Linux configuration firewall iptables instance sharing

This article mainly introduces how to configure the firewall iptables instance in linux. For more information, see

Iptables a detailed instance

Copy codeThe code is as follows:
/Etc/init. d/iptables start iptables

Initialize iptables and delete previous rules,
 

Copy codeThe code is as follows:
Iptables-F
Iptables-X
Iptables-Z
Iptables-F-tnat
Iptables-X-tnat
Iptables-Z-tnat

Allow SSH access, or you will not be able to access it later.

Copy codeThe code is as follows:
Iptables-AINPUT-pTCP -- dport22-jACCEPT

Set default inbound and outbound rules

Copy codeThe code is as follows:
Iptables-PINPUTDROP
Iptables-POUTPUTACCEPT
Iptables-PFORWARDACCEPT
Iptables-AINPUT-ilo-jACCEPT
Iptables-AINPUT-mstate -- stateESTABLISHED, RELATED-jACCEPT

Load the corresponding module

Copy codeThe code is as follows:
Modprobeip_tables
Modprobeiptable_nat
Modprobeip_nat_ftp
Modprobeip_conntrack
Modprobeip_conntrack_ftp

Configure default forwarding rules

Copy codeThe code is as follows:
Iptables-tnat-PPREROUTINGACCEPT
Iptables-tnat-PPOSTROUTINGACCEPT
Iptables-tnat-POUTPUTACCEPT

Allow Intranet connection

Copy codeThe code is as follows:
Iptables-AINPUT-I intranet Nic name (such as eth1)-jACCEPT

Enable forwarding

Copy codeThe code is as follows:
Echo "1">/proc/sys/net/ipv4/ip_forward

Configure Source NAT to allow Intranet access through host nat.

Copy codeThe code is as follows:
Iptables-tnat-APOSTROUTING-s intranet Nic name-o internet nic name-jMASQUERADE

Map the FTP server to the Internet

Copy codeThe code is as follows:
Iptables-tnat-APREROUTING-ptcp-d58.222.1.3 -- dport21-jDNAT -- to192.168.0.211: 21

End, don't forget to save

Copy codeThe code is as follows:
Serviceiptablessave

The gateway of 192.168.0.211 should be set to host 192.168.0.1. That's all.