Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Trace:
сервис_nat

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
Next revision Both sides next revision
сервис_nat [2014/07/04 15:51]
val [Ubuntu (iptables)] 		сервис_nat [2022/07/26 06:26]
val [Debian/Ubuntu (iptables)]
Line 1: Line 1:
 ====== Сервис NAT ====== ====== Сервис NAT ======
  
 +  * [[http://​stackoff.ru/​ip/​|Определение внутреннего IP-адреса за NAT и VPN через WebRTC]]
 ===== Трансляция на основе адреса отправителя ===== ===== Трансляция на основе адреса отправителя =====
  
-==== Ubuntu (iptables) ====+==== Debian/Ubuntu (iptables) ====
  
 === Заполнение таблицы nat (eth1 - внешний интерфейс) === === Заполнение таблицы nat (eth1 - внешний интерфейс) ===
 <​code>​ <​code>​
-root@gate:​~#​ apt-get install conntrack+debian11# apt install iptables 
 + 
 +root@gate:​~#​ apt install conntrack
  
 root@gate:​~#​ cat nat.sh root@gate:​~#​ cat nat.sh
Line 26: Line 29:
 root@gate:​~#​ iptables -t nat -n -L -v --line-numbers root@gate:​~#​ iptables -t nat -n -L -v --line-numbers
  
-root@gate:​~# ​apt-get install netstat-nat +root@gate:​~# ​conntrack ​-L
- +
-root@gate:​~#​ netstat-nat -n+
 </​code>​ </​code>​
  
-=== Сохранение состояния iptables ​===+=== Управление состоянием iptables === 
 + 
 +== Вариант 1 == 
 + 
 += Сохранение состояния iptables =
 <​code>​ <​code>​
 root@gate:​~#​ iptables-save > /​etc/​iptables.rules root@gate:​~#​ iptables-save > /​etc/​iptables.rules
 </​code>​ </​code>​
  
-=== Восстановление состояния iptables ​===+= Восстановление состояния iptables =
 <​code>​ <​code>​
 root@gate:​~#​ iptables-restore < /​etc/​iptables.rules root@gate:​~#​ iptables-restore < /​etc/​iptables.rules
 </​code>​ </​code>​
  
-=== Восстановление состояния iptables при загрузке ​===+= Восстановление состояния iptables при загрузке =
 <​code>​ <​code>​
 root@gate:​~#​ cat /​etc/​network/​interfaces root@gate:​~#​ cat /​etc/​network/​interfaces
Line 52: Line 57:
 </​code>​ </​code>​
  
 +== Вариант 2 ==
 +<​code>​
 +# apt install iptables-persistent
 +
 +# netfilter-persistent save
 +</​code>​
 +==== CentOS (firewalld) ====
 +
 +  * [[https://​www.mjhall.org/​centos-7-firewalld-nat-router.html|CentOS 7 firewalld NAT router]]
 ==== FreeBSD ==== ==== FreeBSD ====
  
Line 67: Line 81:
 pf_enable=yes pf_enable=yes
 </​code><​code>​ </​code><​code>​
-[gate:~] # /etc/rc.d/pf check+[gate:~] # service ​pf check
  
-[gate:~] # /etc/rc.d/pf start+[gate:~] # service ​pf start
  
 [gate:~] # pfctl -vs nat [gate:~] # pfctl -vs nat
Line 76: Line 90:
 ===== Трансляция портов сервисов ===== ===== Трансляция портов сервисов =====
  
-==== Ubuntu (iptables) ====+==== Debian/Ubuntu (iptables) ====
  
 <​code>​ <​code>​
Line 89: Line 103:
  
 iptables -t nat -A PREROUTING -i eth1 --destination 172.16.1.X -p tcp --dport 2222 -j DNAT --to-destination 192.168.X.10:​22 iptables -t nat -A PREROUTING -i eth1 --destination 172.16.1.X -p tcp --dport 2222 -j DNAT --to-destination 192.168.X.10:​22
-#iptables -t nat -A PREROUTING -i eth1 --destination 172.16.1.X -p tcp --dport 25 -j DNAT --to-destination 192.168.X.10:​25 
 iptables -t nat -A PREROUTING -i eth1 --destination 172.16.1.X -p tcp --dport 53 -j DNAT --to-destination 192.168.X.10:​53 iptables -t nat -A PREROUTING -i eth1 --destination 172.16.1.X -p tcp --dport 53 -j DNAT --to-destination 192.168.X.10:​53
 iptables -t nat -A PREROUTING -i eth1 --destination 172.16.1.X -p udp --dport 53 -j DNAT --to-destination 192.168.X.10:​53 iptables -t nat -A PREROUTING -i eth1 --destination 172.16.1.X -p udp --dport 53 -j DNAT --to-destination 192.168.X.10:​53
-iptables -t nat -A PREROUTING -i eth1 --destination 172.16.1.X -p tcp --dport ​80 -j DNAT --to-destination 192.168.X.10:​80 +#iptables -t nat -A PREROUTING -i eth1 --destination 172.16.1.X -p tcp --dport ​25 -j DNAT --to-destination 192.168.X.10:​25 
-iptables -t nat -A PREROUTING -i eth1 --destination 172.16.1.X -p tcp --dport 143 -j DNAT --to-destination 192.168.X.10:​143+#iptables -t nat -A PREROUTING -i eth1 --destination 172.16.1.X -p tcp --dport 465 -j DNAT --to-destination 192.168.X.10:​465 
 +#iptables -t nat -A PREROUTING -i eth1 --destination 172.16.1.X -p tcp --dport 587 -j DNAT --to-destination 192.168.X.10:​587 
 +#iptables -t nat -A PREROUTING -i eth1 --destination 172.16.1.X -p tcp --dport 143 -j DNAT --to-destination 192.168.X.10:​143 
 +#iptables -t nat -A PREROUTING -i eth1 --destination 172.16.1.X -p tcp --dport 80 -j DNAT --to-destination 192.168.X.10:​80 
 +#iptables -t nat -A PREROUTING -i eth1 --destination 172.16.1.X -p tcp --dport 5222 -j DNAT --to-destination 192.168.X.10:​5222
  
-#iptables -t nat -A PREROUTING -p tcp -s 192.168.100+X.0/​24 --dport 80 -j REDIRECT --to-port 3128 
  
 #iptables -t nat -A PREROUTING -i eth1 --destination 172.16.1.X -p udp --dport 5060 -j DNAT --to-destination 192.168.X.10:​5060 #iptables -t nat -A PREROUTING -i eth1 --destination 172.16.1.X -p udp --dport 5060 -j DNAT --to-destination 192.168.X.10:​5060
 +#iptables -t nat -A PREROUTING -i eth1 --destination 172.16.1.X -p tcp --dport 5061 -j DNAT --to-destination 192.168.X.10:​5061
 #iptables -t nat -A PREROUTING -i eth1 --destination 172.16.1.X -p udp -m multiport --dport 10000:20000 -j DNAT --to-destination 192.168.X.10 #iptables -t nat -A PREROUTING -i eth1 --destination 172.16.1.X -p udp -m multiport --dport 10000:20000 -j DNAT --to-destination 192.168.X.10
 #iptables -t nat -A PREROUTING -i eth1 --destination 172.16.1.X -p udp --dport 4569 -j DNAT --to-destination 192.168.X.10:​4569 #iptables -t nat -A PREROUTING -i eth1 --destination 172.16.1.X -p udp --dport 4569 -j DNAT --to-destination 192.168.X.10:​4569
Line 115: Line 132:
 ext_if="​em1"​ ext_if="​em1"​
 corp_net="​192.168.X/​24"​ corp_net="​192.168.X/​24"​
-pppoe_corp_net="​192.168.100+X/​24"​+#pppoe_corp_net="​192.168.100+X/​24"​
  
 ssh_server="​192.168.X.10"​ ssh_server="​192.168.X.10"​
Line 148: Line 165:
 [gate:/etc] # /​etc/​rc.d/​pf reload [gate:/etc] # /​etc/​rc.d/​pf reload
 </​code>​ </​code>​
 +
 +===== Поддержка протоколов приложений =====
 +
 +==== tftp ====
 +
 +  * [[https://​unix.stackexchange.com/​questions/​579508/​iptables-rules-to-forward-tftp-via-nat|iptables rules to forward tftp via NAT]]
 +
  
 ===== Мониторинг соединений ===== ===== Мониторинг соединений =====
Line 172: Line 196:
 [gate:~] # pfctl -F state [gate:~] # pfctl -F state
 </​code>​ </​code>​
 +
 +
 +
 ===== Дополнительные материалы ===== ===== Дополнительные материалы =====
  
сервис_nat.txt · Last modified: 2024/04/23 14:00 by val

Page Tools

Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
CC Attribution-Share Alike 4.0 International Donate Powered by PHP Valid HTML5 Valid CSS Run on Debian Driven by DokuWiki