Experiment on SNAT Internet sharing for small and medium-sized enterprise gateways in Linux

I. Environment Description
Vmware workstation 10 virtualizes three centos 6.4-x64 instances. In host A's network environment, only the ip address of host configuration is 172.16.10.2/16;
Host B simulates the enterprise gateway and has two ip addresses, eth0: 192.168.5.1/24 and eth1: 172.16.10.1/16.
Host C simulates the Internet host, ip Address: 192.168.5.86
The host B eth0 and host C must be in the same network, where the bridge is connected to my physical network;
Host B eth1 and host A must be in the same network segment, which can be customized. Here, only the host network is used,
The network topology is as follows:

Objective: To enable internal host A to access host C, it is simulated that small and medium-sized enterprises access the Internet through the Linux gateway to save costs;
Tutorial steps:
Host A configuration: configured IP Address: 172.16.10.2/16
Host C configuration: configure the IP address 192.168.5.86 and install the http service yum install httpd.
# Cat/var/www/html/index.html
This is a test website!
# Service httpd restart
Gateway host B Configuration:
Enable kernel-level forwarding:
Echo "1">/proc/sys/net/ipv4/ip_forward
In this step, you can point the gateway on host C to the eth0 of host B, that is, 192.168.5.1.
The communication between host A and host C and host A is not an experiment purpose, if you are interested, try it!
Iptables SNAT is implemented on host B to access other Internet through host B;
# Iptables-t nat-a postrouting-s 172.16.0.0/16-o eth0-j SNAT -- to-source 192.168.5.1 (fixed ip)
Or iptables-t nat-a postrouting-s 172.16.0.0/16-o eth0-j MASQUERADE)
One command.
Test:
Host:
# Ping 192.168.5.86 OK
# Elinks 192.168.5.86
This is a test website!
At the same time on host C
# Tail-f/var/log/httpd/access_log
192.168.5.1--[16/Oct/2013: 21: 40: 21 + 0800] "GET/HTTP/1.1" 200 28 "-" "ELinks/0.12pre5 (textmode; Linux; 80x25-2 )"
The http access log shows that when host A accesses host C, the source address is converted to the Internet address of host B, that is, 192.168.5.1.

Further test: Because the eth0 and C of host B are my real network segments and can access the Internet, host A can pass
Host B accesses the Internet. The test is as follows:
Configure host a dns as 8.8.8.8
Ping www.baidu.com OK
It indicates that host A has successfully accessed the Internet through the SNAT function of host B! Lab successful!