MIP is a "one-to-one" two-way address translation (conversion) process. Typically, there are several public-network IP addresses, and there are several servers providing network services (the server uses a private IP address), in order to enable Internet users to access these servers, A one-to-one mapping (MIP) between the public network IP address and the server private IP address can be established on the firewall on the Internet exit, and the servi
Step 1 of the configuration of the EZVPNserver of the PIX Firewall, configure NAT1 and NAT0. The traffic of NAT0 is VPN traffic. Pixfirewall (config) # nat (inside) 110.2.2.020.255.0pixfirewall (config) # global (outside) 1 interfacepixfirewall (config) # access-listvpnpermitip
Step 1 of the EZVPN server configuration of the PIX
10. Address Translation (NAT)
The NAT configuration of a firewall is basically the same as the NAT configuration of a router, and it must first define the internal IP address group for NAT conversion, and then define the internal network segment.
The command that defines the internal address group for NAT conversion is NAT, which is in the format: Nat [(If_name)]
for you - the Onesudo update-alternatives--config javacDittoNote: Some articles say that you can only use the following statements:sudo update-alternatives–config Java, I have not tried!You're done, use the java-version command to view our Java environment variables--------------------------------------------------------------------------------------------------------------- ----To set some ports in the firewall switch, you can modify the edit/etc/s
NAT and PC2 are vmwarevirtual machines.
Nat host network configuration
SNAT
Before performing nat, you must enable the routing function. otherwise, data packets cannot be connected to forword.
[Root @ localhost ~] # Echo 1>/proc/sys/net/ipv4/ip_forward
Add a nat table entry
[Root @ localhost ~] # Iptables-t nat-a postrouting-s172.16.93.0/24-j SNAT -- to-source 10.0.0.1
Indicates that on the postrouting chain, the source address of the data packet wh
The hands of several VPS configuration iptables too cumbersome to see the Zhu Go lnmp script has an automatic configuration iptables firewall script, borrowed to change a bit, to the needs of the people;Only provide common port settings, if you have special needs only to add or reduce the corresponding port;
How to use:
Copy Code code as follows:
c
1. Configure IP Address#vim/etc/sysconfig/network-scripts/ifcfg-eth0Bootproto=staticOnboot=yesipaddr=192.168.1.2netmask=255.255.255.0gateway=192.168.1.254#vim/etc/udev/rules.d/70-persistent-net.rules2. Configure host Name:# vim/etc/sysconfig/networkNetworking=yesHostname=Localhost.localdomain#vim/etc/hosts192.168.1.2 hostname3. Turn off the firewall:(1) Turn off bootOpen: Chkconfig iptables onOFF: Chkconfig iptables off(2) Close the serviceOpen: Serv
View the current firewall settings
Delete a policy, such as the 4th line policy
Iptables-d INPUT 4
-A: Insert at tail
-I inserts a new rule in the specified chain, which is inserted into the first row
(For example: Insert on line seventh)
Iptables-i INPUT 7-p tcp-m State--state new-m TCP--dport 81-j ACCEPT
and then save
Service Iptables Save
and then reboot.
Service Iptables Restart
The above is a small set t
outbound port
Iptables-a output-s 127.0.0.1-d 127.0.0.1-j ACCEPT//allow local loopback data
Iptables-a output-p udp-m UDP--sport 53-j ACCEPT/Outbound data packets from local 53 ports out of the station through
Iptables-a output-p udp-m UDP--dport 53-j ACCEPT//Go to Remote DNS server port 53 packets outbound through
Iptables-a output-s 192.168.10.250-p icmp-j ACCEPT//ICMP packet response to each other (ping command response packet)
Service Iptables save//Save
Tags: file input close Linux server sysconf off style body colorHow to take effect after reboot:1. Open: Chkconfig iptables on2. Off: Chkconfig iptables offImmediate effect, failure after reboot:1. Open: Service iptables start2. Close: Service iptables stopWhen the firewall is turned on, do the following to selectively open the relevant port: you need to modify the/etc/sysconfig/iptables file, add the following to open port access:-A input-m state--st
The port itself is turned on by default, but does not mean that the link to the port must be up. Only link devices are connected and connected devices such as PC are working properly ...Three-layer switch port, still have 24, or fa0/1-24, its three-tier routing function is not implemented through the FastEthernet port, but through its VLAN interface to achieve,therefore, on the two two-layer switch of unicom, it is necessary to configure VLAN to realize interoperability. Accordingly, the export
A newly configured server, installed CentOS6.3 system, after the installation of LNMP, the discovery Nginx process exists, and PHP parsing is normal, but with the allocation of independent IP to access the time found to be inaccessible.Check the information on the Internet, it is possible that the Linux firewall iptables caused nginx can not access. We visit a Web site, typically with 80 ports, then the problem may be that the 80-port access is interc
Iptables IntroductionIptables is a core based firewall, very powerful, iptables built-in Filter,nat and mangle three tables.Filter is responsible for filtering packets, including the chain of rules, input,output and forward;NAT is concerned with network address translation, including the rule chain, prerouting,postrouting and output;Mangle table is mainly used to modify the contents of the packet, used to do traffic shaping, the default chain of rules
From-zone Untrust To-zone trust policy web match source-address any[Email protected]# set security policies From-zone Untrust To-zone trust policy web match destination-address Web match a Pplication any[Email protected]# set security policies From-zone Untrust To-zone trust policy[Email protected]# set security policies From-zone Untrust To-zone Trust policy web then permit[Email protected]# Insert security Policies From-zone untrust To-zone Trust policy web before policy Default-deny2.4 Stati
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.