IP Forwarding
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> Hey, Cybrarians and welcome back to
00:00
the Linux plus course here at Cybrary.
00:00
I'm your instructor Rob Goelz,
00:00
and in today's lesson, we're going to be
00:00
talking about IP Forwarding.
00:00
Upon completion of this lesson,
00:00
you are going to be able to understand
00:00
when IP forwarding needs to be enabled.
00:00
We're also going to differentiate between
00:00
the types of net that are available.
00:00
Then we're going to see how we can set up
00:00
IP forwarding in the kernel.
00:00
Packet Forwarding is used in
00:00
Linux for a couple of different reasons.
00:00
For one thing, we might allow Linux to forward packets
00:00
from one interface out through another interface.
00:00
This is generally done when we're trying to send
00:00
packets to a remote host on another network interface.
00:00
You do this when you have multiple interfaces.
00:00
You're accepting traffic in on one type of
00:00
networking is going out a different network entirely.
00:00
You're essentially acting as a bridge.
00:00
We can also allow Linux perform
00:00
network address translation or masquerading.
00:00
We'll talk more about this in this next slide.
00:00
There are actually three different types of
00:00
network address translation that
00:00
we need to know about for the exam.
00:00
There's Destination NAT.
00:00
This is used for servers that are
00:00
living behind a firewall,
00:00
but they still need to have external access
00:00
and destination NAT rules
00:00
live in the pre routing filter point
00:00
or chain when we're talking about IP tables.
00:00
Now source NAT sends all
00:00
network Internet traffic three single external IP.
00:00
This is what we think about when we talk
00:00
about NAT in general.
00:00
We have a static internal address
00:00
mapped to a single machine with SNAT.
00:00
SNAT rules live in
00:00
the Postrouting filter point or chain with IP tables.
00:00
There's also this concept of masquerade.
00:00
Now, masquerade is SNAT but it's used
00:00
with dynamically assigned private IP addresses.
00:00
These are private IP addresses that you're getting on
00:00
your internal network and maybe you're getting these
00:00
dynamically assigned for DHCP.
00:00
All external access is still mapped to
00:00
a single machine with masquerade.
00:00
Masquerade rules also live in
00:00
that Postrouting filter point or chain in IP tables.
00:00
Now if we want to enable IP forwarding,
00:00
we actually have to do that in the kernel.
00:00
Remember when we're talking about doing
00:00
firewall stuff with kernel is
00:00
going to involve net filter.
00:00
The way that we can do this,
00:00
enabling the kernel is by
00:00
modifying the Proc File System,
00:00
or we can use system CTL to do
00:00
this command and take some of the load off of us.
00:00
If we were actually going to use this by modifying,
00:00
the Proc File System,
00:00
we could do this for IPV4 by echoing one into
00:00
proc sys new IPV4, IP_4.
00:00
Or we can say sysCTL dash W net dot i IPv4,
00:00
IP_ forward equals 1.
00:00
Cause forward 1,
00:00
one is on zero is off.
00:00
IPV6 very similar, same thing
00:00
for saying this in the Proc File System,
00:00
we would just echo a one into
00:00
>> the same location but to be
00:00
>> proc sys new IPV6, IP4 instead IPV4.
00:00
But the sysCTL commands a little different,
00:00
we do sysCTL dash w and then net
00:00
IPV6.coft dot all dot forwarding equals 1.
00:00
With that, we've reached the end of this lesson.
00:00
In this lesson, we covered when
00:00
IP forwarding needs to be enabled.
00:00
We talked about the different types of NAT available.
00:00
Then we talked about how to set up
00:00
IP forwarding in the kernel.
00:00
Thanks so much for being here and I look
00:00
forward to seeing you in the next lesson.
Up Next
Instructed By
Similar Content
