Home > Others

Xenserver 7 implement intranet sharing and port mapping by configuring firewall iptables

Source: Internet
Author: User
Tags iptables
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Because the company in the computer room hosting server IP is not enough, but also for security considerations, so that a number of virtual nodes can not directly access the Internet, so I xenserver physical nodes through the use of iptables NAT function made a simple implementation

[Root@xenserver-cukxsegi ~]# sysctl net.ipv4.ip_forward=1 #开启转发
[Root@xenserver-cukxsegi ~]# Echo ' net.ipv4.ip_forward=1 ' >>/etc/sysctl.conf #让重启不失效
[Root@xenserver-cukxsegi ~]# iptables-p FORWARD DROP #将FORWARD链的策略设置为DROP, this is done to achieve the control of IP on the intranet, You can add a rule when you allow access to the Internet, and no IP in the rule will be able to access the Internet.
[Root@xenserver-cukxsegi ~]# iptables-a forward-m State--state established,related-j ACCEPT #这条规则规定允许任何地址到任何地址的确认包和关 Package Adoption
[Root@xenserver-cukxsegi ~]# iptables-t nat-a postrouting-s 10.1.1.0/24-j SNAT The--to #这条规则做了一个SNAT, that is, the source address conversion, the future Convert from 10.1.1.0/24 address to 60.1.1.1
# (Deven: Because it is the intranet, so for the proxy server postrouting (after the routed package should change the source address to 60.1.1.1, otherwise the package cannot be returned))
[Root@xenserver-cukxsegi ~]# iptables-a forward-s 10.10.10.0/24-j ACCEPT #允许10.10.10.0/24 section of the Internet
[Root@xenserver-cukxsegi ~]# iptables-a forward-s 10.100.100.0/24-j ACCEPT #允许10.100.100.0/24 section of the Internet
[Root@xenserver-cukxsegi ~]# iptables-a forward-s 10.20.20.20-d 8.8.8.8-j ACCEPT #允许10.20.20.20 This IP energy and 8.8.8.8 communication
[Root@xenserver-cukxsegi ~]# iptables-a forward-s 10.30.30.0/24-p tcp-m multiport--dports 80,443-j ACCEPT #允许10.30.3 0.0/24 This network segment can access the Web page

[root@dt-vm-node51/etc/dhcp]# iptables-t nat-a prerouting-d 172.100.220.51-p tcp--dport 5122-j DNAT--to-destinatio N 10.100.100.51:22992
[root@dt-vm-node51/etc/dhcp]# iptables-t nat-a postrouting-d 10.100.100.51-p tcp--dport 22992-j SNAT--to 10.0.0.1

The above command implements the 22 port that accesses the 172.100.220.51 to the 10.100.100.51 22992 port of the intranet.

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
iptables port firewall linux iptables server firewall iptables ubuntu firewall iptables centos firewall iptables iptables linux firewall docker port mapping

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More