For reprint content of this site, Declined reprint
为保障原作者权利,谢绝转载
一对一
note:防火墙internal网卡地址10.0.0.1,external网卡地址202.196.138.1/30
Require:把内部IP地址为10.0.0.100的主机访问外部网络是转换地址为202.196.138.2/30
Notice:需为external网卡添加地址为202.196.138.2/30的子接口
Example:
Ifconfig eth1:0
Iptables -F FORWARD
Iptables -t nat -F POSTROUTING
Iptables -I FORWARD -s 10.0.0.100 -j ACCEPT
Iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j accept
Iptables -P FORWARD DROP
Iptables -t nat POSTROUTING -o eth1 -j SNAT --to 202.196.138.2
多对一
note:防火墙internal网卡地址10.0.0.1,external网卡地址202.196.138.1/30
Require:把内部IP地址为10.0.0.0/24的主机访问外部网络是转换地址为202.196.138.2/30
Notice:需为external网卡添加地址为202.196.138.2/30的子接口
Example1:
Ifconfig eth1:0
Iptables -F FORWARD
Iptables -t nat -F POSTROUTING
Iptables -I FORWARD -s 10.0.0.0/24 -j ACCEPT
Iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j accept
Iptables -P FORWARD DROP
Iptables -t nat POSTROUTING -s 10.0.0.0/24 -o eth1 -j SNAT --to 202.196.138.2
Example2:
Ifconfig eth1:0
Iptables -F FORWARD
Iptables -t nat -F POSTROUTING
Iptables -I FORWARD -s 10.0.0.0/24 -j ACCEPT
Iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j accept
Iptables -P FORWARD DROP
Iptables -t nat POSTROUTING -p tcp --dport 80 -s 10.0.0.0/24 -o eth1 -j SNAT --to-source 202.196.138.2:3000-4000
多对多
待续...
本文出自 “每一段记忆,都有一个密码” 博客,谢绝转载!