Linux Learning (29) Iptables (iii) Application of NAT table

Demand

A machine can access the external network, B machine and a machine in the same intranet, now let B machine through a machine to access the external network.

Steps

1. Add a NIC to the virtual machine.

If there is no segment name, click the ' LAN segment (S) ... ' button to create a new one.

The 2.IFCONFIG-A command can see the newly added network card that has not been enabled:

[Email protected] ~]# ifconfig-Aeth1 Link encap:ethernet HWaddr 00:0c:29:ac:cc:56inet addr:192.168.182.130 bcast:192.168.182.255 mask:255.255.255.0Inet6 ADDR:FE80::20C:29FF:FEAC:CC56/64Scope:link up broadcast RUNNING multicast mtu:1500 metric:1 RX packets:1546 errors:0 dropped:0 overruns:0 frame:0  TX packets:1187 errors:0 dropped:0 overruns:0 carrier:0  collisions:0 txqueuelen:1000  RX bytes:157665 (153.9 KiB) TX bytes:168997 (165.0  KiB) eth2 Link Encap:ethernet HWaddr 00:0c:29:ac:cc:60  Broadcast multicast mtu:1500 metric:1  RX packets:0 errors:0 dropped: 0 overruns:0 frame:0  TX packets:0 errors:0 dropped:0 overruns:0 carrier:0  collisions:0 txqueuelen:1000  RX bytes:0 (0.0 b) TX bytes:0 (0.0  B) Lo Link encap:local Loopback inet addr:127.0.0.1 mask:255.0.0.0  inet6 addr::: 1/128  scope:host up LOOPBACK RUNNING mtu:16436 metric:1  RX packets:18 errors:0 dropped:0 overruns:0 frame:0  TX packets:18 errors: 0 dropped:0 overruns:0 carrier:0  collisions:0 txqueuelen:0  RX bytes:1512 (1.4 KiB) TX bytes:1512 (1.4 KiB)                 

3. Configure the NIC eth2:

Type=ethernetdevice=eth2onboot=yesbootproto=staticipaddr=192.168.100.1netmask= 255.255.255.0hwaddr=00:0c:29:ac:cc:60     

4. Run on Machine A:

echo "1" >/proc/sys/net/ipv4/ip_forward

Turn on IP forwarding.

5. Add a rule on the A machine:

Iptables-t nat-a postrouting-s 192.168.100.0/24-o eth2-j Masquerade

6. Configure the B machine to the same "LAN segment", set the IP to 192.168.100.2, and the gateway to 192.168.100.1.

Demand

Landing the B machine with Xshell.

Step one: A machine opens route forwarding

[root@localhost ~]# echo "1" > /proc/sys/net/ipv4/ip_forward

Description: The command is to change kernel settings, turn on route forwarding, and the default value is 0.

Step Two: Add 2 rules to the NAT table of a machine (clear NAT table rules before performing this step)

Rule 1:

[[Email protected]~]#Iptables-TNat-APrerouting-D192. 168. 8. -p tcp --dport  1122 -j DNAT --to  192. 168. 100. 100:22                

Rule 2:

[root@localhost ~]# iptables -t nat -A POSTROUTING -s 192.168.100.100 -j SNAT --to 192.168.8.125

This experiment has failed ... Look at it later, try your best ...

Backup

# service iptables save 

/etc/sysconfig/iptables//Where to save by default

Specify a backup location

[[email protected] ~]# iptables-save >/tmp/ipt.txt[[email protected] ~]# cat/tmp/ipt.txt# Generated by Iptables-save v1.4.21 on Fri Dec 1 21:16:41 2017*filter:input DROP [9:702]:forward Accept [0:0]:output Accept [262:26184]-AInput-p icmp-m ICMP--icmp-type8-jdrop-Ainput-m State--state related,established-j accept-A input-s 192.168.  8.0/24-p tcp-m tcp--dport 22-j accept-A input-p tcp-m tcp--dport 80-j accept-
                            
                             a 
                             input-p tcp-m TCP--dport 21-j acceptcommit# completed on  Fri Dec 1 21:16:41 /c17>
                                          

Rules for recovering backups

[root@localhost ~]# iptables-restore < /tmp/ipt.txt

Linux Learning (29) Iptables (iii) Application of NAT table