Natlog. For this exercise you must again be root. Login and obtain root privileges:

Transcription

1 1 For this exercise you must again be root. Login and obtain root privileges: sudo su Caveat: this exercise requires at least one computer with two network interfaces.

2 2 Make sure natlog is installed First install the conntrack daemon: aptitude install conntrackd Next install natlog due to the debian freeze natlog is only available in its unstable (sid) distribution. If necessary update and install or install the version I brought. Try to install the dependencies from your current distribution first. Upgrade if necessary.

3 3 Reconfigure your system: Allow forwarding in /etc/sysctl.conf: net.ipv4.ip_forward=1 and do: /etc/init.d/procps restart In /etc/network/interfaces: add the 2nd interface, and do: auto eth1 iface eth1 inet static address netmask broadcast /sbin/ifup eth1

4 4 Reconfigure iptables: Allow forwarding Use source natting for a host / hosts in the network

5 5 Reconfigure iptables: Allow forwarding in /etc/iptables/rules: iptables P FORWARD ACCEPT

6 6 Reconfigure iptables: Use source nat (post routing) for hosts in the network: assuming iface eth0 is used in /etc/iptables/rules: # at the top: iptables table nat flush iptables table nat delete chain # define the rule: iptables t nat A POSTROUTING s /24\ o eth0 j SNAT to source our ip addr # optionally: at the bottom iptables table nat list POSTROUTING

7 7 Configure : /etc/default/natlog: set START=yes DAEMON_ARGS="conntrack" /etc/natlog.conf: probably no further configuration required Let rsyslogd (rsyslog.conf) write the natlog logs to /var/log/natlog.log

8 8 Start : /etc/init.d/natlog start Now connect to the Internet from a x host and watch /var/log/natlog.log tail f /var/log/natlog.log

9 1 For this exercise you must again be root. Login and obtain root privileges: sudo su Caveat: this exercise requires at least one computer with two network interfaces.

10 2 Make sure natlog is installed First install the conntrack daemon: aptitude install conntrackd Next install natlog due to the debian freeze natlog is only available in its unstable (sid) distribution. If necessary update and install or install the version I brought. Try to install the dependencies from your current distribution first. Upgrade if necessary.

11 3 Reconfigure your system: Allow forwarding in /etc/sysctl.conf: net.ipv4.ip_forward=1 and do: In /etc/network/interfaces: add the 2nd interface, and do: auto eth1 iface eth1 inet static address netmask broadcast /etc/init.d/procps restart /sbin/ifup eth1

12 4 Reconfigure iptables: Allow forwarding Use source natting for a host / hosts in the network

13 5 Reconfigure iptables: Allow forwarding in /etc/iptables/rules: iptables P FORWARD ACCEPT

14 6 assuming iface eth0 is used Reconfigure iptables: Use source nat (post routing) for hosts in the network: in /etc/iptables/rules: # at the top: iptables table nat flush iptables table nat delete chain # define the rule: iptables t nat A POSTROUTING s /24\ o eth0 j SNAT to source our ip addr # optionally: at the bottom iptables table nat list POSTROUTING

15 7 Configure : /etc/default/natlog: set START=yes DAEMON_ARGS="conntrack" /etc/natlog.conf: probably no further configuration required Let rsyslogd (rsyslog.conf) write the natlog logs to /var/log/natlog.log

16 8 Start : /etc/init.d/natlog start Now connect to the Internet from a x host and watch /var/log/natlog.log tail f /var/log/natlog.log