First, background:
Linux (Ubuntu) dual-NIC server for Web, routing, DHCP server.
Eth2 Foreign: 10.1.1.244/254
Eth3 internal: 192.178.1.254/20
Intranet Description: 192.178.0.1/20 gw:192.178.1.254
XEN-SERVER:192.178.1.100/20 manages port 443, establishes virtual machines, and network mode is bridged.
Second, the network configuration scheme:
Intranet through NAT access to the extranet, xen-server through 10.1.1.244:8443 management.
Third, configuration instructions:
1.244 the machine turns on the iptables and makes the following configuration
#清除filter表规则
Iptables-fiptables-xiptables-z
#清除nat表规则
Iptables-t nat-fiptables-t nat-xiptables-t nat-z
#nat forwarding
Iptables–t nat–a postrounting–s 192.178.0.0/20–o eht2–j Masquerade
#XENSERVER的管理端口映射
Iptables–t nat–a prerouting–i eth2–p tcp–dport 8443–j dnat–to-destination 192.178.1.100:443
2. Save Iptables Configuration
#创建/etc/iptables.up.rules file, and Modify permissions
Vim/etc/iptables.up.ruleschmod 777 Iptables.up.rules
#将iptables配置保存
Iptables-save >/etc/iptables.up.rules
#找到网络配置文件
Vim/etc/network/interfaces
#外网eht2后面添加, takes effect with network card boot
Pre-up Iptables-restore </etc/iptables.up.rules
Attach Iptables.up.rules note Several accept above not say, I default is all let go.
*nat:prerouting Accept [632:40162]:input Accept [158:11837]:output accept [1:328]:P ostrouting Accept [1:328]-a Prerouting-i eth2-p tcp-m tcp--dport 8443-j DNAT--to-destination 192.168.1.100:443-a postrouting-s 192.178.0.0/20- o eth2-j masqueradecommit# completed on Mon Mar-10:55:20 2015# Generated by Iptables-save v1.4.12 on Mon Mar 30 10:55: 2015*filter:input Accept [60769:14812609]:forward Accept [32923:35214235]:output Accept [52652:9629979]commit
About Linux NAT and port forwarding configuration