Shulou(Shulou.com)06/01 Report--

Q: how do the packets of hosts in the LAN be sent out through the linux host?

1) go through the PREROUTING chain of NAT table first

2) determine whether the packet is going to enter the local machine after routing judgment. If not, the next step is to do so.

3) then go through the FORWARD chain of Filter table

4) send it out through the POSTROUTING chain of NAT table

POSTROUTING modifies the original IP-> SNAT (mainly for internal LAN connection to Internet)

PREROUTING modifies the target IP-> DNAT (mainly used for internal hosts to set up servers that can be accessed by Internet)

SNAT syntax:

Iptables-t nat-A POSTROUTING-s $innet-o $EXTIF-j MASQUERADE

Note: $innet is a LAN network

$EXTIF is the external interface

MASQUERADE: disguise lan IP as IP on external interface devices

Iptables-t nat POSTROUTING-o eth0-j SNAT-- to-source x.x.x.x/x.x.x.x-x.x.x.x

(no IP camouflage)

DNAT syntax:

Iptables-t nat-A PREROUTING-I eth0-p tcp-- dport 80

-j DNAT-- to-destination IP [: port]

-j REDIRECT-- to-ports

Example: forward packets required to connect to 80 to the port of 8080

Iptables-t nat-A PREROUTING-p tcp-- dport 80-j REDIRECT-- to-ports 8080

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.