Linux-iptables实现SNAT和DNAT
作者:互联网
实验:虚拟机实现SNAT和DNAT
实验设备
外部设备
主机:Ubuntu 地址192.168.10.6/24 网卡模式仅主机
局域网:
firewoall:虚拟机centos8代替 地址 eth0 10.0.0.8/24 网卡NET 地址 eth1 192.168.10.8/24 网卡仅主机,模拟专线 server1 centos7 地址 10.0.0.7/24 网卡NET server2 centos7 地址 10.0.0.77/24 网卡NET
实验目的
Ubuntu可以访问server1 WEB服务
server1 和 server2 可以访问Ubuntu WEB服务
外网可以访问公司局域网中的一台服务器,公司局域网中的机器可以访问外网的机器
实验配置
基础配置
Ubuntu ,centos7server1
安装web服务
yum install httpd -y
systemctl enable --now httpd 设置开机启动
Ubuntu:vim /var/www/html/index.html
添加:Ubuntu server hello word`
server1:vim /var/www/html/index.html
添加:centos7 10.0.0.7 server1 hello word
配置各主机ip
Ubuntu [root@h ~]#ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000 link/ether 00:0c:29:35:78:07 brd ff:ff:ff:ff:ff:ff inet 192.168.10.6/24 brd 192.168.10.255 scope global ens33 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fe35:7807/64 scope link valid_lft forever preferred_lft forever centos8 firewall [root@centos8-liyj ~]#ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:50:56:33:29:8d brd ff:ff:ff:ff:ff:ff inet 10.0.0.8/24 brd 10.0.0.255 scope global noprefixroute eth0 valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:bd:f1:80 brd ff:ff:ff:ff:ff:ff inet 192.168.10.8/24 brd 192.168.10.255 scope global noprefixroute eth1 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:febd:f180/64 scope link valid_lft forever preferred_lft forever server1 修改IP和网关 [root@centos7-liyj ~]#ifconfig eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.0.7 netmask 255.255.255.0 broadcast 10.0.0.255 inet6 fe80::250:56ff:fe3a:aca0 prefixlen 64 scopeid 0x20<link> ether 00:50:56:3a:ac:a0 txqueuelen 1000 (Ethernet) RX packets 2775 bytes 3144795 (2.9 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 649 bytes 81678 (79.7 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@centos7-liyj ~]#route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.0.8 0.0.0.0 UG 100 0 0 eth0 10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0 server2 修改ip和网关 [root@centos7-liyj ~]#ip addr 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether 00:50:56:39:9e:e0 brd ff:ff:ff:ff:ff:ff inet 10.0.0.77/24 brd 10.0.0.255 scope global noprefixroute eth0 valid_lft forever preferred_lft forever inet6 fe80::250:56ff:fe39:9ee0/64 scope link valid_lft forever preferred_lft forever [root@centos7-liyj ~]#route -n Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 10.0.0.8 0.0.0.0 UG 100 0 0 eth0 10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0IP地址
firewall SNAT和DNAT配置
先启用路由转发
[root@centos8-liyj ~]#vim /etc/sysctl.conf
net.ipv4.ip_forward=1
[root@centos8-liyj ~]#sysctl -p
SNAT
[root@centos8-liyj ~]#iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -j SNAT --to-source 192.168.10.8
测试
公司局域网的机器可以访问外网了
server1 [root@centos7-liyj ~]#curl 192.168.10.6 Ubuntu server hello word` server2 [root@centos7-liyj2 ~]#curl 192.168.10.6 Ubuntu server hello word`
DNAT
[root@centos8-liyj ~]#iptables -t nat -A PREROUTING -d 192.168.10.8 -p tcp --dport 80 -j DNAT --to-destination 10.0.0.7:8080
测试
Ubuntu可以访问server1
[root@h ~]#curl 192.168.10.8 centos7 10.0.0.7 server1 hello word
标签:iptables,10.0,00,DNAT,0.0,forever,lft,ff,SNAT 来源: https://www.cnblogs.com/lyj1023/p/16224647.html