interfaces:

eth0(internal):
192.168.1.254
eth1(external):
aaa.bbb.ccc.ddd

enable forwarding:
sudo sysctl net.ipv4.ip_forward=1

iptables commands(can be saved to a shell script):

`clean up old rules`

iptables -F iptables -t nat -F iptables -t mangle -F iptables -X

`accept loopback traffic`

iptables -A INPUT -i lo -j ACCEPT

`allow internal connections`

iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i eth1 -o eth0 -m state --state ESTABLISHED,RELATED -j ACCEPT iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

`masquerade`

iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

`reject connections from eth1`

iptables -A FORWARD -i eth1 -o eth1 -j REJECT

Easy and fast!

backup the rules:

sudo iptables-save > /path/savedConfig

auto load the rules:

sudo sh -c "echo 'pre-up iptables-restore < /path/savedConfig' >> /etc/network/interfaces

日	一	二	三	四	五	六
					1	2
3	4	5	6	7	8	9
10	11	12	13	14	15	16
17	18	19	20	21	22	23
24	25	26	27	28	29	30

Peter Dave Hello's Blog

To live is to make the world better.

標籤彙整: NAT

Building NAT on Debian GNU/Linux with iptables