Network Address Translation Daemon
???? 1. ?? FreeBSD 2.2 ????? 2. ?? FreeBSD
????????? options IPFIREWALL options
IPDIVERT 3. ?? gateway ??? ?? /etc/rc.conf ??
gateway_enableYES ??????? sysctl -w
net.inet.ip.forwarding1 4. ???????? (???????) 5.
? /etc/services ?? natd 8668/divert Network
Address Translation socket 6. ?? /etc/rc.firwall
? Firewall ???? /sbin/ipfw -f flush /sbin/ipfw
add divert natd all from any to any via
de0 /sbin/ipfw add pass all from any to any 7.
?? Firewall ??? ? /etc/rc.conf ??
firewall_enableYES 8. ?? natd ? natd -n de0 ??
de0 ????????
Port Redirection ???? natd -redirect_port tcp
10.0.0.180 80 -n de0
14
Linux ? IP Masquerade
  • NAT ???? Linux ???? IP Masquerade

???? 1. ???? Linux ?? ??????? YES Prompt for
development and/or incomplete code/drivers CONFI
G_EXPERIMENTAL Enable loadable module
support CONFIG_MODULES Networking
support CONFIG_NET Network firewalls CONFIG_F
IREWALL TCP/IP networking CONFIG_INET IP
forwarding/gatewaying CONFIG_IP_FORWARD IP
firewalling CONFIG_IP_FIREWALL IP
masquerading (EXPERIMENTAL) CONFIG_IP_MASQUERADE
IP ipautofw masquerade support
(EXPERIMENTAL) CONFIG_IP_MASQUERADE_IPAUTOFW IP
ICMP masquerading CONFIG_IP_MASQUERADE_ICMP I
P always defragment CONFIG_IP_ALWAYS_DEFRAG
2. ?? IP Firewall ??? ipfwadm -F -p masquerade
?????? ipfwadm -F -p deny ipfwadm -F -a -m -S
net/nm -D 0/0
Transparent Proxy ???? ipfwadm -I -a accept -P
tcp -D 0.0.0.0/0 80 -r 81
15
Linux ????
1. ?? Linux ???? ftp//linux.cis.nctu.edu.tw/ke
rnel/v2.2/linux-2.2.3.tar.gz 2. ?? Linux
?? cd /usr/src rm -fr linux tar zxvf
/linux-2.2.3.tar.gz 3. ?? Linux ???? cd
/usr/src/linux make menuconfig 4. ?? Linux
?? make dep make clean make zlilo make
modules make modules_install
16
Linux ???? NAT ????
Networking options ---gt Network
firewalls IP firewalling IP always
defragment (required for masquerading)
IP transparent proxy support IP
masquerading IP ICMP masquerading
IP masquerading special modules
support ltMgt IP ipautofw masq support
(EXPERIMENTAL) (NEW) ltMgt IP ipportfw masq
support (EXPERIMENTAL) (NEW) ltMgt IP ip
fwmark masq-forwarding support (EXPERIMENTAL)
(NEW)
17
Linux/FreeBSD Server ? Private IP ????
1. Proxy-based Firewall (Traditional Proxies)
2. NAT Router (Masquerading) ??? 3. Transparen
t Proxy ??? 4. NAT Router ??????? Server
18
Proxy-based Firewall
1. Firewall ???????,???????? 2. ???????????? 3.
?? Internet ????????? Firewall 4. ? Firewall ??
Proxy ?? (? squid)
19
Proxy-based Firewall (conti)
  • ???? IP ????,????????????
  • ????????????????? IP ???
  • Client ? Mail Server, Web Server, DNS Server,
    Proxy Server ???????????? IP

Proxy-based Firewall ????????????? Transparently
?????, ??? telnet, ping, ... ?
20
NAT Router (Masquerading)
1. ???? Firewall ???, ??????????? Firewall
??????? 2. Linux ? Masquerading ?????????? FTP,
RealAudio, Quake? 3. ??? Internet ????????
Firewall ?
21
Linux IP Chains tool
  • Linux ? 2.1.102 ?? Firewalling code ???, ?? Linux
    IP Firewalling Chains ??????
  • http//www.rustcorp.com/linux/ipchains/
  • ?? ipchains-1.3.8.tar.gz (http//www.rustcorp.com/
    linux/ipchains/)
  • ???????? tar zxvf ipchains-1.3.8.tar.gz cd
    ipchains-1.3.8 make make install

22
ipchains ???
echo 1 gt /proc/sys/net/ipv4/ip_forward ipchains
-A forward -s 10.0.0.0/16 -d 0.0.0.0/0 -j
MASQ ipchains -A forward -s 0/0 -j DENY
? ipfwadm ????? ipfwadm -F -p deny ipfwadm -F -a
m -S 10.0.0.0/16 -D 0.0.0.0/0
23
NAT Router FreeBSD ???
FreeBSD ???? options IPFIREWALL options
IPDIVERT
sysctl -w net.inet.ip.forwarding1 ipfw -f
flush ipfw add divert natd all from any to any
via ed1 ipfw add pass all from any to any natd
-interface ed1
ed1
24
FTP nightmares
  • FTP ?? Active ? Passive ????,Web Browser ????
    Passive Mode,??????? FTP ???? Active Mode
  • ??Active Mode ?,?????????? dir ????,????? TCP
    ????????
  • ?? Passive Mode ?,???????????,???????? Client ?
    Server

ftpgt get samba-2.0.2.tar.gz local
samba-2.0.2.tar.gz remote samba-2.0.2.tar.gz 500
Illegal PORT Command ftpgt passive Passive mode
on. ftpgt get samba-2.0.2.tar.gz local
samba-2.0.2.tar.gz remote samba-2.0.2.tar.gz 227
Entering Passive Mode (140,115,11,215,4,138) 150
Opening BINARY mode data connection for
samba-2.0.2.tar.gz (2052417 bytes). 226 Transfer
complete. 2052417 bytes received in 2.29 secs
(8.7e02 Kbytes/sec)
? passive mode ?????
  • Linux ??? Active Mode FTP ?????? ip_masq_ftp ???
  • ? modprobe ip_masq_ftp
  • FreeBSD ? IPNAT ?? Active Mode FTP ???,?? NATD
    ?????

25
Transparent Proxies
1. Transparent Proxies ??????, ?? transparent
redirect ???, ??????? redirect request ? proxies
server 2. Client ???????? Proxy
26
Redirector ?Proxies ????
27
Transparent Proxies FreeBSD ???
  • FreeBSD ? Transparent Proxies ??? IP Filter ???

FreeBSD ???? ??? IPNAT ??? options IPFILTER
ipnat.conf ?????? rdr de0 0.0.0.0/0 port 80 -gt
127.0.0.1 port 3128 tcp map ed1 10.0.0.0/8 -gt
140.115.1.252/30 portmap tcp/udp 102565000 map
ed1 10.0.0.0/8 -gt 140.115.1.252/30
  • squid ???????

ed1
de0
28
Dedicate Proxies ????
1. Linux ?????????? Network firewalls
IP firewalling IP always defragment
(required for masquerading) IP transparent
proxy support 2. Linux firewall rulesipchains
-F inputipchains -A input -p TCP -d localhost
80 -j ACCEPT / DENYipchains -A input -p TCP -d
140.115.1.1 80 -j ACCEPT / DENYipchains -A input
-p TCP -d 10.0.0.254 80 -j ACCEPT /
DENYipchains -A input -p TCP -d 10.0.0.253 80
-j ACCEPTipchains -A input -p TCP -d 0.0.0.0/0
80 -j REDIRECT 8081 3. ???? tproxyddownload
transproxy-0.3.tar.gztar zxvf transproxy-0.3.tar.
gzcd transproxy-0.3makemake install 4. ??
tproxyd/usr/sbin/in.tproxyd -s 8081 -r nobody
140.115.1.2 3128
? WWW Server ?? ACCEPT ?? DENY
?? Dedicate Proxies Server
FreeBSD ????????,? Linux ???? squid ?? tproxyd
?? Dedicate Proxies Server
29
????????? telnet
1. Linux ?????????? Network firewalls
IP firewalling IP always defragment
(required for masquerading) IP transparent
proxy support 2. Linux firewall rulesipchains
-F inputipchains -A input -p TCP -d localhost
23 -j ACCEPTipchains -A input -p TCP -d
140.115.1.1 23 -j ACCEPTipchains -A input -p TCP
-d 10.0.0.254 23 -j ACCEPTipchains -A input -p
TCP -d 0.0.0.0/0 23 -j REDIRECT 2023 3. ????
redirdownload redir-1.1.tar.gztar zxvf
redir-1.1.tar.gzcd redir-1.1makecp redir
/usr/sbin 4. ?? redir/usr/sbin/redir
140.115.1.2 2023 23
?? Dedicate Proxies Server
30
NAT Router ?????????
1. ??? IP ??????????,? Server ????????????
2. ????? NAT Router ????????????,?? Email
???? DNS ?? MX (Mail Exchanger) ??????,
???????????? redirect ???
31
???????????
32
NAT ?????
?????????????,?????? TCP echo Port ???????
33
NAT ????? (?)
34
NAT ?????
???????????? 1. NAT Server?? ????,????? NAT
??? 2. ?? NAT ??????? 3. NAT ??????? 4. NAT
?????? 5. ???????? UNIX ?????? (FreeBSD ?
Linux)
????? ??????????????????,2 4 ????????????
Windows 98 ??,????? autorun ??? setup
??????????????????????
NAT ????????,??????
35
NAT Server??
NAT Server ????? 1. CD-ROM ?????,???????? NAT
Server ? Router? 2. ???????,???????????????,????
????? 3. ???????,??????????? 4. ?? SNMP ?
Agent,??? MRTG ????????????? 5. ???????? DHCP
??,???????????? 6. ???? WWW ? ? ? ? Transparent
Proxy ?? 7. ?????????????,????????????
36
????
1. 486 ????? CPU 2. 16 Mega ??? RAM (??? 32
Mega ??) 3. CD-ROM ?? (??? IDE ??) 4. 3.5 ?
1.44 M ??????????? (?????,?????? CD-ROM Boot
?,???) 5. ??????? (??? PCI ??,? PnP ?????????
I/O ??,????? I/O ? IRQ ????)
37
????
?????,???????????????? 1. CD-ROM
???? 2. ????? (????????) ????????? MS-DOS
??,? Linux ????? DOS ????????????????,???\dosutil
s\rawrite -f \bootdisk\boot.img -d a? Linux
????????????? Linux ????,??dd if/cdrom/bootdisk/
boot.img of/dev/fd0 3. ? DOS ???,????? ? DOS
?,????????,???????????,? autoboot ??
38
????????
  • ????????,??????????
  • ??????,????????????,???????

39
????
??????????
http//www.cc.ncu.edu.tw/center5/livecd/boot.htm
40
??????????
?????????,????????,??????????????????????????,????
???,?????????????????,???????
  • ??????????????????,???? autoexec.sh????? DOS ?
    UNIX ???????,??????????
  • autoexec.sh ????????????????????
  • autoexec.sh ?????????? interpreter
    ???,?!/bin/sh ? !/usr/bin/perl
  • autoexec.sh ??????,???????,???????,??????????,?
    mount -t msdos /dev/fd0 /floppy

41
?????????????
??????????????? root ???? rootpass
!/bin/sh PASS"rootpass" rm -f /etc/shadow-
cp /etc/shadow /etc/shadow- perl -e '
encrypt crypt(ARGV0, "zT") open(FN,
"ARGV1") while (ltFNgt) chomp
/(\w)\\\w(.)/ if (1 eq
"root") print "rootencrypt2\n"
else print "_\n"
close FN ' PASS /etc/shadow- gt
/etc/shadow chown root.shadow /etc/shadow chmod
640 /etc/shadow
42
???????
  • ???? root ????????,(??? passwd ?,?????,??? ENTER)
  • root ?????????,???????
  • ?????????????? liujc,??????,??????? telnet ????

???????,?????????????? ?????????????????
43
????
1. NATD FreeBSD System Managers
Manual 2. Linux IP Masquerade mini
HOWTO 3. http//www.indyramp.com/masq/ 4. http/
/squid.nlanr.net/Squid/FAQ/FAQ-17.html 5. Linux
IPCHAINS-HOWTO
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Private IP ? NAT" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!