2008-09-20

Linux Training : About NAT

I created a humble little chapter that serves as an introduction to iptables today. Also corrected minor errors in the router chapter. Both chapters are available online (12 page pdf) for your review.

The goal is to provide students (that have knowledge about sniffing, tcp, ip, arp, icmp,...) a practical introduction to setting up a router, packet filter, nat, snat and dnat on Linux with iptables.


10. Routers
10.1. terminology
10.1.1. router or firewall
10.1.2. packet forwarding
10.1.3. packet filtering
10.1.4. NAT (network address translation)
10.1.5. PAT (port address translation)
10.1.6. SNAT (source network address translation)
10.1.7. masquerading
10.1.8. port forwarding
10.2. packet forwarding
10.2.1. about packet forwarding
10.2.2. /proc/sys/net/ipv4/ip_forward
10.2.3. /etc/sysctl.conf
10.2.4. Practice: packet forwarding
10.2.5. Solution: packet forwarding
11. Iptables
11.1. about iptables
11.2. packet filtering
11.2.1. about packet filtering
11.2.2. filter table
11.2.3. Changing default policy rules
11.2.4. Allowing ssh over eth0
11.2.5. Allowing access from a subnet
11.2.6. iptables save
11.2.7. scripting example
11.2.8. Allowing ICMP(ping)
11.2.9. Practice: packet filtering
11.3. network address translation
11.3.1. about NAT
11.3.2. SNAT (Source NAT)
11.3.3. SNAT example setup
11.3.4. IP masquerading
11.3.5. DNAT (Destination NAT)

2 comments:

Anonymous said...

"packet filtering" reminds me of the kind of stateless filters that can be implemented on many routers/switches, filtering each packet individually.

Nowadays firewalls are all stateful, keeping track of established sessions. Calling it packet filtering seems wrong somehow.

Paul Cobbaut said...

stateful is indeed a term that needs to be explained in a firewall chapter!
thanks.