friedkiwi/ibm-information-center
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
14ed2849c6
ibm-information-center/dist/eclipse/plugins/i5OS.ic.rzalm_5.4.0.1/rzalmnat.htm

144 lines
9.6 KiB
HTML
Raw Blame History

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html
PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<meta name="security" content="public" />
<meta name="Robots" content="index,follow" />
<meta http-equiv="PICS-Label" content='(PICS-1.1 "http://www.icra.org/ratingsv02.html" l gen true r (cz 1 lz 1 nz 1 oz 1 vz 1) "http://www.rsac.org/ratingsv01.html" l gen true r (n 0 s 0 v 0 l 0) "http://www.classify.org/safesurf/" l gen true r (SS~~000 1))' />
<meta name="DC.Type" content="task" />
<meta name="DC.Title" content="Network Address Translation (NAT)" />
<meta name="abstract" content="NAT can route traffic between your logical partition and the external network using virtual Ethernet." />
<meta name="description" content="NAT can route traffic between your logical partition and the external network using virtual Ethernet." />
<meta name="copyright" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Rights.Owner" content="(C) Copyright IBM Corporation 1998, 2006" />
<meta name="DC.Format" content="XHTML" />
<meta name="DC.Identifier" content="rzalmnat" />
<meta name="DC.Language" content="en-us" />
<!-- All rights reserved. Licensed Materials Property of IBM -->
<!-- US Government Users Restricted Rights -->
<!-- Use, duplication or disclosure restricted by -->
<!-- GSA ADP Schedule Contract with IBM Corp. -->
<link rel="stylesheet" type="text/css" href="./ibmdita.css" />
<link rel="stylesheet" type="text/css" href="./ic.css" />
<title>Network Address Translation (NAT)</title>
</head>
<body id="rzalmnat"><a name="rzalmnat"><!-- --></a>
<!-- Java sync-link --><script language="Javascript" src="../rzahg/synch.js" type="text/javascript"></script>
<h1 class="topictitle1">Network Address Translation (NAT)</h1>
<div><p>NAT can route traffic between your logical partition and the external
network using virtual Ethernet.</p>
<div class="p"><p>This particular form of NAT is called static NAT, and it will allow
both inbound and outbound IP traffic to and from the logical partition. Other
forms of NAT like masquerade NAT would also work if your logical partitions
do not need to receive traffic initiated by external clients. Like the TCP/IP
Routing and Proxy ARP methods, you can take advantage of your existing i5/OS<sup>®</sup> network
connection. Since you will be using IP Packet rules, you must use iSeries™ Navigator
to create and apply your rules. </p>
<p>The following illustration is an example
of using NAT to connect your logical partition to an external network. The
10.1.1.x network represents an external network while the 192.168.1.x network
represents the virtual Ethernet LAN.</p>
<br /><img src="rzalm502.gif" alt="Illustrated example of NAT." /><br /><p> In this pre-V5R3 example,
any existing TCP/IP traffic for the iSeries hosting partition runs over the
10.1.1.2 interface. Since this is a static map scenario, the inbound traffic
gets translated from the 10.1.1.3 interface to 192.168.1.1 interface. The
outbound traffic gets translated from the 192.168.1.1 interface to the external
10.1.1.3 interface. The logical partition uses the virtual interface (192.168.1.1)
and its own 192.168.1.5 interface to communicate with the server.</p>
</div>
<div class="section">To make static NAT work, you need to first set up your i5/OS and Linux
TCP/IP communications. Then you will create and apply some IP Packet rules.
Use the following procedure:</div>
<ol><li class="stepexpand"><span>During the configuration of your logical partition, make sure you
selected to create virtual Ethernet. </span> This is described in Configure
a logical partition.</li>
<li class="stepexpand"><span><a href="rzalmconfigvirtuallan.htm">Create an Ethernet line description for virtual Ethernet</a>. Note
the port of the hardware resource, because you will need it when you set up
TCP/IP in your logical partition. </span> In the case of the above example,
assume the hardware resource is CMN05 with a port of 0 and although arbitrary,
the line description name is VETH0. <var class="varname">CRTLINETH LIND(VETH0) RSRCNAME(CMN05)
LINESPEED(1G) DUPLEX(*FULL)</var></li>
<li class="stepexpand"><span>Add a TCP/IP Interface for your virtual line description. </span> Following the example, you could use: <var class="varname">ADDTCPIFC INTNETADR('192.168.1.1')
LIND('VETH0') SUBNETMASK ('255.255.255.0')</var><p>Start your new TCP/IP
interface using the command <kbd class="userinput">STRTCPIFC INTNETADR(<var class="varname">yourIPaddress</var>)</kbd> or <kbd class="userinput">STRTCPIFC
INTNETADR('192.168.1.1')</kbd>, for the example.</p>
</li>
<li class="stepexpand"><span>On your logical partition, set up networking using the instructions
or tools provided by your Linux distribution. </span> Be sure to use the
correct IP address, subnet mask, port from step 2, and gateway IP address.<p>During
the TCP/IP setup in Linux, you will need to know your net or network device.
If you are running a 32-bit kernel version of 2.4.9 or less, the network device
is VETH plus the port number from when you configured an Ethernet line description.
If you are running a 64-bit kernel or a 32-bit kernel greater than or equal
to 2.4.10, the network device is ETH plus the port number. See <a href="rzalmconfigvirtuallan.htm">Create an Ethernet line description for virtual Ethernet</a> for more information. In the example:</p>
<ul><li>the interface IP address is 192.168.1.5</li>
<li>the subnet mask is 255.255.255.0</li>
<li>the gateway IP address is 10.1.1.3</li>
<li>the network device is VETH0 or ETH0 depending on the kernel version</li>
</ul>
</li>
<li class="stepexpand"><span>Create another TCP/IP interface that connects to the external network. </span> It should use the same line description as your existing external TCP/IP
interface. This interface will eventually perform the address translation
for your partition. Check to make sure your new interface communicates with
the external LAN properly. In the case of the example, this interface has
an IP address of 10.1.1.3 on a line description called <kbd class="userinput">ETHLINE</kbd>.</li>
<li class="stepexpand"><span>Start the external TCP/IP interface.</span> <kbd class="userinput">STRTCPIFC
INTNETADR('10.1.1.3')</kbd></li>
<li class="stepexpand"><span>You should now verify that your virtual Ethernet connection works.
From the logical partition, ping the Linux gateway and from i5/OS, ping
the logical partition. If the ping is successful, continue.</span></li>
<li class="stepexpand"><span>Turn on IP datagram forwarding. </span> This allows the i5/OS TCP/IP
interfaces to pass IP packets between each other. <kbd class="userinput">CHGTCPA IPDTGFWD(*YES)</kbd></li>
<li class="stepexpand"><span>Connect to the server with iSeries Navigator. You must not connect
to the server with the NAT interface that you just created.</span></li>
<li class="stepexpand"><span>Navigate your way to Packet Rules.</span> Use the Packet Rules
interface to write at least three rules to enable static NAT. You need to
create two New Defined Address rules and a New Mapped Address rule.<ol type="a"><li class="substepexpand"><span>In the Packet Rules window, create a new rules file by selecting
New File from the File menu.</span></li>
<li class="substepexpand"><span>In the <span class="uicontrol">New Rules file</span> menu, right-click
on <span class="uicontrol">Defined Addresses</span> and select <span class="uicontrol">New Defined
Address</span>.</span></li>
<li class="substepexpand"><span>Enter an Address name, the IP address of the logical partition,
and a type of Trusted. For the example, you would enter:</span> <ul class="simple"><li>Address Name = LINUXPART</li>
<li>Defined Address = IP Address where your IP address equals 192.168.1.5</li>
<li>Type = Trusted</li>
</ul>
</li>
<li class="substepexpand"><span>In the <span class="uicontrol">New Rules file</span> menu, right-click
on <span class="uicontrol">Defined Addresses</span> and select <span class="uicontrol">New Defined
Address</span>.</span></li>
<li class="substepexpand"><span>Enter an Address name, the IP address of the logical partition,
and a type of Border. For the example, you would enter:</span> <ul class="simple"><li>Address Name = SHELL</li>
<li>Defined Address = IP Address where your IP address equals 10.1.1.3</li>
<li>Type = Border</li>
</ul>
</li>
<li class="substepexpand"><span>Expand the <span class="uicontrol">Address Translation</span> menu item
from the New Rules file menu window.</span></li>
<li class="substepexpand"><span>Right-click on <span class="uicontrol">Mapped Addresses</span> and select <span class="uicontrol">New
Mapped Address</span>.</span></li>
<li class="substepexpand"><span>Enter the Mapped address name, the To address name, and the
line name. </span> You can leave the Journaling set to off. For the example,
you would enter:<ul class="simple"><li>Mapped address name = LINUXPART</li>
<li>To Address name= SHELL</li>
<li>Line = ETHLINE</li>
<li>Journaling = OFF</li>
</ul>
</li>
<li class="substepexpand"><span>Verify your rules by selecting <span class="uicontrol">Verify</span> under
the File menu.</span></li>
<li class="substepexpand"><span>Save your rules file.</span></li>
<li class="substepexpand"><span>Upon successful verification, select <span class="uicontrol">Activate</span> from
the file menu. </span> Your static NAT rules are now active.</li>
</ol>
</li>
</ol>
<div class="section">To test outbound communications, ping an external host from your logical
partition. Then from that external host, ping your logical partition to test
inbound communications.</div>
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink