Iptables 安装与配置
环境配置
1、RHEL6.4 IP 1:10.10.10.135(桥接网络) IP 2:192.168.190.128(私有地址) DNS:172.16.12.3
2、Windows2008R2 IP:192.168.190.129(私有地址)
3、使用工具 iptables防火墙
拓扑图
步骤(注意红字)
1、查看iptables是否安装
[root@MIGUANG ~]# rpm -qa |grep iptables
iptables-1.4.7-9.el6.x86_64
iptables-ipv6-1.4.7-9.el6.x86_64
2、未安装iptables使用yum命令进行安装(注意:yum可以是本地源或外部源)
[root@MIGUANG ~]# yum install iptables
3、删除iptables 中的所有配置数据显示如下信息(这里不介绍如何删除数据)
[root@MIGUANG network-scripts]# iptables -L -n
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
4、配置iptables
1)打开iptables中的icmp包转发功能
[root@MIGUANG network-scripts]# echo 1 > /proc/sys/net/ipv4/ip_forward
2)设置iptables的NAT功能
[root@MIGUANG network-scripts]# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
[root@MIGUANG network-scripts]# iptables -A FORWARD -i eth1 -j ACCEPT
---改变转发包的功能
3)查看是否配置成功
[root@MIGUANG network-scripts]# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@MIGUANG network-scripts]# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
5、保存并重启iptables服务
[root@MIGUANG network-scripts]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables: [ OK ]
[root@MIGUANG network-scripts]# service iptables restart
iptables: Flushing firewall rules: [ OK ]
iptables: Setting chains to policy ACCEPT: nat filter [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
6、使用windows2008R2内部网络进行上网