Linux Nat settings

1: Echo "1">/proc/sys/NET/IPv4/ip_forwardOr change VI/proc/sys/NET/IPv4/ip_forward to 0. 1 indicates that the IP forwarding function is disabled, and 1 indicates that the IP forwarding function is enabled.

2: iptables-T Nat-A postrouting-O eth0-s 192.168.0/24-J Masquerade(Make it look like the outside are all sent by the NAT host)

3: automatic start of NAT Method 2:

A: in/etc/rc. d/rc. Local, add:
Echo "1">/proc/sys/NET/IPv4/ip_forward
Iptables-T Nat-A postrouting-O eth0-s 192.168.0/24-J Masquerade
B: A: VI/etc/sysctl. conf change net. ipv4.ip _ forward = 0 to net. ipv4.ip _ forware = 1
B:/Sbin/service iptables save

4: the link is recorded in:/proc/NET/ip_conntrack.

5: restrict internal access to a specific address or service:
The following lines cannot be connected to an internal IP Address: 140.1.1.1
Iptables-a forward-D 140.1.1.1-p tcp-J Drop
The following lines cannot be connected to port: 5190, that is, ICQ cannot be used internally.
Iptables-a forward-p tcp -- Sport 5190-J Drop
For internal restrictions, such as 10.1.1.1, ICQ is not allowed
Iptables-a forward-s 10.1.1.1-p tcp -- dport 5190-J Drop
Do not connect to a specific port of a specific website
Iptables-a forward-D www.163.com-p tcp -- dport 80-J Drop
A specific IP Address can only connect to a specific port,
Iptables-a forward-D 10.1.1.1-p tcp -- dport! 80-J Drop can only connect to 80, that is, you can only view webpages, but cannot connect to other