Public | Automated Build

Last pushed: 2 years ago
Short Description
Short description is empty for this repo.
Full Description

nat44

nat44 is a simple way to configure an hig-end NAT-router with netflow

install from repo

add uninett apt key

add repo to sources.list

update and install

  • apt-get update && apt-get install nat44

install from source

Install git, conntrack and python-ipaddr

  • apt-get install conntrack python-ipaddr git debhelper python-support dialog python-docopt

Note: from debian wheezy you need to install python-docopt via pip install

  • apt-get install python-pip
  • pip install docopt

Clone the git repo

cd to new dir, and edit the nat44.conf (configure your system)

  • cd nat44; nano nat44.conf

install nat44 via make

  • make install

Or install nat44 python library

  • python setup.py install

configure /etc/nat44/nat44.conf

  • vim /etc/nat44/nat44.conf

Usage

First you have to make sure you have the correct settings for nat44.conf (/etc/nat44/nat44.conf), the default config is in /etc/default/nat44.conf

Then you make nat44 configure your linux box to become an nat44 router bassed on your nat44.conf

  • nat44 configure

Everytime you change nat44.conf you have to run nat44 configure, the first time you run nat44 configure it will take some time (compiling modules and snmp).

nat44.conf

intern-if = eth1

  • Internal interface, where you have your rfc1918-network. Those that needs the NATing
    • You can define several interfaces, eth1 eth2 eth3
    • it also supports vlan-tag (8011q) eth1.100 eth1.200 eth1.300

ekstern-if = eth0

  • External interface, connected to that internett.

admin-adresse = 203.0.113.120

  • This is the main public ipaddress of your server

intern-nett = 10.0.0.0/22

  • The internal nettwork, not recomended bigger than /20 (~4000 clients)
    • when using several interfaces, you need 1 network per interface.

intern-gw = 10.0.0.1

  • This is the ipaddress of your internal-interface, the gateway of your NAT clients.
    • when using several interfaces, you ned 1 gateway per interface.

extern-nett = 204.0.113.0/24

  • The external nettwork

eksterne-adresser = 204.0.113.120 204.0.113.121 204.0.113.123 204.0.113.124

  • These are the addresses that we translate the internal-network to.
    • By default you need 1 ipaddress per /24 (~254) clients, this also applies to every subnet.
    • meaning you need 4 external addresses if you have a /22 internal nettwork.
      • notice we use the admin-adresse here aswell. This is optional, but no apparent reason not to use it.
      • pools also acceptable, 204.0.113.120-127 or 204.0.113.120/29. it will allow to many addresses, but not to few.

gateway = 204.0.113.1

  • the gateway towards the rest of that internett

dns = 8.8.4.4 8.8.8.8

  • DNS settings, change em to your dns address(es)

log = netflow

  • ipt-netflow module for loging. set to None for no logging

log_ip = 127.0.0.1

  • what address the netflow-data is sendt to

log_port = 2055

  • sending port for netflow

snmp_key = public

  • default public, this sets snmpd to use the selected comunity_key

NAT-mask = 24

  • default 24, this allows you to increase or decrease the amount of clients per public ipaddress.

rsyslog = None

  • default disabled, you can choose to redirect rsyslog to remote server. specify host:port (rsyslog = 204.0.113.14:513)

dhcp-server = None

  • default disabled, nat44 can configure dhcp for each internal interface. Merly set this to True (dhcp-server = True)

dns-server = None

  • default disabled, nat44 can configure bind9 to serve as dns. Merly set this to True(dns-server = True)

Example config, 3 vlans, 6 public ipaddresses

[global]

internal-if = eth1.100 eth1.200 eth1.300

external-if = eth0

admin-address = 203.0.113.120

internal-network = 10.1.0.0/24 10.2.0.0/24 10.3.0.0/22

internal-gateway = 10.1.0.1 10.2.0.1 10.3.0.1

external-network = 203.0.113.0/24

external-addresses = 203.0.113.120-125

default-gateway = 203.0.113.1

domain = somedomain.com

dns = 8.8.8.8 8.8.4.4

log = netflow

log_ip = 203.0.113.10

log_port = 2059

flow_version = 9

rsyslog = 203.0.113.11:153

dhcp-server = True

dns-server = True

NAT-mask = 24

files that may be used by nat44

nat44

  • /etc/nat44/nat44.conf
  • /etc/nat44/ipt.conf

netflow modul

  • /etc/modules
  • /etc/modprobe.d/ipt_NETFLOW.conf

dhcp-server

  • /etc/default/isc-dhcp-server
  • /etc/dhcp/dhcpd.conf
  • /var/log/dhcp.log
  • /var/lib/dhcp/dhcpd.leases

networking

  • /etc/network/interfaces
  • /etc/network/if-up.d/network

dns

  • /etc/resolv.conf
  • /etc/bind/named.conf
  • /etc/bind/named.conf.options

rsyslog

  • /etc/rsyslog.d/loghost.conf
  • /etc/rsyslog.conf

snmp

  • /usr/local/share/snmp/snmpd.conf
  • /var/log/snmpd.log
Docker Pull Command
Owner
sveinou
Source Repository