In addition to Weibo, there is also WeChat
Please pay attention
WeChat public account
Shulou
2025-01-18 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >
Share
Shulou(Shulou.com)06/01 Report--
SNAT: source address translation, used to change one address of an ip packet to another
A: 192.168.100.100 eth0 user
B: 192.168.100.1 eth0
192.168.200.200 eth2 Firewall
C: 192.168.200.100 eth0 web container
A-> C
A-> B
B-> C
A user, visit the website on C, SNAT conversion process, A first visit B, that is, the fire situation of 192.168.100.1, and then visit the C website through the 192.168.200.200 of the firewall
The configuration process is as follows:
1) A: configure eth0 gateway: 192.168.100.1
2) B: configure eth2 gateway: 192.168.200.1
Note: gateway for configuring network card under suse: route add-net 192.168.200.200 netmask 255.255.255.0 gw 192.168.200.1 dev eth2
First of all, B needs to activate route forwarding:
Grep forward / etc/sysctl.conf | grep-v ^ #
Net.ipv4.ip_forward = 1
Secondly, configure the firewall to forward An access C to B access C.
That is, 192.168.100.100 Murray-> 192.168.200.100
Process: 192.168.100.100-> 192.168.200.200
192.168.200.200-> 192.168.200.100
Routing rules for iptables:
-A POSTROUTING-s 192.168.100.100-o eht0-j SNAT-- to-source 192.168.200.200
At this point, the DNAT is set up; next is the test.
Restart the firewall, or reload the firewall configuration file: / etc/init.d/iptables reload
Then, grab the bag and watch the interview process.
Tcpdump-i any port 80-s 0-w saved package name
DNAT: maps a set of local internal addresses to a set of global internal addresses
A: 192.168.100.100 eth0 user
B: 192.168.100.1 eth0
192.168.200.200 eth2 Firewall
C: 192.168.200.100 eth0 web container
A-> B
A-> B
B-> C
A user, visit Brector SNAT conversion process, A visits B, that is, 192.168.100.1 of the fire situation; in fact, the access process is that An accesses B, that is, 192.168.100.1 of the fire situation, and then firewall B accesses the web container of 192.168.200.100 C through 192.168.200.200
The configuration process is as follows:
1) C: configure eth0 gateway: 192.168.200.1
2) B: configuration
Eth0 Gateway: 192.168.100.1
Eth2 Gateway: 192.168.200.1
Note: gateway for configuring network card under suse: route add-net 192.168.200.200 netmask 255.255.255.0 gw 192.168.200.1 dev eth2
First of all, B needs to activate route forwarding:
Grep forward / etc/sysctl.conf | grep-v ^ #
Net.ipv4.ip_forward = 1
Secondly, configure the firewall to forward An access C to B access C.
Iptables-t nat-A PREROUTING-d 192.168.100.1-p tcp-m tcp-deport 80-I eth0-j DNAT-todestionation 192.168.200.100
Restart the firewall, or reload the firewall configuration file: / etc/init.d/iptables reload
Then, grab the bag and watch the interview process.
Tcpdump-i any port 80-s 0-w saved package name
Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.
Views: 0
*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.
Continue with the installation of the previous hadoop.First, install zookooper1. Decompress zookoope
"Every 5-10 years, there's a rare product, a really special, very unusual product that's the most un
Writing a Basic Packet Capture EngineHi: -), this section consists of a discussion on how to write a
© 2024 shulou.com SLNews company. All rights reserved.
12
Report
