IP Masquerade Explained

IP Masquerade Explained

IP Masquerade is also known as Network Address Translation (NAT) and Network Connection Sharing some other popular operating systems. It is basically a method for allowing a computer that doesn't have a public Internet wide IP address communicate with other computers on the Internet with the help of another computer sitting inbetween it and the Internet.

As you know IP address are used on the Internet to identify machines. Given a packet with an IP address, every router that makes up the Internet knows where to send that packet to get it to its destination. Now, there are also a few ranges of IP addresses that have been reserved for private use inside Local Area Networks and other networks that are not directly connected to the Internet. These private addresses are guaranteed not to be in use on the public Internet.

This causes problems for machines that are connected to private networks are use private IP addresses, because they can't be connected directly to the Internet. They don't have an IP address that is allowed to be used on the public Internet. IP Masquerade solves this problem by allowing a machine with a private IP address to communicate with the Internet, while at the same time modifying the machine's packets to use a valid public IP address instead of the original private IP address. Packets returning from the Internet are modified back to use the original IP address before reaching private IP machine.


IP Masquerade

In the diagram above all of the machines on the LAN are using the 192.168.1.x private IP address range. None of the these machines can communicate directly via the Internet. The machine running Guidedog is acting as a gateway between the LAN and the Internet. It is a part of the LAN (192.168.1.1) and also has a public IP address (4.3.2.1). Guidedog makes it possible for the machines in the LAN to communicate via the Internet, by performing IP Masquerade. Packets from machines on the LAN going to machines on the Internet, such as the packet from 192.168.1.3 destined for 5.6.7.8, are modified by Guidedog to use the public IP address of the gateway (4.3.2.1). When packets from the Internet reach the gateway, Guidedog and detect if they are actually intended for a machine inside the LAN. Guidedog then modifies the packet to use the address from the LAN machine and then sends the packet on to its final destination.

It is important to note that Guidedog needs to be running on the gateway machine, and all of the machines in the LAN need to be configured to use the gateway machine as the gateway for all packets destined for the Internet. Otherwise Guidedog can't modify and send the packets to their destination on the Internet.

KDE Logo