Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to use iptables for NAT address translation when linux makes a firewall". Interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn how to use iptables for NAT address translation when linux is doing a firewall.

Brief introduction of address Mapping

DNAT address translation, client access server

SNAT address translation, server access client

Illustration

Note: configure network cards to be all configured in host-only mode

One: firewall configuration: two network cards, both in host-only mode Configure static ip [root@localhost ~] # cd / etc/sysconfig/network-scripts/ [root@localhost network-scripts] # cp-p ifcfg-ens33 ifcfg-ens36 [root@localhost network-scripts] # vim ifcfg-ens33 [root@localhost network-scripts] # vim ifcfg-ens36 [root@localhost network-scripts] # systemctl restart network [root@localhost network-scripts] # ifconfigens33: flags=4163 mtu 1500 inet 192.168.10.1 netmask 255.255.255.0 broadcast 192.168.10.255ens36: Flags=4163 mtu 1500 inet 12.0.0.1 netmask 255.255.255.0 broadcast 12.0.0.255 II: modify the network card on the web server Set up a web service to test whether it is connected to the linux firewall (temporarily turn off firewalld)

Web server:

Host-only mode, modify the network card

[root@localhost ~] # vim / etc/sysconfig/network-scripts/ifcfg-ens33 [root@localhost ~] # systemctl restart network [root@localhost ~] # ifconfigens33: flags=4163 mtu 1500 inet 192.168.10.10 netmask 255.255.255.0 broadcast 192.168.10.255

Ping Firewall verifies interconnection

[root@localhost ~] # ping 192.168.10.1PING 192.168.10.1 (192.168.10.1) 56 (84) bytes of data.64 bytes from 192.168.10.1: icmp_seq=1 ttl=64 time=2.09 ms64 bytes from 192.168.10.1: icmp_seq=2 ttl=64 time=0.903 ms64 bytes from 192.168.10.1: icmp_seq=3 ttl=64 time=0.984 Ms ^ C-- 192.168.10.1 ping statistics-3 packets transmitted, 3 received, 0% packet loss Time 2003msrtt min/avg/max/mdev = 0.903 ms 1.325 ms 2.090 Universe [root@localhost ~] #

Set up web service

[root@localhost ~] # yum install httpd-y [root@localhost ~] # vim / etc/httpd/conf/httpd.conf 41 Listen 192.168.10.10 etc/httpd/conf/httpd.conf 80 42 # Listen 8095 ServerName www.kgc.com:80 [root@localhost ~] # systemctl stop firewalld.service [root@localhost ~] # setenforce 0 [root@localhost ~] # systemctl start httpd [root@localhost ~] # netstat-natp | grep httpdtcp 0 192.168.10.10 setenforce 80 0.0. 0.0 * LISTEN 9437/httpd 3: client configuration address Test whether it is connected to linux firewall, and test whether it is connected to web service.

Client configuration ip address:

At this point, you can temporarily turn off the firewall of the firewall host, test whether it is interconnected, and then turn it on again.

C:\ Users\ GSY > ipconfigWindows IP configure Ethernet adapter Ethernet0: connect to a specific DNS suffix. . . . . . . Local link IPv6 address. . . . . . . . Fe80::3407:c668:fbd0:9316%3 IPv4 address. . . . . . . . . . . . 12.0.0.12 subnet mask. . . . . . . . . . . . 255.255.255.0 default gateway. . . . . . . . . . . . . : 12.0.0.1 C:\ Users\ GSY > ping 12.0.0.1 is Ping 12.0.0.1 with 32 bytes of data: reply from 12.0.0.1: byte = 32 time = 7ms TTL=64 from 12.0.0.1 reply: byte = 32 time

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.