系统相关
首页 > 系统相关> > Linux-iptables实现SNAT和DNAT

Linux-iptables实现SNAT和DNAT

作者:互联网

 实验:虚拟机实现SNAT和DNAT

实验设备

外部设备

主机:Ubuntu       地址192.168.10.6/24      网卡模式仅主机

 

局域网:

firewoall:虚拟机centos8代替       地址 eth0  10.0.0.8/24         网卡NET

                     地址 eth1  192.168.10.8/24      网卡仅主机,模拟专线
server1        centos7        地址  10.0.0.7/24         网卡NET
server2       centos7       地址  10.0.0.77/24         网卡NET

实验目的

Ubuntu可以访问server1 WEB服务

server1 和 server2 可以访问Ubuntu WEB服务

外网可以访问公司局域网中的一台服务器,公司局域网中的机器可以访问外网的机器

实验配置

基础配置

Ubuntu ,centos7server1

安装web服务

yum install httpd -y

systemctl enable --now httpd     设置开机启动

Ubuntu:vim /var/www/html/index.html

      添加:Ubuntu server hello word`

server1:vim /var/www/html/index.html

      添加:centos7 10.0.0.7 server1 hello word

配置各主机ip

Ubuntu
[root@h ~]#ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 00:0c:29:35:78:07 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.6/24 brd 192.168.10.255 scope global ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe35:7807/64 scope link 
       valid_lft forever preferred_lft forever

centos8 firewall

[root@centos8-liyj ~]#ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:50:56:33:29:8d brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.8/24 brd 10.0.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:bd:f1:80 brd ff:ff:ff:ff:ff:ff
    inet 192.168.10.8/24 brd 192.168.10.255 scope global noprefixroute eth1
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:febd:f180/64 scope link 
       valid_lft forever preferred_lft forever

server1
修改IP和网关
[root@centos7-liyj ~]#ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.0.7  netmask 255.255.255.0  broadcast 10.0.0.255
        inet6 fe80::250:56ff:fe3a:aca0  prefixlen 64  scopeid 0x20<link>
        ether 00:50:56:3a:ac:a0  txqueuelen 1000  (Ethernet)
        RX packets 2775  bytes 3144795 (2.9 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 649  bytes 81678 (79.7 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
[root@centos7-liyj ~]#route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.0.8        0.0.0.0         UG    100    0        0 eth0
10.0.0.0        0.0.0.0         255.255.255.0   U     100    0        0 eth0

server2
修改ip和网关
[root@centos7-liyj ~]#ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:50:56:39:9e:e0 brd ff:ff:ff:ff:ff:ff
    inet 10.0.0.77/24 brd 10.0.0.255 scope global noprefixroute eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::250:56ff:fe39:9ee0/64 scope link 
       valid_lft forever preferred_lft forever
[root@centos7-liyj ~]#route -n      
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         10.0.0.8        0.0.0.0         UG    100    0        0 eth0
10.0.0.0        0.0.0.0         255.255.255.0   U     100    0        0 eth0
IP地址

firewall  SNAT和DNAT配置

先启用路由转发

[root@centos8-liyj ~]#vim /etc/sysctl.conf
net.ipv4.ip_forward=1
[root@centos8-liyj ~]#sysctl -p

 

SNAT

[root@centos8-liyj ~]#iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -j SNAT --to-source 192.168.10.8

测试

公司局域网的机器可以访问外网了

server1
[root@centos7-liyj ~]#curl 192.168.10.6
Ubuntu server   hello word`

server2
[root@centos7-liyj2 ~]#curl 192.168.10.6
Ubuntu server   hello word`

DNAT

[root@centos8-liyj ~]#iptables -t nat -A PREROUTING -d 192.168.10.8 -p tcp --dport 80 -j DNAT --to-destination 10.0.0.7:8080

测试

Ubuntu可以访问server1

[root@h ~]#curl 192.168.10.8
centos7 10.0.0.7 server1 hello word

 

标签:iptables,10.0,00,DNAT,0.0,forever,lft,ff,SNAT
来源: https://www.cnblogs.com/lyj1023/p/16224647.html