iptable Nat in CentOS

Using centos5.3 with NAT is no good, reference n multi-configuration method is useless.

Think is the operating system there is a problem, and 6.6, there is a configuration of the graphical guide interface, it is easy to get it done.

Later found in the English web page

echo "1" >/proc/sys/net/ipv4/ip_forward

That's all you can do. Find n many places, and finally know that this is the default when the OS system does not forward traffic, the method of forced forwarding.

The normal system forwarding needs to modify the configuration file.

/etc/sysctl.conf

Inside

Net.ipv4.ip_forward = 1

It doesn't work because the default value is 0,disable, and switching to 1 is enable.

Sysctl-p

Update, of course, restart is also possible.

Chkconfig iptables on

The normal opening of the firewall as a service.

Then is the configuration of the/etc/sysconfig/iptables file.

With add command is also implemented, here eth0 for outside, eth1 for internal

Iptables-t nat-a postrouting-o Eth0-j Masquerade

This is the internal and external do not limit, this is the IP address of the external network card is DHCP very useful.

Iptables-t nat-a postrouting-s 192.168.1.0/24-j SNAT--to-source 172.26.1.79

This is the internal network 192.168.1.0/24, to the outside, replace the source address as 172.26.1.79

Allow external access to internal servers, such as remote desktops

IPTABLES-T Nat prerouting-i eth0-p TCP--dport 3389-j DNAT--to-destination 192.168.1.2

-I eth0 is the access card, I is the meaning of input,-p TCP, the Protocol is TCP;--dport 3389 port number is 3389,--to-destination is the IP address of the internal server

It's just that it's not enough, it's a NAT table, and-T is the specified table,

The filter table also needs to be configured

Iptables-t filter-a forward-i eth0-m State--state new-m tcp-p tcp-d 192.168.1.2--dport 3389-j ACCEPT

It is not possible to release the traffic inside the forwarding link. Why is the-D here is 192.168.1.2, because in the previous NAT table prerouting has been NAT routing, reached the forward process, The destination address has been changed from the external network adapter IP address to 192.168.1.2, the intranet can only be filtered with the IP address of the intranet.

There are also some traffic permits to be forwarded

Iptables-a forward-m State--state established,related-j ACCEPT
Iptables-a forward-p icmp-j ACCEPT
Iptables-a forward-i lo-j ACCEPT
Iptables-a Forward-o eth0-j ACCEPT

Do not use the system itself with the firewall graphics configuration, a use on the rh-firewall-1-input, make their own mess.

In addition, with 5.3 speed is very slow, Remote Desktop access, the screen is not moving, see the 5.3 Default blocking forwarding for a reason.

With 6.6 There is no problem, the speed can be accepted.

Here are some of the network configuration commands

If you start with only one NIC and later add, then only

/etc/sysconfig/network-scripts/ifcfg-eth0

Without ifcfg-eth1, you can copy Ifcfg-eth0 to Ifcfg-eth1, and then modify the content inside.

Need to check the NIC hardware file

/etc/udev/rules.d/70-persistent-net.rules

Confirm that there is a newly added network card, record the MAC address,

Device=eth1

Name= "System eth1"
Hwaddr=00:50:56:a0:40:18
ipaddr=192.168.1.1
Prefix=24
gateway=
dns1=
domain=

Modify the item, IP address, mask, HWADDR is the MAC address, if the version is high, there are UUID, change and eth0 can be different.

The internal network card does not have a gateway. Prefix is a prefix, and the mask is a meaning, different notation. OS version different, 5 write netmask,6 is prefix

Iptables-f

Clears the rules for all rule chains in the preset table filter

Iptables-x

To clear a preset table the rules in the user-defined chain in the filter

/etc/rc.d/init.d/iptables Save or service iptables save

Save the command to enter the configuration, or reboot will be gone

Service Iptables Restart

Restart Service

This article from "Genius without that 1% is absolutely impossible" blog, please be sure to keep this source http://xushen.blog.51cto.com/1673219/1669784

iptable Nat in CentOS