NAT_Router

 

上圖為我們的環境架構。

我們主要的設定皆在NAT Server(CentOS 6.5)上,eth0為10.10.1.1/16, Gateway為10.10.0.254,eth1為192.168.212.82/30,eth2為192.168.212.85/30


情境: 由eth1過來的封包且source ip為100.66.1.1/32, 100.66.1.2/32, 100.66.1.3/32. 這些封包將NAT為192.168.212.85並且由eth2出去。

考慮:
1. eth0為10.10.1.1/16, default gateway為10.10.0.254
2. Input為eth1, output為eth2.

 

# vim /etc/sysconfig/network-scripts/ifcfg-eth0
---------------------------------------------------
......
ONBOOT=yes
BOOTPROTO=none
IPADDR=10.10.1.1
NETMASK=255.255.0.0
GATEWAY=10.10.0.254
---------------------------------------------------

# vim /etc/sysconfig/network-scripts/ifcfg-eth1
---------------------------------------------------
......
ONBOOT=yes
BOOTPROTO=none
IPADDR=192.168.212.82
NETMASK=255.255.255.252
---------------------------------------------------

# vim /etc/sysconfig/network-scripts/ifcfg-eth2
---------------------------------------------------
......
ONBOOT=yes
BOOTPROTO=none
IPADDR=192.168.212.85
NETMASK=255.255.255.252
---------------------------------------------------

 

開啟NAT功能
# vim /etc/sysctl.conf
---------------------------------------------------
......
net.ipv4.ip_forward = 1
......
net.ipv4.tcp_keepalive_time = 86400 #單位: 秒
---------------------------------------------------

 

觀看sysctl.conf的設定, 以及 對sysctl.conf檔案生效
# sysctl -p

# service network restart

# iptables -F

更改由NAT Server出去的封包Source IP位址
# iptables -t nat -A POSTROUTING -s 100.66.1.1/32 -o eth2 -j SNAT --to-source 192.168.212.85
# iptables -t nat -A POSTROUTING -s 100.66.1.2/32 -o eth2 -j SNAT --to-source 192.168.212.85
# iptables -t nat -A POSTROUTING -s 100.66.1.3/32 -o eth2 -j SNAT --to-source 192.168.212.85

# iptables -P FORWARD ACCEPT

# iptables -P OUTPUT ACCEPT

# iptables -P INPUT ACCEPT

儲存iptables裡nat table的設定
# /etc/init.d/iptables save

# service iptables restart


設定開機後,自動設定static route
# vim /etc/rc.d/rc.local
---------------------------------------------------
......
# 設定218.0.0.0/8, 113.xxx.xxx.128/25, 122,xxx.xxx.128/26封包由eth2出去,並指向192.168.212.86的Gateway.
route add -net 218.0.0.0 netmask 255.0.0.0 gw 192.168.212.86 dev eth2
route add -net 113.xxx.xxx.128 netmask 255.255.255.128 gw 192.168.212.86 dev eth2
route add -net 122.xxx.xxx.128 netmask 255.255.255.192 gw 192.168.212.86 dev eth2
# 設定100.66.1.1/32, 100.66.1.2/32, 100.66.1.3/32封包由eth1出去,並指向192.168.212.81的Gateway.
route add -net 100.66.1.1 netmask 255.255.255.255 gw 192.168.212.81 dev eth1
route add -net 100.66.1.2 netmask 255.255.255.255 gw 192.168.212.81 dev eth1
route add -net 100.66.1.3 netmask 255.255.255.255 gw 192.168.212.81 dev eth1
---------------------------------------------------

重新開機
# reboot

 

 

如何看NAT設定:
1. # iptables -t nat -L -n

2. # vim /etc/sysconfig/iptables

如何看Static route的設定:
# route -n

 

 

 

dreamtails 發表在 痞客邦 PIXNET 留言(0) 人氣()