IP addresses are public addresses and private addresses, which are the responsibility of inic (Internet Network Information Center), which is assigned to the organization that registered and filed an application with Inic. Access to the Internet.private address is non-registered addresses, specifically for the internal use of the organization, private IP address is not directly used to communicate with the WAN, or use frames to communicate (Fre Frame Relay, HDLC,PPP), Or the NAT function that requires routing to convert a private address to a public ip!
Select a computer (there are two network cards or a single network card and then use the software virtual one more network card) as a gateway, one network card (eth0) connected to the extranet ISP, another network card (ETH1) connected to the intranet (LAN). LAN IP address are private addresses, can only be used internally, is not visible on the public network, so LAN computer to Internet must modify IP, this is the work of the gateway.
Working principle:
When the intranet host sends the packet to the public network, because the destination host is not the same network segment as the source host, the packet is temporarily sent to the intranet default gateway, and the host of this network segment does not respond to this packet. Because the source host IP is private, prohibit the use of the public network, so the packet must be sent to the source of the address modified to the available IP on the public network, this is the gateway after the packet received the first job--ip conversion. The gateway then sends the packet to the destination host. The destination host receives the packet, only think this is the request sent by the gateway, do not know the existence of the intranet host, there is no need to know, the purpose of the host processing the request, the response information sent back to the gateway. After the gateway receives the destination host, the destination IP address of the packet is modified to the IP address of the intranet host that sent the request, and it is sent to the intranet host. This is the second work of the gateway--Routing and forwarding of packets. The host on the intranet will respond if the destination IP of the packet is viewed the same as the source host IP address of the sending request, and this completes the request.
For security reasons, the Linux system disables packet forwarding by default. The so-called forwarding is when the host has more than one network card, which receives a packet, according to the destination IP address of the packet sent to another network card, the network card according to the routing table continue to send packets. This is usually the function that the router will implement.
Configure the IP forwarding function of the Linux system, first ensure the hardware connectivity, and then turn on the system forwarding function
Less/proc/sys/net/ipv4/ip_forward, the file content is 0, which indicates that packet forwarding is prohibited, 1 means allow, and it is modified to 1.
You can use the command echo "1" >/proc/sys/net/ipv4/ip_forward to modify the contents of the file,
Failure after restarting Network service or host
To do this automatically, you can write the command echo "1" >/proc/sys/net/ipv4/ip_forward to the Script/etc/rc.d/rc.local
or add forward_ipv4= "YES" to the/etc/sysconfig/network script
/proc/sys/net/ipv4/ip_forward
