Using centos5.3 with NAT is no good, reference n multi-configuration method is useless.
Think is the operating system there is a problem, and 6.6, there is a configuration of the graphical guide interface, it is easy to get it done.
Later found in the English web page
echo "1" >/proc/sys/net/ipv4/ip_forward
That's all you can do. Find n many places, and finally know that this is the default when the OS system does not forward traffic, the method of forced forwarding.
The normal system forwarding needs to modify the configuration file.
/etc/sysctl.conf
Inside
Net.ipv4.ip_forward = 1
It doesn't work because the default value is 0,disable, and switching to 1 is enable.
Sysctl-p
Update, of course, restart is also possible.
Chkconfig iptables on
The normal opening of the firewall as a service.
Then is the configuration of the/etc/sysconfig/iptables file.
With add command is also implemented, here eth0 for outside, eth1 for internal
Iptables-t nat-a postrouting-o Eth0-j Masquerade
This is the internal and external do not limit, this is the IP address of the external network card is DHCP very useful.
Iptables-t nat-a postrouting-s 192.168.1.0/24-j SNAT--to-source 172.26.1.79
This is the internal network 192.168.1.0/24, to the outside, replace the source address as 172.26.1.79
Allow external access to internal servers, such as remote desktops
IPTABLES-T Nat prerouting-i eth0-p TCP--dport 3389-j DNAT--to-destination 192.168.1.2
-I eth0 is the access card, I is the meaning of input,-p TCP, the Protocol is TCP;--dport 3389 port number is 3389,--to-destination is the IP address of the internal server
It's just that it's not enough, it's a NAT table, and-T is the specified table,
The filter table also needs to be configured
Iptables-t filter-a forward-i eth0-m State--state new-m tcp-p tcp-d 192.168.1.2--dport 3389-j ACCEPT
It is not possible to release the traffic inside the forwarding link. Why is the-D here is 192.168.1.2, because in the previous NAT table prerouting has been NAT routing, reached the forward process, The destination address has been changed from the external network adapter IP address to 192.168.1.2, the intranet can only be filtered with the IP address of the intranet.
There are also some traffic permits to be forwarded
Iptables-a forward-m State--state established,related-j ACCEPT
Iptables-a forward-p icmp-j ACCEPT
Iptables-a forward-i lo-j ACCEPT
Iptables-a Forward-o eth0-j ACCEPT
Do not use the system itself with the firewall graphics configuration, a use on the rh-firewall-1-input, make their own mess.
In addition, with 5.3 speed is very slow, Remote Desktop access, the screen is not moving, see the 5.3 Default blocking forwarding for a reason.
With 6.6 There is no problem, the speed can be accepted.
Here are some of the network configuration commands
If you start with only one NIC and later add, then only
/etc/sysconfig/network-scripts/ifcfg-eth0
Without ifcfg-eth1, you can copy Ifcfg-eth0 to Ifcfg-eth1, and then modify the content inside.
Need to check the NIC hardware file
/etc/udev/rules.d/70-persistent-net.rules
Confirm that there is a newly added network card, record the MAC address,
Device=eth1
Name= "System eth1"
Hwaddr=00:50:56:a0:40:18
ipaddr=192.168.1.1
Prefix=24
gateway=
dns1=
domain=
Modify the item, IP address, mask, HWADDR is the MAC address, if the version is high, there are UUID, change and eth0 can be different.
The internal network card does not have a gateway. Prefix is a prefix, and the mask is a meaning, different notation. OS version different, 5 write netmask,6 is prefix
Iptables-f
Clears the rules for all rule chains in the preset table filter
Iptables-x
To clear a preset table the rules in the user-defined chain in the filter
/etc/rc.d/init.d/iptables Save or service iptables save
Save the command to enter the configuration, or reboot will be gone
Service Iptables Restart
Restart Service
This article from "Genius without that 1% is absolutely impossible" blog, please be sure to keep this source http://xushen.blog.51cto.com/1673219/1669784
iptable Nat in CentOS