How to configure an intranet server for IDC to access the Internet through iptables SNAT

There are three machines, A, B, and C. Machine A has Internet and Intranet IP addresses, and machine B and C only have Intranet. We configure machine B and machine C to access the Internet through machine.

Assume that the Internet IP address of machine A is: 60.12.13.14 and the Intranet IP address is 192.168.0.1.

Host B IP Address: 192.168.0.2

The IP address of machine C is 192.168.0.3.

On machines B and C, we configure the NIC configuration file and add machine A as the gateway.

Modify

1. VI/etc/sysconfig/network-scripts/ifcfg-eth1

Add:

1. Gateway = 192.168.0.1

Then restart the network of the two machines.

1. /Etc/init. d/network restart

Modify the DNS configuration file of the two machines and add the same DNS as machine.

1. VI/etc/resolv. conf

Add:

1. Nameserver 202.99.96.68 # modify DNS based on your server

Save it.

We configure iptables on machine A and add SNAT

CD/usr/local/sbin/
VI iptables. Sh

1. #! /Bin/sh
   
   
2. Iptables-T nat-I postrouting-s 192.168.0.0/24-J SNAT -- to-source 60.12.13.14
3. Iptables-a forward-s 192.168.0.0/24-J accept
4. Iptables-a forward-D 192.168.0.0/24-J accept
6. /Etc/init. d/iptables save

Run scripts

1. Sh iptables. Sh

In this way, the content in the iptables. Sh script is saved

1. /Etc/sysconfig/iptables

File.

On Machine A, set iptbals to boot.

1. Chkconfig -- level 345 iptables on

On Machine A, enable the IP forwarding function and modify the sysctl. conf file.

1. VI/etc/sysctl. conf

Set

1. Net. ipv4.ip _ forward = 0

To:

1. Net. ipv4.ip _ forward = 1

Then execute:

1. Sysctl-P

Make it take effect.

After everything is ready, you can access the Internet on machines B and C, for example, ping the external IP address and domain name.
You can easily use Yum to update and download the software ..

Note:

During the operation, I first performed operations on machines A and B. When B can access the Internet, I found that machine A cannot connect to machine C, later, I thought there was a problem with machine C, so I didn't try to connect machine B to machine C. After that, we notified the data center to restart and found that there was still no way to connect to C through a. After that, there was no way to connect A to C through the local physical machine after the data center was connected to the monitor, however, IDC engineers tried to connect to C through B and found that it was caused by adjusting the Intranet access without adding a gateway. After connecting B to C, add the gateway and restart the NIC, A can connect to C, and C can also access the internet. After a while, let's make a souvenir. More attempts

 

 

How to configure an intranet server for IDC to access the Internet through iptables SNAT