IoT Bytes

Bits and Bytes of IoT

Configure Tiny Core Linux as NAT (P-NAT) Router using iptables

Pradeep Singh | 28th Aug 2017

NAT

Network address translation (NAT) is a method of remapping one IP address space into another by modifying network address information in Internet Protocol (IP) datagram packet headers while they are in transit across a traffic routing device.

In this article, we are going to configure P-NAT. Port Network Address Translation or P-NAT, uses a single outside public address and maps multiple inside addresses to it using different port numbers. It is mainly used for Internet connection sharing on a private IP address space.

Following is the reference topology, I am going to use for this article –

NAT_Router

1. Configure Ethernet0 with Static IP Address and DHCP Server Configuration:

Follow the instructions from the following document and configure eth0 with static IP address along with the DHCP Server config using udhcpd –

Configure Tiny Core Linux as DHCP Server using udhcpd

2. Install dnsmasq for DNS Cache:

As you might have noticed in the article used in the first step, we used the IP Address assigned to eth0 as Gateway as well as DNS Server in the DHCP Server configuration file “/etc/udhcpd.conf“. As we don’t have any DNS proxy on our Tiny Core NAT Router as of now, your DHCP clients wouldn’t be able to resolve the DNS names.

To fix this problem, you can either use public DNS IP Addresses such as “8.8.8.8” and “8.8.4.4“; or you can install a lightweight DNS server such as “dnsmasq“.

If you prefer to go with “dnsmasq“, you can install it with the following command –

tce-load -wi dnsmasq

After the installation, you should run dnsmasq service using the following command –

sudo dnsmasq

Note: The “dnsmasq” process would use “/etc/resolv.conf” file for the external DNS server IP addresses. If your WAN interface is getting its IP Adress from an external DHCP Server, “/etc/resolv.conf” file will get auto-populated. However, if you are assigning static IP to your WAN interface, you may have to add the details in this file manually. Following is the sample of my”/etc/resolv.conf” file (these entries should work for you too) 

tc@box:~$ cat /etc/resolv.conf 
search dlinkrouter
nameserver 8.8.8.8
nameserver 8.8.4.4
tc@box:~$ 

3. Enable IP-Forwarding:

Now you need to enable IP Forwarding. It allows the OS to exchange IP Packets between NIC Cards based on their IP Network targets. By default, IP Forwarding is disabled in most of the Linux based operating systems. You can check IP Forwarding status using the following command –

sudo sysctl net.ipv4.ip_forward

Enable IP Forwarding using the following command –

sudo sysctl -w net.ipv4.ip_forward=1

Note: You can also use “cat /proc/sys/net/ipv4/ip_forward” command to check the current status of IP Forwarding. Similarly you can use the command “echo 1 > /proc/sys/net/ipv4/ip_forward” to enable and”echo 0 > /proc/sys/net/ipv4/ip_forward” to disable it.

4. Install iptables:

3.1. Install “iptables” package using the following command –

tce-load -wi iptables

Note: you can also use “tce-ab” command to search and install Tiny Core packages.

5. Enable NAT using iptables:

Enable NAT (PAT) using the following iptables command –

sudo iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

6. Make the Configuration Persistent:

Add the commands to “/opt/bootlocal.sh” so that they can get triggered at the after the system boots up –

sudo echo 'sudo sysctl -w net.ipv4.ip_forward=1' >> /opt/bootlocal.sh
sudo echo 'sudo iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE' >> /opt/bootlocal.sh
sudo echo 'sudo dnsmasq' >> /opt/bootlocal.sh
filetool.sh -b

Following is the sample “/opt/bootlocal.sh” file contents –

tc@box:~$ cat /opt/bootlocal.sh
#!/bin/sh
# put other system startup commands here
/usr/local/etc/init.d/openssh start &
/opt/eth0.sh &
sudo sysctl -w net.ipv4.ip_forward=1
sudo iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
sudo dnsmasq
tc@box:~$

7. Connect the Client Machine and test the P-NAT Connection:

With this your Tiny Core based router is ready. You can connect your client machine with on the Lan network on your Tiny Core based router, and it should be able to browse the internet (On Windows machine you may need to disable firewall in some cases) –

client

Following console output shows the ethernet interface configuration of my Tiny Core P-NAT router –

tc@box:~$ ifconfig
eth0 Link encap:Ethernet HWaddr 00:50:56:8F:9C:DB 
 inet addr:192.168.10.1 Bcast:192.168.10.255 Mask:255.255.255.0
 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
 RX packets:9353 errors:0 dropped:0 overruns:0 frame:0
 TX packets:13906 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:1000 
 RX bytes:899549 (878.4 KiB) TX bytes:18121131 (17.2 MiB)

eth1 Link encap:Ethernet HWaddr 00:50:56:8F:51:A7 
 inet addr:192.168.1.124 Bcast:192.168.1.255 Mask:255.255.255.0
 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
 RX packets:14763 errors:0 dropped:0 overruns:0 frame:0
 TX packets:9529 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:1000 
 RX bytes:18183994 (17.3 MiB) TX bytes:876231 (855.6 KiB)

lo Link encap:Local Loopback 
 inet addr:127.0.0.1 Mask:255.0.0.0
 UP LOOPBACK RUNNING MTU:65536 Metric:1
 RX packets:0 errors:0 dropped:0 overruns:0 frame:0
 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
 collisions:0 txqueuelen:1 
 RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
tc@box:~$

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: