===== IPtables notes =====

http://www.netfilter.org/

==== NAT/DHCP/10.x.x.x ====

tested with linux2.6.0-pre4


add another interface...

<file>
# Add alias to interface on eth0 (to share a single ethernet port)
ifconfig eth0:0 10.0.0.1 netmask 255.0.0.0
</file>

add routing details


nat/masquerading

<file>
# Load the NAT module (this pulls in all the others).
modprobe iptable_nat

# In the NAT table (-t nat), Append a rule (-A) after routing
# (POSTROUTING) for all packets going out eth0 (-o eth0) which says to
# MASQUERADE the connection (-j MASQUERADE).
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
</file>

(or source nat...)
<file>
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 192.168.254.x
</file>

<file>
# Turn on IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward

# Forward between ports if not using aliases
iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
</file>

and configure dhcp...

<file>
# Sample /etc/dhcpd.conf
default-lease-time 600000;
max-lease-time 7200000;

subnet 10.0.0.0 netmask 255.0.0.0 {
  range 10.0.0.2 10.0.0.254;
  option subnet-mask 255.0.0.0;
  option broadcast-address 10.0.0.255;
  option routers 10.0.0.1;
  option domain-name-servers 195.238.2.21, 195.238.2.22;
}

host wonk {
  hardware ethernet 08:00:2b:4c:59:23;
  fixed-address 10.0.0.22;
}
</file>

start dhcp server...


on [[GNU Linux]]

<file>
# test it first with "/usr/sbin/dhcpd eth0:0 -d -f"
/usr/sbin/dhcpd eth0:0
</file>


on [[OsX]]  or [[BSD]]

<file>
# test it first with"/usr/sbin/dhcpd -d en0"
/usr/sbin/dhcpd en0
</file>

programming/tuning notes
  * see also [[Socket Programming]]
  * realtime UDP > http://www.rts.uni-hannover.de/rtnet/
  * tuning TCP for perfomance > http://dsd.lbl.gov/TCP-tuning/TCP-tuning.html