Hybrid NAT and firewall applications in Linux (1)

LINUX has been popular around the world over the past few years thanks to its stability, security, and code openness. As a UNIX system, Linux is being applied in all aspects of the Internet, from scientific computing to cash machines, from web services to high-level Oracle database applications. You can see the shadows of linux. Because Linux complies with the GPL protocol public software license), anyone can obtain and modify its source code, so its security is much higher than other non-open source systems; and it can be downloaded from the network for free. From these two points, he is very suitable for the Network Information gate soft routing or gateway) and self-built firewall in fact, domestic hardware firewall manufacturers are using industrial X86 hardware and linux for their products, although it is not really a hardware firewall ). Nowadays, the School pays too much attention to learning software and development tools on windows and its windows platforms. But the students didn't realize that the UNIX system really supported the Internet. From my perspective on Linux, I would like to show you a corner of the UNIX system.
What is NAT?
NAT stands for Network Address Translation, which is an IETF standard that allows an organization to contain multiple Network nodes. NAT converts the addresses of each LAN node into one IP address, and vice versa. It can also be applied to the firewall technology to hide individual IP addresses from external discovery, so that external networks cannot directly access internal network devices. At the same time, it also helps the network to surpass address restrictions, reasonably arrange the use of public and private IP addresses in the network.
Why NAT?
Assume that the campus network provides Internet access services in the campus. To facilitate management, the IP addresses assigned to campus users by the campus network center are all pseudo IP internal IP addresses ), however, some users require the establishment of their own WWW server to publish external information. In this case, we can provide such services through NAT. We can bind multiple valid IP addresses or ports to the external network card of the firewall, and then forward packets sent to one of the IP addresses to the internal WWW server of a user through the NAT technology, then, the response packet of the internal WWW server is disguised as the package sent by the legal IP address.
Tutorial Environment
All the lab environments used in this article are as follows:
LINUX host is a server): Dual-nic REDHAT 9.0 host Name: host
WINDOWS 98 host (client): single Nic Host Name: test
One Lenovo D-link 8 port 10 M/M Switch
Body]
Topology of the network:

I. Installation and attention of RED HAT 9.0
Linux is an independent operating system, so it cannot be installed in other operating systems. It has its own startup method and can be installed using either of the following methods.
● Installation from CD-ROM
● Install from the FTP server
Because of the first installation method in Linux), there is a random reference manual, which is not very difficult, so we will focus on the installation from ftp.
Create a boot disk before installation:
1. In the windows operating system, place the installation disk into the optical drive;
2. Run e: \ dosutils \ rawrite.exe (the e drive is an optical drive)
3. Enter e: \ images \ bootnet. img in the running interface.
4. Specify the target disk and enter the user's floppy disk:
In this way, the boot disk of the installer is created.
　
Use a floppy disk to boot the computer. after entering the blue interface, enter the FTP server address and the ftp user name and password to install it.
The red hat 9.0 installation interface is Chinese. The installation instructions can be customized. Note that/swap partitions are twice the memory size; since it is a nat gateway,/var log partition should be split out, and the size should not be less than 500 mb. There is ample space to store logs, it is well documented for future system faults or attacks.
Ii. LINUX network settings and nat principles
2.1 network settings
After the linux system is installed, the entire platform is set up, but the network needs to be set up. Before the network is set, or before the linux system is connected to the Internet, we should turn off services unrelated to this server.
You can press "setup" in the command line and press Enter. A text menu is displayed, which contains "system service". You can use the space key to cancel the check box before the service and restart the system.
If you are a skilled UNIX user, you can cancel the service without restarting it.
Psaux
All services running in the background are displayed.
Kill-9
-9 indicates killing processes forcibly.
Then go to the/etc/sysconfig/network-scripts/directory.
The viifcfg-eth0 displays the following
Device = eth0
Onboot = yes
Bootproto = none
IPADDR = 192.168.0.1 # (intranet Nic IP address)
Netmask = 255.255.255.0
TYPE = ETHERNET
USERCTL = NO
PEERDNS = NO
NETWORK = 192.168.0.0 NETWORK No)
Broadcast = 192.168.0.255 Broadcast number)
The above settings mean: eth0 Intranet Nic, IP Address: 192.168.0.1, subnet mask: 255.255.255.0;
The viifcfg-eth1 displays the following
Device = eth1
Onboot = yes
Bootproto = none
IPADDR = 202.204.208.5 # (Internet Nic IP address)
Netmask = 255.255.255.255.128
TYPE = ETHERNET
USERCTL = NO
PEERDNS = NO
NETWORK = 202.204.208.0 NETWORK No)
Broadcast = 202.204.208.127 Broadcast number)
The preceding settings mean that eth1 is an external internet Nic and the IP address is 202.204.208.5.
The NIC settings are complete.
Add the ip address and name of the nat Client
Vi/etc/hosts
Format:
IP address Host Name
127.0.0.1 host
Intranet Gateway
Vi/etc/sysconfig/network
Gateway = 202.204.208.7)
Set DNS Server
Vi/etc/resolv. conf
Format:
Nameserver IP Address
Nameserver 202.106.196.115
After all settings are complete, restart the system and run
Route-a # Check the route table to see if the default gateway is 202.204.208.7
If yes, all network configurations on the server have been completed.
The following figure shows the network configuration of the client.
Because it is a Windows 98 system, only configuration parameters are provided. The configuration method is omitted.
The IP address is 192.168.0.2.
Subnet Mask: 255.255.255.0
Domain Name Server: 202.106.196.115
Gateway: 192.168.0.1
All network settings complete