当前位置:网站首页>SNAT and DNAT
SNAT and DNAT
2022-07-23 05:55:00 【LEE_ September】
SNAT And DNAT
1.SNAT Principle and Application
SNAT Application environment :
LAN hosts share a single public network IP Address access Internet ( private IP Can't be in Internet Normal routing in )
SNAT principle :
Source address translation , Modify the source of the packet according to the specified conditions IP Address , It's usually called yuanyingxie
SNAT Conversion prerequisites :
① LAN hosts have been set correctly IP Address 、 Subnet mask 、 Default gateway address
②Linux Gateway on IP Routing and forwarding
linxu The system itself has no forwarding function , Only routing sends data
Temporarily open :
echo 1 > /proc/sys/net/ipv4/ip_forward
or
sysctl -w net.ipv4.ip_forward=1
Permanently open :
vim /etc/sysctl.conf
net.ipv4.ip_forward = 1 # Write this line to the configuration file
sysctl -p # The modified configuration will be taken
notes : Another way is static routing , This is more troublesome
SNAT transformation 1: Fixed public network IP Address :
# To configure SNAT Strategy , Realization snat function , Will all 192.168.100.0 This segment of ip Source ip Change it to 10.0.0.1
iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -o ens33 -j SNAT --to 10.0.0.1
Can be replaced by a separate IP Departure The network card Extranet IP
or
iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -o ens33 -j SNAT --to-source 10.0.0.1-10.0.0.10
Intranet IP Departure The network card Extranet IP Or address pool
SNAT transformation 2: Non fixed public network IP Address ( Shared dynamics IP Address ):
iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -o ens33 -j MASQUERADE
2.DNAT Principle and Application
DNAT Application environment :
stay Internet Publish servers located in the LAN
DNAT principle :
Destination address translation , Modify the purpose of the packet according to the specified conditions IP Address , Ensure the security of intranet server , It is often called destination mapping
DNAT Conversion prerequisites :
① LAN servers can access Internet
② The gateway's Internet address is correct DNS Parsing records
③Linux Gateway on IP Routing and forwarding
vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
sysctl -p
DNAT transformation 1: Publishing Intranet Web service
# Take from ens37 Come in and visit web The destination address of the service packet is converted to 192.168.100.13
iptables -t nat -A PREROUTING -i ens37 -d 10.0.0.1 -p tcp --dport 80 -j DNAT --to 192.168.100.13
Inbound Public network IP Intranet server IP
or
iptables -t nat -A PREROUTING -i ens37 -d 10.0.0.1 -p tcp --dport 80 -j DNAT --to-destination 192.168.100.13
Inbound Public network IP port Intranet server IP
notes : by default 80
Return packet
iptables -t nat -A POSTROUTING -s 192.168.100.13 -o ens37 -j SNAT --to 10.0.0.1
Intranet IP Outbound extranet card Internet address
You can do a domain name resolution on site
Inbound external network card IP
Intranet server IP
iptables -t nat -A PREROUTING -i ens37 -p tcp --dport 80 -j DNAT --to 192.168.100.13-192.168.100.20
Address segment
DNAT transformation 2: Modify the target port when publishing
# Publish the information inside the LAN OpenSSH The server , The external network host needs to use 250 Port to connect
iptables -t nat -A PREROUTING -i ens37 -d 10.0.0.1 -p tcp --dport 250 -j DNAT --to 192.168.100.13:22
Inbound extranet card Extranet IP Internet remote port Intranet IP And remote port number
# Use... In an extranet environment SSH test
ssh -p 250 [email protected]
yum -y install net-tools # If there is no ifconfig The command can be used in advance yum Installation
ifconfig ens33
iptables -nvL -t nat see
Be careful : Use DNAT when , At the same time, there is cooperation SNAT Use , In order to realize the correct return of the response packet
边栏推荐
- Ie settings - solve the problem of uploading upgrade packages with drive letter paths
- Regular expression I
- 判断 Map 中是否包含指定的 key 和 value
- Test case: register mailbox
- 第二天总结及测试用例作业
- zstuAcm夏令营旗手
- 使用pip使用报错:pip is configured with locations that require TLS/SSL
- Amber tutorial 4.6: hydrogen bond analysis of the system
- 移动应用分类
- 数字验证码识别完成自动化登录
猜你喜欢
Test case: register mailbox
Ie settings - solve the problem of uploading upgrade packages with drive letter paths
BeanShell内置变量prev的使用技巧
amber教程3.2:GPU查看和用pmemd引擎跑MD
Internet Explorer cross domain settings
讀《高效閱讀法-最劃算的自我投資》有感
学习Amber T3.3:隐式溶剂模型(GB)的MD
Basic process of sales service
性能测试流程
学习amber教程A17:伞形采样,绘制丙氨酸三肽的势能面
随机推荐
BeanShell内置变量prev的使用技巧
File类的使用,常用API及如何遍历目录及子目录
Day 2 summary and test case operation
Day03 --- flow chart operation -- scenario method
使用禅道的流程
Loops and functions
Teach you how to interview and keep away from interview fear
KMP
使用pip使用报错:pip is configured with locations that require TLS/SSL
读《卓有成效的管理者-德鲁克》
Optional一致性
About count=count++
Internet Explorer cross domain settings
指针学习日记(四)使用结构与指针(链表)
Selenium基础知识 自动登录QQ空间
关于如何在终端设置有颜色的字体
Lire la lecture efficace - l'auto - investissement le plus rentable
PXE高效批量网络装机
Learn the input file parameters of amber software MD
[original] software test example guidance