Iptables learning 02 SNAT

Iptables learns to enable the linux forwarding function at 02SNAT. [Plain] iptables-PFORWARDDROP sets the FORWARD chain policy to DROP, so as to control the intranet ip address. you can add a rule when you allow access to the internet, not in the rule... iptables learning 02 SNAT enables the linux forwarding function. [Plain] iptables-p forward drop sets the FORWARD chain policy to DROP, so as to control the intranet ip address, you can add A rule to access the internet. ip addresses that are not in the rule cannot access the internet [plain] iptables-a forward-m state -- state ESTABLISHED, RELATED-j ACCEPT: This rule allows confirmation packages and associated packages from any address to pass. You must add this line. Otherwise, it is useless to allow only lan IP access. for the reason, let's discuss it in detail. [Plain] iptables-t nat-a postrouting-s 10.1.1.0/24-j SNAT -- to 60.1.1.1 this rule implements an SNAT, that is, source address conversion, convert the address from 10.1.1.0/24 to 60.1.1.1. a simple nat router is implemented. In this case, you can add the ip addresses that are allowed to access the FORWARD chain so that they can access the internet. For example, if I want the address 10.1.1.9 to access the internet, you can add the following command. [Plain] iptables-a forward-s 10.1.1.9-j ACCEPT can also precisely control its access address, for example, I allow 10.1.1.99 to access the ip address 3.3.3.3 [plain] iptables-A FORWARD-s 10.1.1.99-d 3.3.3.3-j ACCEPT or only allow them to access the http port. [Plain] iptables-a forward-s 10.1.1.0/24-p tcp -- dport http-j ACCEPT