Firewall (Iptables NAT)

Others 2019-07-28 20:49:23 views: null
1.nat transparent forwarding source and destination addresses will not change the
environment configuration:
three machines:
one:
change the gateway: 
[root@whya ~]# ip route add default  via 192.168.60.160
[root@whya ~]# ip route del default via 192.168.60.2
[root@whya ~]# ip route list
default via 192.168.60.160 dev ens33 
192.168.60.0/24 dev ens33 proto kernel scope link src 192.168.60.130 metric 100

 

Taiwan:
add a new ip address: 
[root@whyd ~]# ip addr add 172.16.1.101/24 dev ens33

 

Open forwarding: 
[root@whyd ~]# echo 1 > /proc/sys/net/ipv4/ip_forward

 

Three:
Change the IP: 
[root@whye ~]# ip addr add 172.16.1.102/24 dev ens33
[root@whye ~]# ip addr del 192.168.60.170 dev ens33

 

Change the card: 
[root@whye ~]# ip route add default via 172.16.1.101
[root@whye ~]# ip route del default via 192.168.60.2

 

Test:
a:
[ 
root@whya ~]# ping  172.16.1.102
PING 172.16.1.102 (172.16.1.102) 56(84) bytes of data.
64 bytes from 172.16.1.102: icmp_seq=1 ttl=64 time=0.445 ms
64 bytes from 172.16.1.102: icmp_seq=2 ttl=64 time=0.290 ms
64 bytes from 172.16.1.102: icmp_seq=3 ttl=64 time=0.352 ms

 

Three: loaded packet capture tools: tcpdump 
[root@whye ~]# tcpdump -i ens33 -nn icmp
[root@whye ~]# tcpdump -i ens33 -nn icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
22:36:24.958462 IP 192.168.60.130 > 172.16.1.102: ICMP echo request, id 10102, seq 5, length 64
22:36:24.958496 IP 172.16.1.102 > 192.168.60.130: ICMP echo reply, id 10102, seq 5, length 64

 

2.sant private Internet address (to deal with fixed IP)
original address to address snat private network access problems to solve

Preparing the environment:
a:
point to the ip and gateway snat
Taiwan:
ip ready to
open forward 
[root@whyd ~]# echo 1 > /proc/sys/net/ipv4/ip_forward

 

Forwarding policies: 
[Whyd the root @ ~] # iptables -A the POSTROUTING -s -t NAT 192.168 . 60.0 / 24 -j-Source the SNAT --to 172.16 . 1.101 
   from 192. 168.60 . 0 data packet address / 24 out of 172 were changed. 16.1 . 101

 

Three:
ip preparation
 
Test:
a: 
[root@whya ~]# ping -c1 172.16.1.102
PING 172.16.1.103 (172.16.1.103) 56(84) bytes of data.
64 bytes from 172.16.1.102: icmp_seq=1 ttl=63 time=1.72 ms
--- 172.16.1.102 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.726/1.726/1.726/0.000 ms

 

Three: Ethereal 
[root@whye ~]# tcpdump -i ens33 -nn icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
22:39:50.413260 IP 172.16.1.101 > 172.16.1.102: ICMP echo request, id 10107, seq 1, length 64
22:39:50.413315 IP 172.16.1.102 > 172.16.1.101: ICMP echo reply, id 10107, seq 1, length 64

 

3.dant released within the network (dhcp variable response to ip)
 
masquerade disguise 
 
Environment:
a
change ip
designated gateway

Taiwan:
Open Forwarded 
[root@whyd ~]# echo 1 > /proc/sys/net/ipv4/ip_forward

 

Set policies: 
[Whyd the root @ ~] # iptables -A the POSTROUTING -s -t NAT 192.168 . 60.0 / 24 -d 172.16 . 1.0 / 24 - J MASQUERADE 
  from 192. 168.60 . 0 /24 up to 172. 16.1 . 0 Data / 24 packages camouflage

 

Three: the work is outside the network server
ip set
the gateway point
 
Test:
a: 
[root@whya ~]# ping -c1 172.16.1.102
PING 172.16.1.102 (172.16.1.102) 56(84) bytes of data.
64 bytes from 172.16.1.102: icmp_seq=1 ttl=63 time=1.10 ms
--- 172.16.1.102 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.100/1.100/1.100/0.000 ms

 

Three: 
[root@whye ~]# tcpdump -i ens33 -nn icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
23:25:13.278352 IP 172.16.1.101 > 172.16.1.102: ICMP echo request, id 10676, seq 1, length 64
23:25:13.278440 IP 172.16.1.102 > 172.16.1.101: ICMP echo reply, id 10676, seq 1, length 64

 

Test Internet:
a:
IP ready
gateway
ready apache and create a test page 
[in to the root @ whya the html] # echo out the nihao> varwwwhtmlindexhtml

 

Taiwan:
ip
gateway
forwards 
[root@whyd ~]# echo 1 > /proc/sys/net/ipv4/ip_forward

 

Strategy: 
[Whyd the root @ ~] # iptables -t -p TCP --dport the PREROUTING NAT -A 80 -j DNAT --to Where do you want- 192.168 . 60.130 : 80 
  for future request to port 192. 80 168.60 . 130 : 80

 

Three:
IP
Gateway

Test:
a: 
[root@whya html]# cat /var/www/html/index.html
nihao

 

Three: 
[root@whye ~]# curl http://172.16.1.101
nihao

 

Guess you like

Origin www.cnblogs.com/MR-ws/p/11259542.html
Recommended
Ranking
ElasticSearch-- data modeling best practices
Permission Maintenance - Shadow User Backdoor
Refactor the code using MVP mode
Quantitative investment-fundamental model-PVC multi-factor model
Spark Big Data Processing Lecture Notes 3.2 Mastering RDD Operators
Blazor page components (2)
Erlernen von Kenntnissen zur Android-Entwicklung – Kodierung, Verschlüsselung, Hash, Serialisierung und Zeichensätze
About Qi high in JAVA study notes SORM summary detailed personal explanation
Will you calculate the accuracy of the rope displacement sensor in the measurement?
OPENJTAG debugging learning (3): debugging using the gdb command line
Daily
More
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)

Code World

© 2018 codetd.com