Today, encountered a problem: LAN has 5 machines, only one public network IP. The demand now is that 5 machines must be able to access the extranet. What can be done about it. Of course, it's using Snat. That said, however, in the allocation of time, unexpectedly toss for half a day. Here's a good summary:
Scenario Description: The IP address of 5 machines in LAN is
192.168.180.121-node1
192.168.180.122-node2
192.168.180.123-node3
192.168.180.124-node4
192.168.180.125-node5
Each machine has 2 network cards (eth0 and eth1), we give the above 5 LAN IP is configured in each machine eth0 this network card above.
In addition, we will node1 the ETH1 network card on this machine to configure an extranet IP (119.75.218.76).
Turn on the IPv4 forwarding function of the Node1 machine:
Echo 1 >/proc/sys/net/ipv4/ip_forward
(It is because of this forgotten, toss for a long time.) )
Also, this modification will still fail when the machine restarts. To be permanently effective, change the value of the Net.ipv4.ip_forward inside the/etc/sysctl.conf file to 1.
To modify the default gateway for other machines:
Because to let node1 this machine to help us forward traffic, so the default gateway of other machines set to Node1 intranet IP (that is, 192.168.180.121) on the Node1 machine using the iptables command to set, The flow of other machines is forwarded through this machine that can access the extranet:
Iptables-f
Iptables-x
Iptables-z
These three commands empty the firewall rules.
Then, use the following command for traffic forwarding:
Iptables-t nat-a postrouting-s 192.168.180.0/24-o eth1-j Snat–to-source
(because this rule is not saved, it expires after reboot; How to save firewall rules, please refer to other tutorials)
This article simply introduces the approximate operation, the knowledge of the original reason and the detailed introduction please refer to the other tutorials.