Network application of Linux dual network card building NAT Server

One: Topology, network structure introduction

The IP address of the ETH1 external network card, GW and DNS are provided according to the provider configuration. The configuration is as follows:

ip:114.242.25.18

netmask:255.255.255.0
gw:114.242.25.1

dns:202106.0.20

dns:202106.46.151

Linux host eth0 point to the Intranet, the IP address is: 172.100.10.1/24.

Eth 0
ip:172.100.10.1
netmask:255.255.255.0

The Internal office area IP address segment is 172.100.10.x/24 segment of IP, eth0 IP is the gateway of all intranet hosts, and DNS is set to ETH1 network card configuration DNS, my intranet Office PC settings are as follows:

172.100.10.188
netmask:255.255.255.0
gw:172.100.10.1

dns:202106.0.20

dns:202106.46.151

Two: Configuration

1. Turn on forwarding

When the above configuration is complete, the Office terminal should be able to ping the eth0 IP of the Linux system host as they are linked through the switch. However, the office terminal Ping does not pass the Linux system host's eth1 IP, should not turn on the Linux system host the forwarding function.

To turn on the forwarding function of Linux, execute the following command:

Echo 1 > /proc/sys/net/ipv4/ip_forward

To see if the system has forwarding enabled, you can execute the following command:

Cat/proc/sys/net/ipv4/ip_forward

If the result is 1, the delegate is enabled, and 0 is not enabled.

When forwarding is turned on, the IP address and gateway and DNS of the same ETH 1 can be ping.

2. Configure NAT Rules

After the above configuration, although you can ping the relevant IP address, but at this time the Linux server is able to surf the Internet, but the intranet office computer is still unable to surf the internet. The problem is that the IP address of the intranet host cannot be routed on the public network. So we only need to convert the IP of the intranet office terminal into the IP of the Linux system eth1 interface.

3. Configured NAT

/sbin/iptables-p INPUT ACCEPT
/sbin/iptables-p OUTPUT ACCEPT
/sbin/iptables-p FORWARD ACCEPT
/sbin/iptables-t nat-p prerouting ACCEPT
/sbin/iptables-t nat-p postrouting ACCEPT
/sbin/iptables-t nat-p OUTPUT ACCEPT

NAT translation:

Iptables-t nat-a postrouting-s 172.100.10.0/24-o eth1-j Masquerade

This can also be achieved by using the SNAT target:

Iptables-t nat-a postrouting-s 10.50.10.0/24-o eth1-j SNAT--to-source 114.242.25.18

The FORWARD configuration rules are as follows:

Iptables-a forward-i eth0-j ACCEPT

Ensure that all packages entering eth0 are FORWARD to ACCEPT.

After the above configuration, the intranet office computer can be normal access to the external network.

This article is from the "Kang Jianhua" blog, make sure to keep this source http://michaelkang.blog.51cto.com/1553154/788472

Network application of Linux dual network card building NAT Server