<Configure the NAT server to share the Internet in Linux>
Content:
0. the topology of the network configured this time:
1. Configure the IP address
1.1 correctly configure the IP address allocated by the school to enable normal Internet access
. 1.2 add eth0 alias device eth0: 0
. 1.3 after configuration, check whether the configuration is successful:
2. Configure routes
3. Configure NAT
4. Success
5. Configure the client (which can be windows, linux, and other systems)
0. the topology of the network configured this time:
#
# |
# |
#======================================
# | 10.3.10.0/24
# |
# |
# | 10.3.10.19
# + ---- ++ ------- +
# |
# | Linux | win1 | win2 |
# | (NAT) |
# + ---- ++ --- + --- ++ --- +
# | 192.168.50.1 | 192.168.50.2 | 192.168.50.3
# |
# |
# |
#======================================================== ===============
#192.168.50.0/24
#
#
1. Configure the IP address
1.1 correctly configure the IP address allocated by the school to enable normal Internet access
1) configure the Linux host according to the IP address assigned by the school
[~] # Cat/etc/sysconfig/network-scripts/ifcfg-eth0
| DEVICE = eth0 |
| BOOTPROTO = none |
| HWADDR = 00: 1E: 90: 13: E0: 25 |
| IPADDR = 10.3.10.19 |
| NETMASK = 255.255.255.0 |
| GATEWAY = 10.3.10.254 |
| ONBOOT = yes |
| TYPE = Ethernet |
| DNS1 = 211.64.120.2 |
| DEFROUTE = yes |
| DOMAIN = 168.96.1.1 |
2) restart the NIC
[~] # Servie network restart
Note: After the above configuration, the Linux host should be able to access the Internet normally!
1.2 add eth0 alias device eth0: 0
[~] # Cat/etc/sysconfig/network-scripts/ifcfg-eth0: 0
| # Eth0: 0 must be included in '': 'eth0: 0' |
| DEVICE = 'eth0: 0' |
| ONBOOT = yes |
| BOOTPROTO = static |
| IPADDR = 192.168.50.1 |
| NETMASK = 255.255.255.0 |
| USERCTL = no |
1.3 check whether the configuration is successful after Configuration:
[~] # Ifconfig
| Eth0 Link encap: Ethernet HWaddr 00: 1E: 90: 13: E0: 25 |
| Inet addr: 10.3.10.19 Bcast: 10.3.10.255 Mask: 255.255.255.0 |
| Inet6 addr: fe80: 21e: 90ff: fe13: e025/64 Scope: Link |
| Up broadcast running promisc multicast mtu: 1500 Metric: 1 |
| RX packets: 187685 errors: 0 dropped: 0 overruns: 0 frame: 0 |
| TX packets: 137327 errors: 0 dropped: 0 overruns: 0 carrier: 0 |
| Collisions: 0 txqueuelen: 1000 |
| RX Bytes: 134816893 (128.5 MIB) TX Bytes: 56066393 (53.4 MIB) |
| Interrupt: 27 Base address: 0xa000 |
| Eth0: 0 Link encap: Ethernet HWaddr 00: 1E: 90: 13: E0: 25 |
| Inet addr: 192.168.50.1 Bcast: 192.168.50.255 Mask: 255.255.255.0 |
| Up broadcast running promisc multicast mtu: 1500 Metric: 1 |
| Interrupt: 27 base address: 0xa000 |
2. Configure routes
Because a certain route is automatically configured when the NIC interface is configured, we only need to check its information to verify its
Have been correctly configured:
[Root ~] $ Route
Kernel IP routing table
Destination gateway genmask flags metric ref use iface
192.168.50.0*255.255.255.0 u 0 0 0 eth0
10.3.10.0*255.255.255.0 U 1 0 0 eth0
Link-local * 255.255.0.0 U 1002 0 0 eth0
Default 10.3.10.254 0.0.0.0 UG 0 0 0 eth0
3. Configure NAT
1) create a nat. sh script file and save it to the/usr/local/nat/directory:
[~] # Cat/usr/local/nat. sh
| #! /Bin/bash |
| #0. Set your parameter value |
| EXIF = 'eth0' # This is an external Nic interface, which may be 'ppp0 '. |
| EXNET = '1970. 168.50.0/24' # This is an internal network segment |
| # If there is no need, do not change it! |
| #1. Start routing and so on |
| Echo 1>/proc/sys/net/ipv4/ip_forward |
|/Sbin/iptables-f |
|/Sbin/iptables-x |
|/Sbin/iptables-z |
|/Sbin/iptables-F-T Nat |
|/Sbin/iptables-X-T Nat |
|/Sbin/iptables-Z-t nat |
|/Sbin/iptables-p input accept |
|/Sbin/iptables-p output accept |
|/Sbin/iptables-P forward accept |
|/Sbin/iptables-T nat-P prerouting accept |
|/Sbin/iptables-T nat-P postrouting accept |
|/Sbin/iptables-t nat-p output accept |
| #2. Load the module |
|/Sbin/modprobe ip_tables 2>/dev/null |
|/Sbin/modprobe ip_nat_ftp 2>/dev/null |
|/Sbin/modprobe ip_nat_irc 2>/dev/null |
|/Sbin/modprobe ip_conntrack 2>/dev/null |
|/Sbin/modprobe ip_conntrack_ftp 2>/dev/null |
|/Sbin/modprobe ip_conntrack_irc 2>/dev/null |
| #3. Start ip spoofing |
|/Sbin/iptables-t nat-a postrouting-o $ EXIF-s $ EXNET-j MASQUERADE |
2) Add executable permissions
[~] # Chmod + x/usr/local/nat. sh
4. Success
1) After the Linux host configuration is completed, you only need to restart the configuration just now:
[~] # Servie network restart
[~] #/Usr/local/nat. sh
2) to enable the system to run upon startup, add the following command to the/etc/rc. d/rc. local file:
[~] # Echo "/usr/local/nat. sh">/etc/rc. d/rc. local
5. Configure the client (which can be windows, linux, and other systems)
1. Set network to 192.168.50.0.
2. Set broadcast to 192.168.50.255.
3. netmask must be set to 255.255.255.0
4. Set the IP address to 192.168.50.1 ~ One of 192.168.50.254, and "cannot be repeated 』
5. gateway or set your Linux internal IP address. In my example
192.168.50.1
6. DNS settings: This is the most error-prone. Your DNS settings must be the DNS provided by your ISP.
If you do not know the IP address, enter 168.95.1.1 as the DNS address of China Telecom or
139.175.10.20 is the seednet DNS! Do not set it to 192.168.1.2! Yes
Unable to connect!
See also:
Http://www.chinaitlab.com/www/special/linux11.asp#7