Home > Others

Iptables Network access control

Source: Internet
Author: User
Tags iptables
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Refer to But_bueatiful's blog: url: http://blog.chinaunix.net/uid-26495963-id-3279216.html


Iptables the rules into a list of absolutely detailed access control functions.


These five locations are also known as the five hook functions (hook functions), also called Five rule chains. 1.PREROUTING (before routing) 2.INPUT (packet inflow port) 3.FORWARD (forwarding pipe card) 4.OUTPUT (Packet exit) 5.POSTROUTING (after routing) This is the five rule chain of NetFilter, any one data Package, as long as the machine, will pass through the five chain in one of the chain.


1.SNAT conversion based on the original address

Based on the conversion of the original address is generally used in many of our intranet users through a network of the mouth of the Internet, when we will be the address of our intranet into an extranet IP, we can connect to other extranet IP functions.

The IP of all 192.168.10.0 segments is converted into 172.16.100.1 this hypothetical extranet address: iptables-t nat-a postrouting-s 192.168.10.0/24-j- To-source 172.16.100.1 this way, as long as it is from the local network to try to access the network through the NIC, will be converted into 172.16.100.1 this IP.


2.DNAT Destination Address translation

For destination address translation, the data flow is from the outward, outside is the client, inside is the server end through the target address conversion, we may let the outside IP through our external network IP to visit our server different server, but our service is placed in the intranet server's different server.
How to do the target address translation. : Iptables-t nat-a prerouting-d 192.168.10.18-p tcp--dport 80-j dnat--todestination The destination address translation to Before the NIC is converted, so do it in the prerouting position.


Iptables-t nat-a prerouting-p tcp--dport 80-j REDIRECT--to-ports 8180


Switch 80-Port route to 8180 Port


-T NAT: Displays information about all the checkpoints

-A: Append, add a rule at the end of the current chain

-P: For matching protocols (there are usually 3 of these protocols, TCP/UDP/ICMP

-P TCP:TCP extension of the protocol. There are generally three kinds of extended--dport xx-xx: Specify the destination port, not multiple noncontiguous ports, only single ports can be specified
-j action, where action can be redirect: Redirect: Primarily for port redirection


This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
nac network access control cisco network access control for dummies magic quadrant for network access control iptables block internet access mandatory access control vs discretionary access control mandatory access control vs discretionary access control network control devices

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More