Hello folks, nice jotting again; I don't know if I would include this article until I needed it applications.How can I put external IP address with in my LAN so I must also have a local address.Simple NAT configurations will solve my problem with a little ease. It is because I am going to setup a live Asterisk VoIP Server one public and another one internal/private address.Public IP for WAN and Private address for my clients to get connected in the server.
A simple Network Address Translation will be doing the tweaking after I prepared a twon NIC (Ehternet) machine ofcourse running in CentOS -(common OS for Asterisk Telephony). I have encountered some issues with SIP to NAT but it can be done easy in SIP trunking configurations, and besides that IAX are much better in avoiding this NAT traversal configuration .
SO , I hope that there will be another applications yuo can use with NAT servering.
To use NAT in Asterisk WAN to LAN IP addressing
To be able to configure NAT traversal in some VoIP protocols (IAX,SIP,H323)
To learn NAT howto (NAT servering)
1. Hardware server with 2 (two) network interface cards (NICs).
2. Any Linux distribution (get more information at DistroWatch.com).
3. Linux kernel with networking and iptables support.
4. iptables package (you can find latest release at NetFilter's Download page).
aa.aa.aa.aa is Wide Area Network (WAN) IP address (bb.bb.bb.bb is WAN netmask).
cc.cc.cc.cc is LAN IP address (e.g. 192.168.0.1 or 10.0.0.1), dd.dd.dd.dd is LAN netmask (e.g. 255.255.255.0).
ee.ee.ee.ee is default gateway for Internet connection.
eth0 is hardware name of the NIC connected to WAN base.
eth1 is name of LAN connected NIC.
Step-by-step set up
1. Apply two NICs to hardware server.
2. Verify that both NICs are recognized by Linux well and are fully workable:
|# dmesg | grep eth0 |
# dmesg | grep eth1
the output may vary but in most cases it would be like following one:
eth1: RealTek RTL8139 at 0xe0830000, 00:30:4f:3b:af:45, IRQ 19
eth1: Identified 8139 chip type 'RTL-8100B/8139D'
eth0: link up, 100Mbps, full-duplex, lpa 0x41E1
Similar output should be for eth0 NIC.
To verify that NICs are recognized by Linux as networking devices use the following commands:
|# ifconfig eth0 |
# ifconfig eth1
In case of success the output will be as follows:
# eth0 Link encap:Ethernet HWaddr 00:50:56:C0:00:08
inet6 addr: fe80::250:56ff:fec0:8/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:41 errors:0 dropped:0 overruns:0 carrier:0
RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
You can find full manual page for ifconfig command here.
3. Configure WAN interface (eth0) to get Internet connection:
ifconfig eth0 aa.aa.aa.aa netmask bb.bb.bb.bb
|# ifconfig eth0 220.127.116.11 netmask 255.255.255.248 |
WAN IP address and netmask should be provided by your ISP.
4. Set up WAN NIC settings to apply after server start up.
Configuration files containing NIC settings may have different syntax and location in various distributions. For such distributions as RedHat, Fedora, Centos and similar ones eth0 configuration file is at /etc/sysconfig/network-scripts/ifcfg-eth0. In Debian, Ubuntu NIC settings are located at single file /etc/network/interfaces.
To edit configuration files use any preferred text editor like vim, GNU nano or any other.
After editing /etc/sysconfig/network-scripts/ifcfg-eth0 should look as follows:
IPADDR=aa.aa.aa.aa # e.g. 18.104.22.168
NETMASK=bb.bb.bb.bb # e.g. 255.255.255.0
GATEWAY=ee.ee.ee.ee # e.g. 22.214.171.124
HWADDR=00:30:4f:3b:af:45 # MAC address (optional entry)
After making changes to /etc/network/interfaces section regarding eth0 NIC should looks like:
iface eth0 inet static
Related links: detailed syntax description of /etc/sysconfig/network-scripts/ifcfg-ethN, manual page of /etc/network/interfaces.
5. Set up LAN NIC settings to apply after server start up. This step requires operations similar to previous step.
Edit /etc/sysconfig/network-scripts/ifcfg-eth1 and make sure that it looks like:
IPADDR=cc.cc.cc.cc # e.g. 192.168.0.1
NETMASK=dd.dd.dd.dd # e.g. 255.255.255.0
HWADDR=00:50:8d:d1:24:db # MAC address of LAN NIC (optional entry)
If you are using Debian or related Linux distribution, edit /etc/network/interfaces (see previous step):
iface eth1 inet static
6. Set up Domain Name System servers IP addresses by editing /etc/resolv.conf:
7. Enable IP Forwarding:
|# echo 1 > /proc/sys/net/ipv4/ip_forward |
8. Set up NAT with iptables:
To delete existing rules from every iptables table, execute the following commands:
#iptables -t nat -F
#iptables -t mangle -F
Related links: official iptables documentation.
Enable NAT by commands:
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
# iptables -A FORWARD -i eth1 -j ACCEPT
8. Configure LAN clients to access Internet via described gateway:
Use clients' operating system tools to set up the following TCP/IP settings:
IP address: from the same network as cc.cc.cc.cc (you can use IP/Subnet calculator to get it)
IP address: 192.168.0.7