Home > Developer > Linux

Linux Extranet server jump intranet server for intranet access (Iptables)

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Server information is as follows

External network server: eth0: Public network IP

Eth1: Intranet IP (192.168.10.205)

Public network to provide services, intranet IP and internal LAN communication.

Configuration Process :

(1) Open iptables

Service iptables Restart (temporarily open)

Chkconfig iptables on (permanently open)

(2) Configuration iptables

(2-1) Configure the filter option so that IP and port can be passed through the firewall

Note: Under the filter option, configure the

Example: #18081 (TOMCAT-OA)
-A Input-p TCP--dport 18081-j ACCEPT
-A Output-p TCP--sport 18081-j ACCEPT

(2-2) Configure NAT forwarding rules option

Note: Under the NAT option, configure

For example: Configure access to the intranet address Http://192.168.11.102:8080/tomcat-oa by accessing http://public network Ip:18081/tomcat-oa, where 192.168.11.102 is the intranet server IP.

#映射到192.168.11.102:8080oa System
-A prerouting-d public network ip-p TCP--dport 18081-j DNAT--to-destination 192.168.11.102:8080
-A postrouting-d 192.168.11.102-p tcp--dport 8080-j SNAT--to-source 192.168.10.205

(3) Restart Iptables

Service Iptables Restart


(4) Solve the slow transfer problem

If you are slow during the access process, you can increase access speed by adding the following configuration:

In the filter:

-A input-m state--state established,related-j ACCEPT
-A output-m state--state established,related-j ACCEPT

in Nat:

-A prerouting-m state--state established,related-j ACCEPT
-A postrouting-m state--state established,related-j ACCEP



machine configuration File Reference:

# Generated by Iptables-save v1.4.7 on Mon Mar 16 16:47:11 2015

*nat
:P rerouting ACCEPT [10,362:870,907]
:P ostrouting ACCEPT [565:39,849]
: OUTPUT ACCEPT [565:39,849]


-A prerouting-m state--state established,related-j ACCEPT
-A postrouting-m state--state established,related-j ACCEPT
#映射到192.168.11.102:8080oa System
-A prerouting-d public network ip-p TCP--dport 18081-j DNAT--to-destination 192.168.11.102:8080
-A postrouting-d 192.168.11.102-p tcp--dport 8080-j SNAT--to-source 192.168.10.205


########################################################################
########################## #google代理映射 #########################
########################################################################

#映射到192.168.11.173:3128 Squid System
-A prerouting-d public network ip-p TCP--dport 18088-j DNAT--to-destination 192.168.11.173:3128
-A postrouting-d 192.168.11.173-p tcp--dport 3128-j SNAT--to-source 192.168.10.205
#映射到192.168.11.221:3128 Squid Service
-A prerouting-d public network ip-p TCP--dport 18089-j DNAT--to-destination 192.168.11.221:3128
-A postrouting-d 192.168.11.221-p tcp--dport 3128-j SNAT--to-source 192.168.10.205
########################################################################
##################### #google代理映射--end#########################
########################################################################

COMMIT



*mangle
:P rerouting ACCEPT [314,675:32,786,858]
: INPUT ACCEPT [273,424:29,440,191]
: FORWARD ACCEPT [60:2,784]
: OUTPUT ACCEPT [195,215:274,041,247]
:P ostrouting ACCEPT [195,404:274,048,359]
-A postrouting-o virbr0-p udp-m UDP--dport 68-j CHECKSUM--checksum-fill
COMMIT


*filter
: INPUT DROP [0:0]
: FORWARD ACCEPT [0:0]
: OUTPUT ACCEPT [0:0]
#解决网络连接慢的问题
-A input-m state--state established,related-j ACCEPT
-A output-m state--state established,related-j ACCEPT
#回环访问
-A input-i lo-p all-j ACCEPT
-A output-o lo-p all-j ACCEPT
#ping规则
-A input-p icmp-j ACCEPT
-A output-p icmp-j ACCEPT
#ssh
-A Input-p TCP--dport 22-j ACCEPT
-A Output-p TCP--sport 22-j ACCEPT
#80
-A Input-p TCP--dport 80-j ACCEPT
-A Output-p TCP--sport 22-j ACCEPT
#8080
-A Input-p TCP--dport 8080-j ACCEPT
-A Output-p TCP--sport 8080-j ACCEPT
#8081
-A Input-p TCP--dport 8081-j ACCEPT
-A Output-p TCP--sport 8081-j ACCEPT
#3306
-A Input-p TCP--dport 3306-j ACCEPT
-A Output-p TCP--sport 3306-j ACCEPT
#18080 (TOMCAT-YY)
-A Input-p TCP--dport 18080-j ACCEPT
-A Output-p TCP--sport 18080-j ACCEPT
#3690 (SVN)
-A Input-p TCP--dport 3690-j ACCEPT
-A Output-p TCP--sport 3690-j ACCEPT
#18081 (Tomcat-oa)
-A Input-p TCP--dport 18081-j ACCEPT
-A Output-p TCP--sport 18081-j ACCEPT
#18082 (tomcat-data Publishing platform)
-A Input-p TCP--dport 18082-j ACCEPT
-A Output-p TCP--sport 18082-j ACCEPT
#3128 (squid)
-A Input-p TCP--dport 3128-j ACCEPT
-A Output-p TCP--sport 3128-j ACCEPT
#28081 (Tomcat-proxy)
-A Input-p TCP--dport 28080-j ACCEPT
-A Output-p TCP--sport 28080-j ACCEPT
#18088 (Squid_proxy)
-A Input-p TCP--dport 18088-j ACCEPT
-A Output-p TCP--sport 18088-j ACCEPT
#18089 (Squid_proxy)
-A Input-p TCP--dport 18089-j ACCEPT
-A Output-p TCP--sport 18089-j ACCEPT
COMMIT
# completed on Mon Mar 16 16:47:11 2015

Linux Extranet server jump intranet server for intranet access (Iptables)

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
intranet video streaming server using wordpress for intranet iptables server free linux server access linux server access logs intranet ssl renown intranet

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More