Akihabara news - one of my top-rated gadgets sites
 |
 |
||
|
Last update - 2011116-2242
Home page Interesting things to do with a a Desire Z My Ideal devices and how we can transform the Zaurus or N800 into it. UK Zaurus Users Angstrom Distribution Comparative sizes Squashfs for portable bulk data Downloads Port Knocking SL-6000 Summary SL-6000 Flash SL-6000 Dismantled !UPDATED! I am honoured to provide hosting of files for Cortez: Android Ubuntu nf_conntrack - debugging a linux NAT router Links TomTom and OpenTom 
|
A Tool For Debugging A Linux NAT routerMost people use RFC1918 addresses on their LAN (i.e. 172.16.x.x, 10.x.x.x and 192.168.x.x), these are non-unique and can be used by anyone for any purpose and are not routed over the internet. In fact, most ISPs shouldn't even permit packets with those addresses as source into their networks, either from their peers or their customers. The problem then arises of how hosts on the LAN can communicate with hosts out there in the big world of the internet (WAN - wide area network), given that those hosts would be unable to respond to a host with an unroutable address! Simplistically, there are two answers, one is to use a proxy which carries out tasks on behalf of those hosts (e.g. a web proxy fetches html pages and images etc), the other answer is NAT - network address translation, sometimes also called NAPT - network address port translation. When a NAT router routes packets from the LAN to the WAN, changing the source IP address to its own WAN address, so that the target host will respond to that router; the incoming packet's destination is then rewritten to the host on the LAN and forwarded. In a small way, this is part of the feature of a firewall, a very primitive one at that, because the hosts on the LAN are completely hidden until they connect to a host on the internet. However, this is not a real firewall as the router doesn't exercise any intelligence, but that's a different discussion. Quite a few people use a linux-based router or firewall, you are probably using the "masquerading" or NAT (network address translation function, something like this: iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE In order to fulfil this purpose, the linux kernel maintains a table of source IP and port, destination IP and port, and is made humanly readble via the "file" /proc/net/nf_conntrack. This "file" is very useful but is not particularly easy to read, so a simple web interface was written in perl Simply take the file nf_conntrack, saving it to your firewall's web server's CGI-BIN directory, make it executable, and add a line to your /etc/sudoers file thus: wwwrun ALL= NOPASSWD: /bin/cat /proc/net/nf_conntrackNote that you might need to change wwwrun to nobody or httpd or whatever your web server's processes username. This site currently under construction |
||
 |
 |
||
|
|
||
|
|
|||
|
|
||
This work is licensed under a Creative Commons Attribution-Noncommercial 2.0 UK: England & Wales License.