Description: This is part of the Linux service to build a comprehensive article, this article can be used as a reference firewalld on Linux to do port forwarding and masquerading as well as extranet access network.
Note: All of this title are (according to the main article to build a comprehensive Linux basic services ) in order to do.
If you need to see the software version and host configuration requirements, according to its own directory view. Linux service to build a comprehensive article directory
====================================================
Linux to build an integrated infrastructure services
1, foundation created yum repository
3, YUM source through its publication httpd
4, rhel7 host installation JDK
5, foundation set up by Rsyslog centralized log server
6, foundation LAMP environment to build
7, foundation set up NFS service
8, rhel7 JAVA web environment to build (using Tomcat8 integrated httpd)
9, foundation self realization HTTPS CA
10, foundation kerberos configuration and NTP services, and secure NFS mount
11, foundation SAMBA to provide services
12, rhel7 configuration software ISCSI storage
13 rhel7 host configuration and port forwarding address masquerading
====================================================
Master Role Description
13 rhel7 host configuration and port forwarding address masquerading
13.1 concepts and considerations
13.1.1 Description
Since we here all hosts, including network, port forwarding and masquerading actually achieve little significance here is mainly to demonstrate outside the network within the access network,
Or in the case of different network segments or different departments within the company are in different network segments, we achieved masquerading and port forwarding to realize disguise the actual host and extranet access network.
13.1.2 address masquerading and port forwarding mode
Local port forwarding: do port forwarding in the machine, the goal is another port of the machine.
Destination Port Forwarding: In this machine to do port forwarding, the goal is to port other hosts.
Address disguise: in fact, NAT, network address translation, but does not need to think in firewalld Huawei, China's third-class routers, like the need to configure specific address pools, etc.,
Address masquerading can directly open, do target port forwarding must be configured address masquerading, as some implementations of the NAT router configuration generally say something here,
It has a lot of ways, mainly based NAT IP address, and port-based NAT, are interested you can go to look at the routing and switching and related network-related content, not repeat them here, so as not to deviate from the topic.
13.1.3 Notes
Note: To automatically forwarded to the foundation hosts to access this site through https https host site, that is the foundation of content,
The browser address bar is still native (rhel7 host), do not rewrite the whole station, where we can use a firewall (firewalld) rich port forwarding rules can be achieved,
However, to note that our goal is to configure port forwarding instead of a local port forwarding, in addition, we can also use the side firewall (firewalld) itself
To configure port forwarding configuration syntax (syntax and parameters more), but to a greater extent do precisely controlling the forwarding rules or the rules of good use of the rich,
At the same time rich rules we have more common, grammar is relatively simple, there is recommended to use the rich rule.
Here are two ways.
13.2 Configuring address masquerading and port forwarding
13.2.1 Configuring address masquerading
First, you must configure address masquerading (NAT) port to port forwarding to achieve the goal, firewalld in Redhat Enterprise Linux only need to open the address to disguise,
Not like Huawei, China Third NAT router configuration as do the specific configuration.
1 firewall-cmd --add-masquerade
13.2.2 configure port forwarding
Method 1: Use the rich rule
1 [root@rhel7 ~]# firewall-cmd --permanent --add-rich-rule='rule family=ipv4 forward-port port=443 to-port=443 protocol=tcp to-addr=172.25.0.55'
Second way: Using port forwarding syntax
1 [root@rhel7 ~]# firewall-cmd --permanent --add-forward-port=port=443:proto=tcp:toport=443:toaddr=172.25.0.55
13.3 Test
Firefox to import the certificate, and then address bar data https://rhel7.mei.com test site can be accessed.
Test our https site php pages can be accessed, and the same address in the address bar is rhel7.mei.com:
Lastly, I hope everyone comments, forward, comment and exchange! ! !