User Tools
сервис_nat
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
сервис_nat [2024/04/08 16:36] val [nftables] |
сервис_nat [2025/06/22 15:03] (current) val [Debian/Ubuntu (nftables)] |
||
|---|---|---|---|
| Line 8: | Line 8: | ||
| === Заполнение таблицы nat (eth1 - внешний интерфейс) === | === Заполнение таблицы nat (eth1 - внешний интерфейс) === | ||
| <code> | <code> | ||
| - | debian11# apt install iptables | + | debian11_12# apt install iptables |
| root@gate:~# apt install conntrack | root@gate:~# apt install conntrack | ||
| Line 67: | Line 67: | ||
| * [[https://wiki.nftables.org/wiki-nftables/index.php/Performing_Network_Address_Translation_(NAT)|Performing Network Address Translation (NAT)]] | * [[https://wiki.nftables.org/wiki-nftables/index.php/Performing_Network_Address_Translation_(NAT)|Performing Network Address Translation (NAT)]] | ||
| + | * https://wiki.debian.org/nftables | ||
| <code> | <code> | ||
| - | # apt install nftables | + | gate### apt install nftables |
| - | ... | + | gate# man nft |
| - | # nft add rule nat postrouting ip saddr 192.168.22.0/24 oif eth1 snat to 10.5.7.122 | + | |
| - | # nft list ruleset | + | gate# nft add table nat |
| - | # file /etc/nftables.conf | + | gate# nft 'add chain nat postrouting { type nat hook postrouting priority srcnat ; }' |
| - | # systemctl enable nftables.service | + | gate# nft add rule nat postrouting ip saddr 192.168.X.0/24 oif eth1 snat to 172.16.1.X |
| + | gate# nft add rule nat postrouting ip saddr 192.168.100+X.0/24 oif eth1 snat to 172.16.1.X | ||
| + | |||
| + | gate# nft list ruleset | ||
| + | |||
| + | gate# nft flush ruleset | ||
| + | |||
| + | gate# systemctl enable nftables.service --now | ||
| + | |||
| + | gate# cat /etc/nftables.conf | ||
| + | </code><code> | ||
| + | ... | ||
| + | table ip nat { | ||
| + | chain postrouting { | ||
| + | type nat hook postrouting priority srcnat; policy accept; | ||
| + | ip saddr 192.168.100+X.0/24 oif "eth1" snat to 172.16.1.X | ||
| + | } | ||
| + | } | ||
| + | </code><code> | ||
| + | gate# systemctl reload nftables.service | ||
| </code> | </code> | ||
| Line 143: | Line 162: | ||
| </code> | </code> | ||
| + | ==== Debian/Ubuntu (nftables) ==== | ||
| + | |||
| + | <code> | ||
| + | root@gate:~# cat /etc/nftables.conf | ||
| + | </code><code> | ||
| + | ... | ||
| + | table ip nat { | ||
| + | ... | ||
| + | chain prerouting { | ||
| + | type nat hook prerouting priority dstnat; policy accept; | ||
| + | ip daddr 172.16.1.X tcp dport 2222 dnat to 192.168.X.10:22 | ||
| + | ip daddr 172.16.1.X udp dport 53 dnat to 192.168.X.10 | ||
| + | ip daddr 172.16.1.X tcp dport 53 dnat to 192.168.X.10 | ||
| + | |||
| + | ip daddr 172.16.1.X tcp dport { 25, 80, 143, 465, 587, 5222 } dnat to 192.168.X.10 | ||
| + | |||
| + | ip daddr 172.16.1.X udp dport { 10000-20000 } dnat to 192.168.X.10 | ||
| + | ip daddr 172.16.1.X udp dport { 5060 } dnat to 192.168.X.10:5060 | ||
| + | # ip daddr 172.16.1.X udp dport { 6050 } dnat to 192.168.X.10:5060 | ||
| + | |||
| + | ip daddr 172.16.1.X tcp dport 5061 dnat to 192.168.X.10 | ||
| + | ip daddr 172.16.1.X udp dport 4569 dnat to 192.168.X.10 | ||
| + | |||
| + | } | ||
| + | } | ||
| + | </code><code> | ||
| + | root@gate:~# systemctl restart nftables.service | ||
| + | </code> | ||
| ==== FreeBSD (pf) ==== | ==== FreeBSD (pf) ==== | ||
| <code> | <code> | ||
сервис_nat.1712583401.txt.gz · Last modified: 2024/04/08 16:36 by val
Page Tools
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
