Configure the NAT server to share the Internet in Linux

In Linux, configure the NAT server to share the Internet content: 0. topology of the network configured in this configuration: 1. configure the IP address. 1.1 correctly configure the IP address allocated by the school to enable normal Internet access. 1.2 add the eth0 alias device eth0: 0.1.3 and check the configuration... in Linux, configure the NAT server to share the Internet content: 0. topology of the network configured in this configuration: 1. configure the IP address. 1.1 correctly configure the IP address allocated by the school to enable normal Internet access. 1.2 eth0 alias device eth0: 0. 1.3 check whether the configuration is successful after the configuration: 2. configure Route 3. configure NAT 4. success 5. configure the client (which can be windows, linux, and other systems) 0. the topology of the configured network: ##|###============================#| 10.3.10.0/24 ##| # | 10.3.10.19 # + ---- ++ ------- + + ------- + # | Linux | win1 | win2 | # | (NAT) | # + ---- + --- + # | 192.168.50.1 | 192.168.50.2 | 192.168.50.3 # | #======================================================== ====================================#192.168.50.0/24 ## 1. configure IP address 1.1 correctly configure the IP address allocated by the school to enable normal Internet access 1) configure the Linux host according to the IP address assigned by the school [~] # Cat/etc/sysconfig/network-scripts/ifcfg-eth0 | DEVICE = eth0 | BOOTPROTO = none | HWADDR = 00: 1E: 90: 13: E0: 25 | IPADDR = 10.3.10.19 | NETMASK = 255.255.255.0 | GATEWAY = 10.3.10.254 | ONBOOT = yes | TYPE = Ethernet | DNS1 = 211.64.120.2 | DEFROUTE = yes | DOMAIN = 168.96.1.1 | 2) restart the NIC [~] # Servie network restart note: After the above configuration, the Linux host should be able to access the internet normally! 1.2 add eth0 alias device eth0: 0 [~] # Cat/etc/sysconfig/network-scripts/ifcfg-eth0: 0 | # eth0: 0 must be included in '': 'eth0: 0' | DEVICE = 'eth0: 0' | ONBOOT = yes | BOOTPROTO = static | IPADDR = 192.168.50.1 | NETMASK = 255.255.255.0 | USERCTL = no | 1.3 check whether the configuration is successful: [~] # Ifconfig | eth0 Link encap: Ethernet HWaddr 00: 1E: 90: 13: E0: 25 | inet addr: 10.3.10.19 Bcast: 10.3.10.255 Mask: 255.255.255.0 | inet6 addr: fe80 :: 21e: 90ff: fe13: e025/64 Scope: Link | up broadcast running promisc multicast mtu: 1500 Metric: 1 | RX packets: 187685 errors: 0 dropped: 0 overruns: 0 frame: 0 | TX packets: 137327 errors: 0 dropped: 0 overruns: 0 carrier: 0 | collisions: 0 txqueuelen: 1000 | R X bytes: 134816893 (128.5 MiB) TX bytes: 56066393 (53.4 MiB) | Interrupt: 27 Base address: 0xa000 | eth0: 0 Link encap: Ethernet HWaddr 00: 1E: 90: 13: E0: 25 | inet addr: 192.168.50.1 Bcast: 192.168.50.255 Mask: 255.255.255.0 | up broadcast running promisc multicast mtu: 1500 Metric: 1 | Interrupt: 27 Base address: 0xa000 | 2. because a certain route is automatically configured when you configure the Nic interface, you only need to check its information to verify that it has been correctly configured: [root ~] $ Route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.50.0*255.255.255.0 U 0 0 0 0 eth0 10.3.10.0*255.255.255.0 U 1 0 0 eth0 link-local * 255.255.255.0.0 U 1002 0 0 default 10.3.10.254 0.0.0.0 UG 0 0 0 eth0 3. configure NAT 1) create a nat. sh script file and save it in the/usr/local/nat/directory: [~] # Cat/usr/local/nat. sh | #! /Bin/bash | #0. set your parameter value | EXIF = 'eth0' # This is an external Nic interface, which may be 'ppp0 'and so on | EXNET = '2017. 168.50.0/24 '# This is an internal network segment | # Do not change it if you do not need it! | #1. start routing and so on | echo 1>/proc/sys/net/ipv4/ip_forward |/sbin/iptables-F |/sbin/iptables-X |/sbin/iptables -Z |/sbin/iptables-F-t nat |/sbin/iptables-X-t nat |/sbin/iptables-Z-t nat |/sbin/ iptables-p input accept |/sbin/iptables-p output accept |/sbin/iptables-p forward accept |/sbin/iptables-t nat-p prerouting accept | /sbin/iptables-t nat-P Postrouting accept |/sbin/iptables-t nat-p output accept | #2. load Module |/sbin/modprobe ip_tables 2>/dev/null |/sbin/modprobe ip_nat_ftp 2>/dev/null |/sbin/modprobe ip_nat_irc 2>/dev/ null |/sbin/modprobe ip_conntrack 2>/dev/null |/sbin/modprobe ip_conntrack_ftp 2>/dev/null |/sbin/modprobe ip_conntrack_irc 2>/dev/null | #3. start ip spoofing |/sbin/iptables-t nat-A POSTROUT ING-o $ EXIF-s $ EXNET-j MASQUERADE | 2) add the executable permission [~] # Chmod + x/usr/local/nat. sh 4. success 1) Linux host configuration is complete. now you only need to restart the configuration just now: [~] # Servie network restart [~] #/Usr/local/nat. sh 2) add the following command to the/etc/rc. d/rc. local file: [~] # Echo "/usr/local/nat. sh ">/etc/rc. d/rc. local 5. configure the client (which can be windows, linux, and other systems) 1. set network to 192.168.50.0 2. set broadcast to 192.168.50.255 3. netmask must be set to 255.255.255.0 4. the IP address must be 192.168.50.1 ~ 192.168.50.254, and "cannot be repeated" 5. gateway or set your Linux internal IP address. in my example, 192.168.50.1 6. DNS settings: this is the most error-prone. your DNS settings must be the dns ip address that your ISP gives you. if you do not know, you can enter 168.95.1.1 as the China Telecom DNS or 139.175.10.20 as the SeedNet DNS! Do not set it to 192.168.1.2! Cannot be connected!