本文介绍如何通过四个步骤在Linux上配置NAT(网络地址转换),实现从内部网络(eth1)到外部网络(eth0)的数据包转发。首先启用IP转发功能,然后通过iptables规则实现地址伪装和数据包转发,最后确保配置能够在重启后继续生效。
4步搞定linux nat,其中eth0是外网口,eth1是内网口
1、First you need to tell your kernel that you want to allow IP forwarding.
echo 1 > /proc/sys/net/ipv4/ip_forward
Then you’ll need to configure iptables to forward the packets from your
internal network, on /dev/eth1, to your external network on /dev/eth0.
2、You do this will the following commands:
/sbin/iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
/sbin/iptables -A FORWARD -i eth0 -o eth1 -m state –state RELATED,ESTABLISHED -j ACCEPT
/sbin/iptables -A FORWARD -i eth1 -o eth0 -j ACCEPT
You should now be NATing. You can test this by pinging an external
address from one of your internal hosts. The last step is to ensure that
this setup survives over a reboot. Obviously you should only do these
last two steps if your test is a success.
3、You will need to edit /etc/sysconfig/iptables-config and make sure IPTABLES_MODULES_UNLOAD, IPTABLES_SAVE_ON_STOP, and IPTABLES_SAVE_ON_RESTART are all set to ‘yes’.
4、设置iptables自动启动
After all that is done, you should probably do a test reboot to ensure that you’ve done everything correctly. If you find any errors on this page or this does not work for you please feel free to E-mail me directly at frank@revsys.com.
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
