IPTABLES Nat And Manage

IPTABLES Nat And Manage Nat: Network Address translation www.2cto.com SNAT: change source ip DNAT: change destination ip iptable-t nat-L: list PREROUTING: modify target ip dnat-I eh0 OUTPUT: run dnat postrouting on the data packets generated by the local machine: modify Source ip snat-o eth0 one-to-many Java code iptables-t nat-a postrouting-o eth0-s 192.168.0.0/28-j SANT -- to 10.0.1.2008 if the public IP address is not fixed Java code iptables -t nat-a postrouting-o eth0-s 192.168.0.0/24-j MASQUERADE many to many, the prerequisite is that you must have multiple public IP addresses, and it is A continuous Java code iptables-t nat-a postrouting-o etho-s 192.168.0.0/24-j SNAT -- to 10.0.1.200-10.0.1.205 one-to-one NAT each external server in the Intranet has one public IP addresses are used to deploy external servers on the Intranet, provides a safer environment for External Service hosts. For example, the Intranet address of the server is 192.168.0.1, and eth1 of 8 has three IP addresses, start 10.0.1.201, which is the corresponding Internet address of 192.168.0.1, and access the external server from NAT. 8 Java code iptables-t nat-a prerouting-I eth0-d 10.0.1.201-j DNAT -- to 192.168.0.1. this server accesses the Internet, java code iptables-t nat-a postrouting-o eth0-s 192.168.0.1-j SNAT -- to 10.0.1.201 what if not every server on the Intranet has A public IP address ,, we can use ports to differentiate Java code iptables-t nat-a prerouting-I eth0-p tcp -- dport 80-j DNAT -- to 192.168.0.1: 80 iptables-t nat-a PREROUTING-I eth0-p tcp -- dport 443-j DNAT -- to 192.168.0.1: 443 NAT Manage mechanism 1. modify the TTL value for windows: 128 linux: 64 2. modify the DSCP value of an IP packet and set the characteristics of A specific packet. Java code iptables-t mangle-a output-p tcp -- dport 22-j DSCP -- set -- dscp 43