Linux configuration firewall iptables instance sharing

Source: Internet
Author: User
Tags ssh access
This article mainly introduces how to configure the firewall iptables instance in linux. For more information, see

Iptables a detailed instance

Copy codeThe code is as follows:
/Etc/init. d/iptables start iptables

Initialize iptables and delete previous rules,
 

Copy codeThe code is as follows:
Iptables-F
Iptables-X
Iptables-Z
Iptables-F-tnat
Iptables-X-tnat
Iptables-Z-tnat


Allow SSH access, or you will not be able to access it later.

Copy codeThe code is as follows:
Iptables-AINPUT-pTCP -- dport22-jACCEPT

Set default inbound and outbound rules

Copy codeThe code is as follows:
Iptables-PINPUTDROP
Iptables-POUTPUTACCEPT
Iptables-PFORWARDACCEPT
Iptables-AINPUT-ilo-jACCEPT
Iptables-AINPUT-mstate -- stateESTABLISHED, RELATED-jACCEPT


Load the corresponding module

Copy codeThe code is as follows:
Modprobeip_tables
Modprobeiptable_nat
Modprobeip_nat_ftp
Modprobeip_conntrack
Modprobeip_conntrack_ftp


Configure default forwarding rules


Copy codeThe code is as follows:
Iptables-tnat-PPREROUTINGACCEPT
Iptables-tnat-PPOSTROUTINGACCEPT
Iptables-tnat-POUTPUTACCEPT

Allow Intranet connection

Copy codeThe code is as follows:
Iptables-AINPUT-I intranet Nic name (such as eth1)-jACCEPT

Enable forwarding

Copy codeThe code is as follows:
Echo "1">/proc/sys/net/ipv4/ip_forward


Configure Source NAT to allow Intranet access through host nat.

Copy codeThe code is as follows:
Iptables-tnat-APOSTROUTING-s intranet Nic name-o internet nic name-jMASQUERADE

Map the FTP server to the Internet

Copy codeThe code is as follows:
Iptables-tnat-APREROUTING-ptcp-d58.222.1.3 -- dport21-jDNAT -- to192.168.0.211: 21

End, don't forget to save

Copy codeThe code is as follows:
Serviceiptablessave

The gateway of 192.168.0.211 should be set to host 192.168.0.1. That's all.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.