About Linux NAT and port forwarding configuration

First, background:

Linux (Ubuntu) dual-NIC server for Web, routing, DHCP server.

Eth2 Foreign: 10.1.1.244/254

Eth3 internal: 192.178.1.254/20

Intranet Description: 192.178.0.1/20 gw:192.178.1.254

XEN-SERVER:192.178.1.100/20 manages port 443, establishes virtual machines, and network mode is bridged.

Second, the network configuration scheme:

Intranet through NAT access to the extranet, xen-server through 10.1.1.244:8443 management.

Third, configuration instructions:

1.244 the machine turns on the iptables and makes the following configuration

#清除filter表规则

Iptables-fiptables-xiptables-z

#清除nat表规则

Iptables-t nat-fiptables-t nat-xiptables-t nat-z

#nat forwarding

Iptables–t nat–a postrounting–s 192.178.0.0/20–o eht2–j Masquerade

#XENSERVER的管理端口映射

Iptables–t nat–a prerouting–i eth2–p tcp–dport 8443–j dnat–to-destination 192.178.1.100:443

2. Save Iptables Configuration

#创建/etc/iptables.up.rules file, and Modify permissions

Vim/etc/iptables.up.ruleschmod 777 Iptables.up.rules

#将iptables配置保存

Iptables-save >/etc/iptables.up.rules

#找到网络配置文件

Vim/etc/network/interfaces

#外网eht2后面添加, takes effect with network card boot

Pre-up Iptables-restore </etc/iptables.up.rules

Attach Iptables.up.rules note Several accept above not say, I default is all let go.

*nat:prerouting Accept [632:40162]:input Accept [158:11837]:output accept [1:328]:P ostrouting Accept [1:328]-a Prerouting-i eth2-p tcp-m tcp--dport 8443-j DNAT--to-destination 192.168.1.100:443-a postrouting-s 192.178.0.0/20- o eth2-j masqueradecommit# completed on Mon Mar-10:55:20 2015# Generated by Iptables-save v1.4.12 on Mon Mar 30 10:55: 2015*filter:input Accept [60769:14812609]:forward Accept [32923:35214235]:output Accept [52652:9629979]commit

About Linux NAT and port forwarding configuration