Test the nat translation of the firewall using linux and xp in the vmwarevm Environment

Test the nat translation of the firewall using linux and xp in the vmwarevm Environment


① The topology is set up. Two NICs are allocated to the linux system. One Nic is in the Vware3 subnet, the other is in the Vware2 subnet, And the NIC of the ftp server is allocated to the Vware3 subnet, assign the NIC of a host on the Internet to the Vware2 subnet.





Create two interfaces for linux. The IP address of one interface is 202.1.1.1, And the IP address of the other interface is 192.168.1.1.





Configure an IP address for the server in the CIDR Block 202.1.1.0/24 and an IP address for the Intranet host. The IP address is in the CIDR Block 192.168.1.0/24.



Now, the linux route function code is echo '1'>/proc/sys/net/ipv4/ip_forward.

Ping the server from an intranet host to test whether the connection is successful.

Configure Firewall rules now
# Loading the ftp forwarding Module
Modprobe ip_nat_ftp
Modprobe ip_conntrack_ftp
# Clear previous settings
Iptables-F
Iptables-F-t mangle
Iptables-F-t nat
# Set the filter table preset Policy
Iptables-P INPUTDROP
Iptables-P OUTPUT DROP
Iptables-P FORWARDDROP
# Start internal external Address Transfer
Iptables-t nat-a postrouting-o eth1-s 192.168.1.0/24-j SNAT -- to-source 202.1.1.1
# Set forwarding rules for FORWARD
Iptables-a forward-I eth0-o eth1-p tcp-d 202.1.1.2 -- dport 21-j ACCEPT
Iptables-a forward-I eth0-o eth1-p tcp-d 202.1.1.2 -- dport 20-j ACCEPT
# Set to allow established and related data to pass the FORWARD chain
Iptables-a forward-s 202.1.1.2-m state--state established, related-j ACCEPT
Now, ping the server on the Intranet host to test whether the connection is successful.

At this time, the following problems may occur when accessing the ftp server through the Intranet.

Solution: Open the client's internet browser, select Tools, select internet Options, select Advanced, deselect "use Passive ftp", and test again.