Ip masquerading
This presentation is the property of its rightful owner.
Sponsored Links
1 / 8

IP Masquerading PowerPoint PPT Presentation


  • 76 Views
  • Uploaded on
  • Presentation posted in: General

IP Masquerading. Homes and Businesses: When you only have one IP but you have LOTS of machines. The problem. Extra IPs are an additional cost of you internet service. Masquerading lets you hook up multiple machines to the same IP

Download Presentation

IP Masquerading

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Ip masquerading

IP Masquerading

Homes and Businesses:

When you only have one IP

but you have LOTS of machines


The problem

The problem

  • Extra IPs are an additional cost of you internet service.

    • Masquerading lets you hook up multiple machines to the same IP

  • Some companies want TCP/IP services and set up a network not connected to the internet to use internal services such as www.

    • Eventually they want to connect and don’t want to have to reconfigure the entire network.


Unconnected network

Unconnected Network

  • If the network is configured with IPs defined for unconnected service (like 192.168.x.x), masquerading lets you connect with minimal changes.

  • Those special IPs should never directly use the internet as others might also be using the same numbers.

  • Masquerading maps the numbers


Multiple machine to one ip

Multiple machine to ONE IP

  • Basically the same problem as unconnected networks.

  • Use the special IPs and have a program translate your special IPs into real IPs.


How does it work focus on from not to of request to is same for both sides of the request

How does it work?Focus on FROM (not TO) of request TO is same for both sides of the request

Router

137.155.37.33

Internal

Machine

192.168.1.2

From 192.168.1.2:100

From 137.155.37.33:34567

192.168.1.2:100 -> 137.155.37.33:34567

Internal

Machine

192.168.1.3

(use same entry for reverse traffic)

To 192.168.1.2:100

To 137.155.37.33:34567

OUTSIDE NEVER SEES NET 192.168.1.x, only 137.155.37.33!


Problem considerations

Problem/Considerations

Internal machine

Ports range

0-65536

Router

65536

ports

Ports range

0-65536

2*65536

ports

Internal machine

Not a problem only because

the internal machines seldom use

a large number of the available ports

Ports range

0-65536


Ip masquerading

Problem/Considerations

Internal SERVER

(www)

To 137.155.37.33:80

-> NO SUCH SERVICE

Gateway

Waiting on

port 80

137.155.37.33

To 192.168.1.2:80

-> ILLEGAL ADDRESS

192.168.1.2

No way to access the service.

-> Can’t provide external services from the inside.

(you can but it requires some extra effort

and another software package … more later)


How do you set it up

How do you set it up?

  • It’s actually packaged in a firewall solution which effectively does

    • packet level filtering AND

    • masquerading

  • This will be explained in the section concerning setting up a firewall.

  • In linux

    • ipchains or

    • iptables


  • Login