Friday, July 9, 2010

Simple NAT Server


Hello folks, nice jotting again; I don't know if I would include this article until I needed it applications.How can I put external IP address with in my LAN so I must also have a local address.Simple NAT configurations will solve my problem with a little ease. It is because I am going to setup a live Asterisk VoIP Server one public and another one internal/private address.Public IP for WAN and Private address for my clients to get connected in the server.

A simple Network Address Translation will be doing the tweaking after I prepared a twon NIC (Ehternet) machine ofcourse running in CentOS -(common OS for Asterisk Telephony). I have encountered some issues with SIP to NAT but it can be done easy in SIP trunking configurations, and besides that IAX are much better in avoiding this NAT traversal configuration .

SO , I hope that there will be another applications yuo can use with NAT servering.


To use NAT in Asterisk WAN to LAN IP addressing
To be able to configure NAT traversal in some VoIP protocols (IAX,SIP,H323)
To learn NAT howto (NAT servering)

In doing this VoIP over NAT, we need to have Unix/Linux like OS that has a nat package in its kernel .We may also try to intall its software update if there is none in the OS software package-there are plenty files/program available for free download on the net.

Anyway,here is how to setup NAT with Linux and iptables; and I'll be mentioning a step-by-step tutorial to configure Network Address Translation (NAT) with Open Source Linux operating system and iptables. This will allow your system to act as gateway and to provide Internet access to multiple hosts in Local Area Network (LAN) using a single public IP address.


1. Hardware server with 2 (two) network interface cards (NICs).
2. Any Linux distribution (get more information at
3. Linux kernel with networking and iptables support.
4. iptables package (you can find latest release at NetFilter's Download page).

Basic definitions

aa.aa.aa.aa is Wide Area Network (WAN) IP address ( is WAN netmask). is LAN IP address (e.g. or, dd.dd.dd.dd is LAN netmask (e.g. is default gateway for Internet connection.

eth0 is hardware name of the NIC connected to WAN base.
eth1 is name of LAN connected NIC.

Step-by-step set up

1. Apply two NICs to hardware server.
2. Verify that both NICs are recognized by Linux well and are fully workable:
# dmesg | grep eth0
# dmesg | grep eth1

the output may vary but in most cases it would be like following one:
eth1: RealTek RTL8139 at 0xe0830000, 00:30:4f:3b:af:45, IRQ 19
eth1: Identified 8139 chip type 'RTL-8100B/8139D'
eth0: link up, 100Mbps, full-duplex, lpa 0x41E1

Similar output should be for eth0 NIC.

To verify that NICs are recognized by Linux as networking devices use the following commands:
# ifconfig eth0
# ifconfig eth1

In case of success the output will be as follows:

# eth0 Link encap:Ethernet HWaddr 00:50:56:C0:00:08
inet6 addr: fe80::250:56ff:fec0:8/64 Scope:Link
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:41 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

You can find full manual page for ifconfig command here.

3. Configure WAN interface (eth0) to get Internet connection:
ifconfig eth0 aa.aa.aa.aa netmask

# ifconfig eth0 netmask

WAN IP address and netmask should be provided by your ISP.

4. Set up WAN NIC settings to apply after server start up.
Configuration files containing NIC settings may have different syntax and location in various distributions. For such distributions as RedHat, Fedora, Centos and similar ones eth0 configuration file is at /etc/sysconfig/network-scripts/ifcfg-eth0. In Debian, Ubuntu NIC settings are located at single file /etc/network/interfaces.

To edit configuration files use any preferred text editor like vim, GNU nano or any other.

After editing /etc/sysconfig/network-scripts/ifcfg-eth0 should look as follows:

IPADDR=aa.aa.aa.aa # e.g. # e.g. # e.g.
HWADDR=00:30:4f:3b:af:45 # MAC address (optional entry)

After making changes to /etc/network/interfaces section regarding eth0 NIC should looks like:

auto eth0
iface eth0 inet static
address aa.aa.aa.aa

Related links: detailed syntax description of /etc/sysconfig/network-scripts/ifcfg-ethN, manual page of /etc/network/interfaces.

5. Set up LAN NIC settings to apply after server start up. This step requires operations similar to previous step.

Edit /etc/sysconfig/network-scripts/ifcfg-eth1 and make sure that it looks like:

BOOTPROTO=static # e.g.
NETMASK=dd.dd.dd.dd # e.g.
HWADDR=00:50:8d:d1:24:db # MAC address of LAN NIC (optional entry)

If you are using Debian or related Linux distribution, edit /etc/network/interfaces (see previous step):

auto eth1
iface eth1 inet static
netmask dd.dd.dd.dd

6. Set up Domain Name System servers IP addresses by editing /etc/resolv.conf:


7. Enable IP Forwarding:

# echo 1 > /proc/sys/net/ipv4/ip_forward

8. Set up NAT with iptables:

To delete existing rules from every iptables table, execute the following commands:

#iptables -F
#iptables -t nat -F
#iptables -t mangle -F

Related links: official iptables documentation.

Enable NAT by commands:

# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# iptables -A FORWARD -i eth1 -j ACCEPT

8. Configure LAN clients to access Internet via described gateway:

Use clients' operating system tools to set up the following TCP/IP settings:

IP address: from the same network as (you can use IP/Subnet calculator to get it)
Netmask: dd.dd.dd.dd
DNS: ff.ff.ff.ff

IP address:



MRTG (Multi Router Traffic Grapher) Server


Our discussion here is all about an Opensource network monitoring software, no other than MRTG (Multi Router Traffic Grapher) which is an application that allows us to observe the traffic of a network. It generates html pages with graphs which are refreshed according to our network’s current state. Its source is written in Perl and C which means that it can be installed in every Operating System we like. We will also need SNMP daemon (Simple Network Management Protocol) which gives us information for a network. The following installation was accomplished under Linux and specifically CentOS . With some little changes it can be used and under other distros.We will present also some simple trick on how to monitor multi services (domain,IP,host,etc) in a single output page.It is not different with polling all the packets either from udp or tcp tunnel and let the sequence or arrangemeng followed to simple network management protocol-SNMP

I hope that this doc is easy for every reader to follow the howtos of deploying the MRTG server.

Good Luck to all Parekoy!

1)Basically we need to setup a network monitoring software
2)To use an Opensource MRTG which is durable and tested
3) To be able to configure and setup MRTG
4)To Monitor multiple traffic activities of different servers running in the productions


Some of the nescessary files need to create a graphical multi router traffic analysis are the following
LibPNG -libraries to *.png format
Zlib- some addons to graphics
Wget- uploading/downloading programs


Installation of SNMP server

Initially we install the packets needed for SNMP. Yum makes this job a lot easier.Next we make snmpd service to start automatically for the runlevels we want.
# yum install net-snmp-utils net-snmp

And we start the server.

# chkconfig --level 345 snmp

We can see that it is running in port 199.

# service snmpd start

# netstat -natv | grep ':199'

tcp 0 0* LISTEN

SNMP Configuration
We run ‘snmpwalk’ which creates a “tree” of information for our network.
If you see an output like this one you may proceed with the MRTG installation. Else you should make some configuration first.

# snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndex

ip.ipAddrTable.ipAddrEntry.ipAdEntIfIndex. = 1

ip.ipAddrTable.ipAddrEntry.ipAdEntIfIndex. = 2

We keep a backup of snmpd.conf just in case anything goes wrong

# cp /etc/snmp/snmpd.conf /etc/snmp/snmpd.conf.origina

We open it

# nano /etc/snmp/snmpd.conf

find and change this line

com2sec notConfigUser default public

replace by

com2sec local localhost public

com2sec mynetwork public

where we put what our network is
find and change those lines
group notConfigGroup v1 notConfigUser

group notConfigGroup v2c notConfigUser

and replace by

group MyRWGroup v1 local

group MyRWGroup v2c local

group MyRWGroup usm local

group MyROGroup v1 mynetwork

group MyROGroup v2c mynetwork

group MyROGroup usm mynetwor

find and change this lines
view systemview included .

view systemview included .

and replace with this one

view all included .1 8

find and change this line

access notConfigGroup "" any noauth exact systemview none none

with those lines below

access MyROGroup "" any noauth exact all none none

access MyRWGroup "" any noauth exact all all none

Finally,find and change those lines
syslocation Unknown (edit /etc/snmp/snmpd.conf)

syscontact Root (configure /etc/snmp/snmp.local.conf)

with this one (but you can change those with your own settings)

syslocation Linux, CentOS

syscontact Your_name root@localhost

Running SNMP service

We restart the server to take affect of the notices

# service snmpd restart

And we run again

# snmpwalk -v 1 -c public localhost IP-MIB::ipAdEntIfIndex

Now we should see something like that

IP-MIB::ipAdEntIfIndex.10.X.Y.Z = INTEGER: 2

IP-MIB::ipAdEntIfIndex. = INTEGER: 1

Where 10.X.Y.Z is your ip address.

Installing MRTG application

Using yum...

# yum install mrtg

Configuration of our MRTG

We create the folder in which our graphs and html pages will be kept

# mkdir /var/www/html/mrtg/

And we run ‘cfgmaker’ for the configuration file to be created.

# cfgmaker --global "workdir: /var/www/html/mrtg" -ifref=ip --output /etc/mrtg/mrtg.cfg --global 'options[_]: growright,bits' public@localhost

Here you should pay notice to --output /etc/mrtg/mrtg.cfg as long as to public@localhost. With this command we tell MRTG to create a configuration file with the name ‘mrtg.cfg’ for the traffic of our computer (localhost). Instead of localhost you may put the address of any computer you may monitor as long as it runs SNMP.

Next we create our default index page

# indexmaker --output=/var/www/html/mrtg/index.html /etc/mrtg/mrtg.cfg

Configuring Apache To Work With MRTG

MRTG is useful because it can provide a graphical representation of your server's performance statistics via a Web browser.With newer versions of Fedora, Apache automatically reads the add-on files in the /etc/httpd/conf.d/ directory. With Fedora Core 1, you have to specifically configure the Apache configuration file /etc/httpd/conf/httpd.conf to find it. You can do this yourself by inserting this line at the very bottom of the main Apache configuration file before restarting Apache for the change to take effect. With Fedora Core, MRTG creates an add-on configuration file named /etc/httpd/conf.d/mrtg.conf that includes all the necessary Apache commands for MRTG to work.

[root@localhost]# include " /etc/httpd/conf.d/mrtg.cfg

Some configuration may need to be done, because by default MRTG accepts Web requests from the Linux console only. You can add your home network to the file by inserting the network on the Allow from line, or you can allow universal access by commenting out that line along with the Deny from line. This example adds access from the network.

#Alias /mrtg /var/www/mrtg

Order deny,allow
Deny from all
Allow from localhost

If you want to access MRTG from the Internet, then you'll have to comment out the Deny statement and allow from all IP addresses:

#Alias /mrtg /var/www/mrtg

Order deny,allow
Deny from all

Remember to restart Apache once you have made these modifications in order for these changes to take effect.

Compling MRTG configurations

We run the following command

# mrtg /etc/mrtg/mrtg.cfg

ERROR: Mrtg will most likely not work properly when the environmentvariable LANG is set to UTF-8. Please run mrtg in an environmentwhere this is not the case. Try the following command to start:

env LANG=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg

In case you get an error like this;you have to run the above command more than once till it runs without any error. This is normal.
# env LANG=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg

23-02-2007 17:28:53, Rateup WARNING: /usr/bin/rateup Can't remove localhost_2.old updating log file

# env LANG=C /usr/bin/mrtg /etc/mrtg/mrtg.cfg

Finally we open our browser and type


Multiple MRTG clients

The Fedora Core MRTG installation process creates a cron file named /etc/cron.d/mrtg. This file tells the cron daemon to run MRTG using the /etc/mrtg/mrtg.cfg file every five minutes to poll your network devices. You can configure MRTG to poll multiple devices, each with a separate configuration file. Here's how:

1) Create a new configuration file using the steps from the previous section; choose a filename that is not mrtg.cfg.

2) Add a new MRTG line in /etc/cron.d/mrtg for each new configuration file you create.

[root@localhost]# vi /etc/cron.d /mrtg

0-59/5 **** root env LANG=C /usr/bin/mrtg/  etc/mrtg/server1.cfg
0-59/5 **** root env LANG=C /usr/bin/mrtg/ etc/mrtg/server2.cfg
0-59/5 **** root env LANG=C /usr/bin/mrtg/ etc/mrtg/server3.cfg

3) Run the indexmaker command, and include all of your /etc/mrtg configuration files, to regenerate your Web index page.

[root@localhost]# indexmaker --output=/var/www/mrtg/index.html
/etc/mrtg/server1.cfg /etc/mrtg/server2.cfg /etc/mrtg/server3.cfg

4) Other versions of Linux keep their MRTG cron entries inside the /etc/crontab file. Edit this file using the same syntax as the Fedora /etc/cron.d/mrtg file, and then restart the cron daemon to re-read the configuration:

[root@localhost]# service crond restart

You could also create a script with the /usr/bin/mrtg /etc/mrtg/device.cfg entries in it and make cron run it every five minutes. This way you can just edit the script each time you add a device without having to restart cron.

After the modification in our config, let's start snmp and apache

[root@localhost]# service snmpd restart

[root@localhost]# service httpd restart

Again, to see the multiple clients of our MRTG, we open our browser and type


Detail(1) MRTG download site

Detail(2)MRTG Main page

Detail(3)MRTG Weekly Traffic Analysis

Detail(4)MRTG Annual Traffic Analysis