Jumat, 18 November 2011

HOW TO DIVIDING INTERNET CONNECTION USING PC ROUTER


On This discussion will be discussed on how to create a Gateway / PC Router using Ubuntu server. In this discussion it is assumed ubuntu has been installed.

There are two connection sharing function that applies in this case, that are:

1. The function in which the client / workstation in the LAN able to access the servers on the Internet.

2. Function is to allow the servers that we have in the LAN to be accessible and / or serving clients / workstations that exist elsewhere via a single Internet connection that we have.

Here are steps to share the internet connection using ubuntu server:

1. Make sure you have done setting the static IP address for both ethernet card.
In this example the first ethernet card (eth0) ethernet card is connected to the internet with public IP Address 118.98.212.43, IP Address and the second (eth1) is an ethernet card connected to a local network (LAN) with IP address 192.168.2.1.

2. Install DNS Server

3. Install the iptables package:
$ sudo apt-get install iptables

4. Turn on IP Forwarding on the server function is:
$ sudo sysctl-w net.ipv4.conf.default.forwarding=1

5. net.ipv4.conf.default.forwarding=1

6. Edit the file / etc / sysctl.conf
$ sudo nano / etc / sysctl.conf

7. Uncomment (remove the #) the following line:
# net.ipv4.conf.default.forwarding = 1

8. Save, then type the following command:
$ Sudo / sbin / sysctl-p

CONNECTING A LAN TO THE INTERNET

To connect the LAN it is necessary to make the IP Masquerading

IP masquerading translates sources and destination address in the header of network packets. In this example ROUTER translate all network packets from different IP address in LAN (192.168.2 .*) so that the package appeared on the internet with IP Address 118.98.212.43. ROUTER remember all the network packets and then the network
packet from the Internet (in response to local packages earlier) are amended and passed to the client's home.

Router system consists of four iptables commands.

The first command is forwarding packets from the Internet to the LAN (-A FORWARD).

$ Sudo iptables-A FORWARD-i eth0-o eth1-m state-state ESTABLISHED, RELATED-j ACCEPT


If this command is met with a packet in the network means:
Packet is received on eth0 (derived from the Internet):-i eth0
Packages sent to eth1 (go to LAN):-o eth1
The package was returned to the previously existing connections: - state ESTABLISHED, RELATED.
Furthermore, the kernel receives (-j ACCEPT) packets that met all three criteria. If there are network packets that come from the internet that do not meet these criteria then it will not be accepted.

Second command is still continuing, but with the opposite rule:


$ Sudo iptables-A FORWARD-i eth1-o eth0-j ACCEPT


If this command is met with the packet network means:
Received on eth1 (coming from the LAN):-i eth1.
Packages should be sent to eth0 (sent to the Internet):-o eth0.
The kernel receives a packet that meets the two criteria above, the package comes from the LAN and forwarded to the internet.

The third command is to record all incoming packets from the internet.

$ Sudo iptables-A FORWARD-j LOG

The fourth command is POST ROUTING. In this case only packets generated new connections are passed to table the NAT (Network Address Translation). Once a connection has been made
​​for MASQUERADE, then the packet headers of the resulting connection (ESTABLISHED) amended, and the packets corresponding to the package of origin (RELATED) is amended in the same way as changing the original package. In this way the packet is a response from the original packet header modified and adapted so that the package is up to the requesting client (here the example IP Address 192.168.2 .*). The command:

$ Sudo iptables-t NAT-A POSTROUTING-o eth0-j MASQUERADE

If this command is met with a package should:

Generate a connection (if it can not make the connection sebuh will not be entered into the NAT table).
Sent to eth0 (out to the internet):-o eth0.

The kernel will then disguise (MASQUERADE) all the packages found both of these criteria, in other words all the packets originating from a local client changed IP address in the package (192.168.2 .*) to 118.98.212.43, and all the response packets from the internet changed too destination to the IP address of origin.

Here are four commands above:

$ Sudo iptables-A FORWARD-i eth0-o eth1-m state-state ESTABLISHED, RELATED-j ACCEPT
$ Sudo iptables-A FORWARD-i eth1-o eth0-j ACCEPT
$ Sudo iptables-A FORWARD-j LOG
$ Sudo iptables-t NAT-A POSTROUTING-o eth0-j MASQUERADE


If you want to limit the computers (clients) connected to the internet then the fourth order can be created like this:

$ Sudo iptables-t NAT-A POSTROUTING-o eth0-j MASQUERADE-s 192.168.2.0-192.168.2.32

Connecting Several Servers to One Connection Internet
DNAT (destination NAT) allows the client on the internet to send packets into the network servers located on the LAN. In this example of an SMTP mail server on 192.168.2.33 and Apache (Web) server at 192.168.2.34. Both are using the TCP protocol. SMTP uses port 25 and Apache using port 80. Both of these routing using the command PREROUTING (-A PREROUTING-t NAT):

$ Sudo iptables-A PREROUTING-t NAT-p tcp-dport 25-to-source 192.168.0.33:25-j DNAT
$ Sudo iptables-A PREROUTING-t NAT-p tcp-dport 80-to-source 192.168.0.34:80-j DNAT

In order for this command runs automatically when the computer is turned on then all of the above command should be stored in the file / etc / rc.local

Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | coupon codes