Saturday, March 15, 2014

( NAT vs. Proxy ) - How does IP Masquerade differ from Proxy or NAT services?


Proxy:  Proxy servers are available for: Win95, NT, Linux, Solaris, etc.

            Pro:    + (1) IP address ; cheap
                    + Optional caching for better performance (WWW, etc.)

            Con:    - All applications behind the proxy server must both SUPPORT 
                      proxy services (SOCKS) and be CONFIGURED to use the Proxy 
                      server
                    - Screws up WWW counters and WWW statistics

  A proxy server uses only (1) public IP address, like IP MASQ, and acts  
  as a translator to clients on the private LAN (WWW browser, etc.).
  This proxy server receives requests like TELNET, FTP, WWW, 
  etc. from the private network on one interface.  It would then in turn,
  initiate these requests as if someone on the local box was making the
  requests.   Once the remote Internet server sends back the requested
  information, it would re-translate the TCP/IP addresses back to the 
  internal MASQ client and send traffic to the internal requesting host.  
  This is why it is called a PROXY server.  

  Note:  ANY applications that you might want to use on the 
   internal machines *MUST* have proxy server support 
   like Netscape and some of the better TELNET and FTP 
   clients.  Any clients that don't support proxy servers 
   won't work.

  Another nice thing about proxy servers is that some of them
  can also do caching (Squid for WWW).  So, imagine that you have 50 
  proxied hosts all loading Netscape at once.  If they were installed 
  with the default homepage URL, you would have 50 copies of the same 
  Netscape WWW page coming over the WAN link for each respective computer.  
  With a caching proxy server, only one copy would be downloaded by the 
         proxy server and then the proxied machines would get the WWW page from 
         the cache.  Not only does this save bandwidth on the Internet 
         connection, it will be MUCH MUCH faster for the internal proxied 
         machines.



MASQ:  IP Masq is available on Linux and a few ISDN routers such
 or  as the Zytel Prestige128, Cisco 770, NetGear ISDN routers, etc.
1:Many
 NAT  
  Pro:  + Only (1) IP address needed (cheap)
   + Doesn't require special application support
   + Uses firewall software so your network can become
     more secure

  Con: - Requires a Linux box or special ISDN router
     (though other products might have this..  )
   - Incoming traffic cannot access your internal LAN
     unless the internal LAN initiates the traffic or
     specific port forwarding software is installed.
     Many NAT servers CANNOT provide this functionality.
   - Special protocols need to be uniquely handled by
     firewall redirectors, etc.  Linux has full support
     for this (FTP, IRC, etc.) capabilty but many routers
     do NOT (NetGear DOES). 

  Masq or 1:Many NAT is similar to a proxy server in the sense that the 
  server will perform IP address translation and fake out the remote server 
  (WWW for example) as if the MASQ server made the request instead of an 
  internal machine.  
 
  The major difference between a MASQ and PROXY server is that MASQ servers
  don't need any configuration changes to all the client machines.  Just 
  configure them to use the linux box as their default gateway and everything 
  will work fine.  You WILL need to install special Linux modules for things 
  like RealAudio, FTP, etc. to work)!  

  Also, many users operate IP MASQ for TELNET, FTP, etc. *AND* also setup a 
  caching proxy on the same Linux box for WWW traffic for the additional 
  performance.


NAT:  NAT servers are available on Windows 95/NT, Linux, Solaris, and some 
  of the better ISDN routers (not Ascend)  

  Pro:  + Very configurable
   + No special application software needed

  Con: - Requires a subnet from your ISP (expensive)

  Network Address Translation is the name for a box that would have a pool of 
  valid IP addresses on the Internet interface which it can use.  Whenever the
  Internal network wanted to go to the Internet, it associates an available 
  VALID IP address from the Internet interface to the original requesting 
  PRIVATE IP address.  After that, all traffic is re-written from the NAT 
  public IP address to the NAT private address.  Once the associated PUBLIC 
  NAT address becomes idle for some pre-determined amount of time, the 
  PUBLIC IP address is returned back into the public NAT pool.  

  The major problem with NAT is, once all of the free public IP addresses are
  used, any additional private users requesting Internet service are out of
  luck until a public NAT address becomes free.
 
source: 
http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/what-is-masq.html

What is IP Masquerade ???

IP Masquerade is a networking function in Linux similar to the one-to-many (1:Many) NAT (Network Address Translation) servers found in many commercial firewalls and network routers. For example, if a Linux host is connected to the Internet via PPP, Ethernet, etc., the IP Masquerade feature allows other "internal" computers connected to this Linux box (via PPP, Ethernet, etc.) to also reach the Internet as well. Linux IP Masquerading allows for this functionality even though these internal machines don't have an officially assigned IP address.

MASQ allows a set of machines to invisibly access the Internet via the MASQ gateway. To other machines on the Internet, the outgoing traffic will appear to be from the IP MASQ Linux server itself. In addition to the added functionality, IP Masquerade provides the foundation to create a HEAVILY secured networking environment. With a well built firewall, breaking the security of a well configured masquerading system and internal LAN should be considerably difficult to accomplish. 

source:
http://www.tldp.org/HOWTO/IP-Masquerade-HOWTO/ipmasq-background2.1.html

Saturday, January 25, 2014

installing nvidia display driver on EL6

this is tutorial to install nvidia display driver on enterprise linux

*all of the command must be executed as root user
 1. check the nvidia product type
lspci -nn | grep VGA

here you will have the infomation what proprietary driver you should download from www.nvidia.com site.

2. install the Development Tools group packages, kernel headers, kernel devel, and dkms
yum groupinstall "Development Tools"
yum install dkms kerne-devel kernel-headers

3. disable the nouveau driver using your text editor
vim /etc/modprobe.d/blacklist.conf

#add this line
blacklist nouveau

4. go to /boot directory make a copy of initramfs file
cd /boot
mv initramfs-$(uname -r).img initramfs-$(uname -r).img.bak

5. proceed to create new initramfs file
dracut -v initramfs-$(uname -r).img $(uname -r)

6. change inittab to start the system with no X11
vim /etc/inittab
change runlevel to 3

7. restart the system
reboot

8. login in command line as root, run the script to install the driver
./NVIDIA-Linux*.run
follow the information shows, wait until it completed

9. generate the xorg.conf by typing
X -configure

10. copy xorg.conf.new to /etc/X11/xorg.conf
cp xorg.conf.new /etc/X11/xorg.conf

11. change the default runlevel to 5 and then restart your system
vim /etc/inittab
reboot

 

Friday, January 24, 2014

how to install GIGABYTE ethernet driver for linux

in our tour of duty, we are facing another case where the ethernet device on motherboard didn't recognize by linux kernel. here are the specification :

motherboard  :
GIGABYTE G41MT-S2PT

linux operating system : 
Scientific Linux 6.0

another enterprise-based linux (centos, oracle linux) will works (i hope).
we have try with fedora 14, but it didn't recognize the device and the driver is not available yet.

fortunate we have found the driver in binary (RPM package). first download the package file from the following links :

i386 driver :
kmod-atl1e-1.0.1.14-1.el6.elrepo.i686.rpm

x86_64 driver :
kmod-atl1e-1.0.1.14-1.el6.elrepo.x86_64.rpm

step 1
install the package by typing  (as root)
rpm -ivh kmod-atl1e... .rpm

step 2
change directory to /etc/sysconfig/, please check whether there is a file called network, if there isn't create new file with your favourite text editor.

cd /etc/sysconfig/
vim network

the content of network file :
NETWORKING=yes
HOSTNAME=(yourhostname.yourdomain)

step 3
execute the command to load module to the kernel :
modprobe atl1e

step 4
execute the command to activate the service :
service NetworkManager restart

that's it folks! now your network interface is ready and you may configure your computer IP's through your NetworkManager or network service.


Saturday, April 27, 2013

about systemd: how to change default runlevel (previously using inittab)

systemd does not use /etc/inittab file to change the default runlevel.
systemd uses symlinks to point to the default runlevel. You have to delete the existing symlink first before creating a new one.
# rm /etc/systemd/system/default.target

example to switch to runlevel 3 :
# ln -sf /lib/systemd/system/multi-user.target /etc/systemd/system/default.target
next example if you want to switch to run level 5 :
# ln -sf /lib/systemd/system/graphical.target /etc/systemd/system/default.target

another options that may apply :
poweroff.target --> runlevel 0
rescue.target    --> runlevel 1
multi.user.target --> runlevel 2,3,4
graphical.target --> runlevel 5
reboot.target --> runlevel 6

source:
http://fedoraproject.org/wiki/Systemd