You are not logged in.
- Topics: Active | Unanswered
#1 2014-06-29 20:25:36
- xworld
- Member
- Registered: 2012-05-27
- Posts: 153
NAT table with IPtables
I'm following the Archwiki guide on setting up a NAT gateway here: https://wiki.archlinux.org/index.php/si … AT_gateway and I want to make sure I don't do incorrectly. It says that it assumes your outgoing interface is ppp0. I realized I've never dealt with this sort of thing before, so I looked on the Arch wiki and found this article: https://wiki.archlinux.org/index.php/pppd. I went through and configured it, and everything seemed to be successful. Am I suppose to see a ppp0 interface when running ifconfig? How do I know if it's ok to use ppp0 for the outgoing interface in the first article I posted?
Thanks.
Last edited by xworld (2014-06-29 21:47:15)
Offline
#2 2014-06-30 00:51:23
- nomorewindows
- Member
- Registered: 2010-04-03
- Posts: 3,418
Re: NAT table with IPtables
What are you trying to do? Are you wanting to use ppp? If you are just routing between interfaces you wouldn't necessarily need ppp. Maybe you need to look at the wiki artictle for internet sharing or stateful router.
I may have to CONSOLE you about your usage of ridiculously easy graphical interfaces...
Look ma, no mouse.
Offline
#3 2014-06-30 02:15:32
- xworld
- Member
- Registered: 2012-05-27
- Posts: 153
Re: NAT table with IPtables
I guess I should be more specific. I'm following the stateful firewall article at the part where it talks about setting up a NAT gateway, and my plan is to use my host server(Arch linux) as a NAT gateway for a couple VMs I have running on Arch. I realize that you can set up VMs for NAT networking, but I want to be able to see/ping them from another computer entirely, so I had them configured for bridged networking. The idea is to simulate an actual firewall with actual hosts behind it using my Arch server and the VMs. I was just concerned about this statement:
All over this section, we assume that the outgoing interface (the one with the public internet IP) is ppp0. Keep in mind that you have to change the name in all following rules if your outgoing interface has another name.
I have no idea if my outgoing interface is ppp0, and if it's not, I have no idea what it would be considering that I've never dealt with ppp or pppoe on my computer before. So I figured searched for details about ppp on Arch and located the section about pppd. I set it up, presumably correctly since everything went well, and was hoping that going through the process would shed some light on if my outgoing interface is ppp0, or if not, help me figure out what it was. So far it hasn't.
Offline
#4 2014-06-30 02:21:19
- nomorewindows
- Member
- Registered: 2010-04-03
- Posts: 3,418
Re: NAT table with IPtables
Under VMs you use a bridged mode network adapter or the net tap interface.
Last edited by nomorewindows (2014-06-30 02:30:21)
I may have to CONSOLE you about your usage of ridiculously easy graphical interfaces...
Look ma, no mouse.
Offline
#5 2014-06-30 02:24:41
- xworld
- Member
- Registered: 2012-05-27
- Posts: 153
Re: NAT table with IPtables
Yes I know, that's currently what I'm doing with them. Since bridged VMs have their own IP addresses as though they are independent machines on the same subnet as the host, I assumed it would be possible to create a NAT gateway out of the host machine, and essentially place the VMs behind the host machines iptables firewall. Am I incorrect? I'm starting to think I am.
Offline
#6 2014-06-30 06:15:54
- fukawi2
- Ex-Administratorino
- From: .vic.au
- Registered: 2007-09-28
- Posts: 6,231
- Website
Re: NAT table with IPtables
I realize that you can set up VMs for NAT networking, but I want to be able to see/ping them from another computer entirely, so I had them configured for bridged networking. The idea is to simulate an actual firewall with actual hosts behind it using my Arch server and the VMs.
You're mixing apples and oranges (kind of). If you're planning on NAT'ing the VM's then all the traffic will "come from" your Arch machine (and defeats the purpose of bridging).
Using bridging puts your VM's on the same Layer 2 network at the host -- no need to NAT. Your other options are:
1) Use a host-only network for your VM's, then route that traffic using the host.
2) Use a host-only network and NAT the VM network using the host.
If you want to experiment with firewalling using a perimeter device then option 1 is what you want. If you're using VirtualBox, this may be a good read for you: http://blog.superuser.com/2011/04/25/vi … you-do-it/
All over this section, we assume that the outgoing interface (the one with the public internet IP) is ppp0. Keep in mind that you have to change the name in all following rules if your outgoing interface has another name.
I have no idea if my outgoing interface is ppp0
Neither do we; it's your computer -- but I'm reasonably confident in saying that if you don't know what ppp0 is, chances are it's NOT your outgoing interface. You can find the interface of your default route (your "outgoing interface") with this command:
ip route show defaultAre you familiar with our Forum Rules, and How To Ask Questions The Smart Way?
BlueHackers // fscanary // resticctl
Offline
#7 2014-06-30 21:23:38
- xworld
- Member
- Registered: 2012-05-27
- Posts: 153
Re: NAT table with IPtables
I see that I was confused now. I'll look more into the link, and do some more research on what you are talking about. Thanks.
Offline