Benutzer-Werkzeuge

Webseiten-Werkzeuge


notiz:iptables-nat

iptables NAT

#! /bin/bash
 
IPTABLES=/sbin/iptables
 
WANIF='ens18'
LANIF='ens19'
 
# enable ip forwarding in the kernel
echo 'Enabling Kernel IP forwarding...'
/bin/echo 1 > /proc/sys/net/ipv4/ip_forward
 
# flush rules and delete chains
echo 'Flushing rules and deleting existing chains...'
$IPTABLES -F
$IPTABLES -X
 
# enable masquerading to allow LAN internet access
echo 'Enabling IP Masquerading and other rules...'
$IPTABLES -t nat -A POSTROUTING -o $LANIF -j MASQUERADE
$IPTABLES -A FORWARD -i $LANIF -o $WANIF -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -i $WANIF -o $LANIF -j ACCEPT
 
$IPTABLES -t nat -A POSTROUTING -o $WANIF -j MASQUERADE
$IPTABLES -A FORWARD -i $WANIF -o $LANIF -m state --state RELATED,ESTABLISHED -j ACCEPT
$IPTABLES -A FORWARD -i $LANIF -o $WANIF -j ACCEPT
 
echo 'Done.'

iptables persistieren wir unter iptables speichern

/etc/network/if-pre-up.d/ipforward
echo 1 > /proc/sys/net/ipv4/ip_forward
chmod +x /etc/network/if-pre-up.d/ipforward
notiz/iptables-nat.txt · Zuletzt geändert: 2020/02/21 20:10 von clerie