This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
сервис_nat [2020/12/02 14:57] val [Debian/Ubuntu (iptables)] |
сервис_nat [2022/07/26 06:26] val [Debian/Ubuntu (iptables)] |
||
---|---|---|---|
Line 8: | Line 8: | ||
=== Заполнение таблицы nat (eth1 - внешний интерфейс) === | === Заполнение таблицы nat (eth1 - внешний интерфейс) === | ||
<code> | <code> | ||
+ | debian11# apt install iptables | ||
+ | |||
root@gate:~# apt install conntrack | root@gate:~# apt install conntrack | ||
Line 30: | Line 32: | ||
</code> | </code> | ||
- | === Сохранение состояния iptables === | + | === Управление состоянием iptables === |
+ | |||
+ | == Вариант 1 == | ||
+ | |||
+ | = Сохранение состояния iptables = | ||
<code> | <code> | ||
root@gate:~# iptables-save > /etc/iptables.rules | root@gate:~# iptables-save > /etc/iptables.rules | ||
</code> | </code> | ||
- | === Восстановление состояния iptables === | + | = Восстановление состояния iptables = |
<code> | <code> | ||
root@gate:~# iptables-restore < /etc/iptables.rules | root@gate:~# iptables-restore < /etc/iptables.rules | ||
</code> | </code> | ||
- | === Восстановление состояния iptables при загрузке === | + | = Восстановление состояния iptables при загрузке = |
<code> | <code> | ||
root@gate:~# cat /etc/network/interfaces | root@gate:~# cat /etc/network/interfaces | ||
Line 51: | Line 57: | ||
</code> | </code> | ||
+ | == Вариант 2 == | ||
+ | <code> | ||
+ | # apt install iptables-persistent | ||
+ | |||
+ | # netfilter-persistent save | ||
+ | </code> | ||
==== CentOS (firewalld) ==== | ==== CentOS (firewalld) ==== | ||
Line 153: | Line 165: | ||
[gate:/etc] # /etc/rc.d/pf reload | [gate:/etc] # /etc/rc.d/pf reload | ||
</code> | </code> | ||
+ | |||
+ | ===== Поддержка протоколов приложений ===== | ||
+ | |||
+ | ==== tftp ==== | ||
+ | |||
+ | * [[https://unix.stackexchange.com/questions/579508/iptables-rules-to-forward-tftp-via-nat|iptables rules to forward tftp via NAT]] | ||
+ | |||
===== Мониторинг соединений ===== | ===== Мониторинг соединений ===== | ||
Line 177: | Line 196: | ||
[gate:~] # pfctl -F state | [gate:~] # pfctl -F state | ||
</code> | </code> | ||
+ | |||
+ | |||
+ | |||
===== Дополнительные материалы ===== | ===== Дополнительные материалы ===== | ||