NAT routing in RedHatLinuxAS5

Connect two logically separate networks. Traditionally, vrouters are used for implementation. The improvement and development of Linux provides a low-cost and reliable alternative solution, more and more people use it to replace traditional network devices. Below is an instance that uses RedHatLinuxAS5 to implement NAT routing. TIPS: NATNAT is short for NetworkAddressTranslation, also known as network address translation. It is converted from

Connect two logically separate networks. Traditionally, vrouters are used for implementation. The improvement and development of Linux provides a low-cost and reliable alternative solution, more and more people use it to replace traditional network devices. Below is an instance that uses Red Hat Linux AS 5 to implement NAT routing.

TIPS:

NAT

NAT is short for Network Address Translation, also known as Network Address Translation. It converts the internal network address and the public network address to achieve internal and external interconnection. It not only hides internal IP addresses, reduces the risk of internal network attacks, but also helps solve the problem of insufficient IP addresses on the Internet. It is a widely used Internet connection method.

I. Requirement Analysis

Some time ago, we rented a 10 m optical fiber line of China Netcom and obtained a public IP address. Using a Cisco 2621 router for address translation, we achieved interconnection between the LAN and the Internet in the residential area. In the initial stage of network operation, this configuration and connection method still stood the test. With the passage of time, the number of computers in the Community LAN is increasing, from more than 50 to more than 100, and more people are using download tools such as BT and donkey, as a result, Cisco 2621 suffered severe overload and multiple crashes.

In the face of this situation, we have designed three solutions: one is to purchase a high-performance router and replace cisco 2621; the other is to add a computer to windows + ISA server; the third is, linux and a computer. The first solution is simple and easy to use, but the investment is too high. The second solution has higher performance than the former, but the stability and security of windows have become the biggest hidden danger, and windows has high hardware requirements, if you use all genuine software, the cost is not low. The third solution is the most cost-effective, so an idle old SERVER + Linux became our first choice.

Ii. Network Structure

The Linux server in is inserted with a dual Nic. eth0 (Network Card 1) is connected to the Intranet of the residential area, and eth1 (Network Card 2) is connected to the Internet. The IP address settings are as follows:

Intranet: 192.168.1.0/255.255.255.0

Linux Server:

Eth0: 192.168.1.1/255.255.255.0

Eth1: 221.214.141.12/255.255.255.0

Gateway 221.214.141.1

DNS 202.102.134.68 202.102.128.28

Iii. Linux Server Configuration

The following configuration is based on Red Hat Enterprise Linux AS 5 and the kernel version is 2.6.18. During installation, select "minimum installation". The Language Pack is only in English to reduce the usage of system resources by other components. After installation, log on to the system as the root user and set it on the Character interface.

1. IP Address Settings

Ifconfig eth0 192.168.1.1 netmask 255.255.255.0

Ifconfig eth1 221.214.141.12 netmask 255.255.255.0

To enable the computer to automatically set the IP address at startup, you also need to modify the two files under/etc/sysconfig/network-scripts/: ifcfg-eth0, ifcfg-eth1, set the ONBOOT attribute to yes, that is, ONBOOT = yes,

The ifcfg-eth0 file format for eth0 (NIC 1) is as follows:

# 3com Corporation | 3c905B 100 BaseTX [Cyclone]

DEVICE = eth0

BOOTPROTO = none

HWADDR = 00: 10: 4B: 95: 95: E8

ONBOOT = yes

TYPE = Ethernet

USERCTL = no

PEERDNS = no

NETMASK = 255.255.255.0

IPADDR = 192.168.1.1

The ifcfg-eth1 file format for eth1 (NIC 2) is as follows:

# 3com Corporation | 3c905B 100 BaseTX [Cyclone]

DEVICE = eth1

BOOTPROTO = none

HWADDR = 00: 10: 4B: 95: 95: E9

ONBOOT = yes

TYPE = Ethernet

USERCTL = no

PEERDNS = no

NETMASK = 255.255.255.0

IPADDR = 221.214.141.12

GATEWAY = 221.214.141.1

Note: to modify these two files, run the vi command, enter and execute "vi/etc/sysconfig/network-scripts/ifcfg-eth0", type the I command, and the vi editor enters the editing mode. After editing, press "ESC" and return to the command mode. Enter ": wq" and press the Enter key to save the disk and exit. If you enter ": q !", Then exit without saving any data.