1.nat transparent forwarding source and destination addresses will not change the
environment configuration:
three machines:
one:
change the gateway:
environment configuration:
three machines:
one:
change the gateway:
[root@whya ~]# ip route add default via 192.168.60.160 [root@whya ~]# ip route del default via 192.168.60.2 [root@whya ~]# ip route list default via 192.168.60.160 dev ens33 192.168.60.0/24 dev ens33 proto kernel scope link src 192.168.60.130 metric 100
Taiwan:
add a new ip address:
add a new ip address:
[root@whyd ~]# ip addr add 172.16.1.101/24 dev ens33
Open forwarding:
[root@whyd ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
Three:
Change the IP:
Change the IP:
[root@whye ~]# ip addr add 172.16.1.102/24 dev ens33 [root@whye ~]# ip addr del 192.168.60.170 dev ens33
Change the card:
[root@whye ~]# ip route add default via 172.16.1.101
[root@whye ~]# ip route del default via 192.168.60.2
Test:
a:
[
a:
[
root@whya ~]# ping 172.16.1.102 PING 172.16.1.102 (172.16.1.102) 56(84) bytes of data. 64 bytes from 172.16.1.102: icmp_seq=1 ttl=64 time=0.445 ms 64 bytes from 172.16.1.102: icmp_seq=2 ttl=64 time=0.290 ms 64 bytes from 172.16.1.102: icmp_seq=3 ttl=64 time=0.352 ms
Three:
loaded packet capture tools: tcpdump
[root@whye ~]# tcpdump -i ens33 -nn icmp [root@whye ~]# tcpdump -i ens33 -nn icmp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes 22:36:24.958462 IP 192.168.60.130 > 172.16.1.102: ICMP echo request, id 10102, seq 5, length 64 22:36:24.958496 IP 172.16.1.102 > 192.168.60.130: ICMP echo reply, id 10102, seq 5, length 64
2.sant private Internet address (to deal with fixed IP)
original address to address snat private network access problems to solve
original address to address snat private network access problems to solve
Preparing the environment:
a:
point to the ip and gateway snat
Taiwan:
ip ready to
open forward
ip ready to
open forward
[root@whyd ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
Forwarding policies:
[Whyd the root @ ~] # iptables -A the POSTROUTING -s -t NAT 192.168 . 60.0 / 24 -j-Source the SNAT --to 172.16 . 1.101 from 192. 168.60 . 0 data packet address / 24 out of 172 were changed. 16.1 . 101
Three:
ip preparation
ip preparation
Test:
a:
a:
[root@whya ~]# ping -c1 172.16.1.102 PING 172.16.1.103 (172.16.1.103) 56(84) bytes of data. 64 bytes from 172.16.1.102: icmp_seq=1 ttl=63 time=1.72 ms --- 172.16.1.102 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.726/1.726/1.726/0.000 ms
Three: Ethereal
[root@whye ~]# tcpdump -i ens33 -nn icmp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes 22:39:50.413260 IP 172.16.1.101 > 172.16.1.102: ICMP echo request, id 10107, seq 1, length 64 22:39:50.413315 IP 172.16.1.102 > 172.16.1.101: ICMP echo reply, id 10107, seq 1, length 64
3.dant released within the network (dhcp variable response to ip)
masquerade disguise
Environment:
a
change ip
designated gateway
a
change ip
designated gateway
Taiwan:
Open Forwarded
[root@whyd ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
Set policies:
[Whyd the root @ ~] # iptables -A the POSTROUTING -s -t NAT 192.168 . 60.0 / 24 -d 172.16 . 1.0 / 24 - J MASQUERADE from 192. 168.60 . 0 /24 up to 172. 16.1 . 0 Data / 24 packages camouflage
Three: the work is outside the network server
ip set
the gateway point
ip set
the gateway point
Test:
a:
a:
[root@whya ~]# ping -c1 172.16.1.102 PING 172.16.1.102 (172.16.1.102) 56(84) bytes of data. 64 bytes from 172.16.1.102: icmp_seq=1 ttl=63 time=1.10 ms --- 172.16.1.102 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.100/1.100/1.100/0.000 ms
Three:
[root@whye ~]# tcpdump -i ens33 -nn icmp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes 23:25:13.278352 IP 172.16.1.101 > 172.16.1.102: ICMP echo request, id 10676, seq 1, length 64 23:25:13.278440 IP 172.16.1.102 > 172.16.1.101: ICMP echo reply, id 10676, seq 1, length 64
Test Internet:
a:
IP ready
gateway
ready apache and create a test page
a:
IP ready
gateway
ready apache and create a test page
[in to the root @ whya the html] # echo out the nihao> varwwwhtmlindexhtml
Taiwan:
ip
gateway
forwards
ip
gateway
forwards
[root@whyd ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
Strategy:
[Whyd the root @ ~] # iptables -t -p TCP --dport the PREROUTING NAT -A 80 -j DNAT --to Where do you want- 192.168 . 60.130 : 80 for future request to port 192. 80 168.60 . 130 : 80
Three:
IP
Gateway
IP
Gateway
Test:
a:
[root@whya html]# cat /var/www/html/index.html nihao
Three:
[root@whye ~]# curl http://172.16.1.101 nihao