This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision | ||
сервис_nat [2022/07/26 06:25] val [Debian/Ubuntu (iptables)] |
сервис_nat [2024/05/06 16:17] val [Debian/Ubuntu (iptables)] |
||
---|---|---|---|
Line 8: | Line 8: | ||
=== Заполнение таблицы nat (eth1 - внешний интерфейс) === | === Заполнение таблицы nat (eth1 - внешний интерфейс) === | ||
<code> | <code> | ||
- | debian11# apt install iptables | + | debian11_12# apt install iptables |
root@gate:~# apt install conntrack | root@gate:~# apt install conntrack | ||
Line 36: | Line 36: | ||
== Вариант 1 == | == Вариант 1 == | ||
- | Сохранение состояния iptables | + | == Сохранение состояния iptables == |
<code> | <code> | ||
root@gate:~# iptables-save > /etc/iptables.rules | root@gate:~# iptables-save > /etc/iptables.rules | ||
</code> | </code> | ||
- | Восстановление состояния iptables | + | == Восстановление состояния iptables == |
<code> | <code> | ||
root@gate:~# iptables-restore < /etc/iptables.rules | root@gate:~# iptables-restore < /etc/iptables.rules | ||
</code> | </code> | ||
- | Восстановление состояния iptables при загрузке | + | == Восстановление состояния iptables при загрузке == |
<code> | <code> | ||
root@gate:~# cat /etc/network/interfaces | root@gate:~# cat /etc/network/interfaces | ||
Line 63: | Line 63: | ||
# netfilter-persistent save | # netfilter-persistent save | ||
</code> | </code> | ||
+ | |||
+ | ==== nftables ==== | ||
+ | |||
+ | * [[https://wiki.nftables.org/wiki-nftables/index.php/Performing_Network_Address_Translation_(NAT)|Performing Network Address Translation (NAT)]] | ||
+ | * https://wiki.debian.org/nftables | ||
+ | |||
+ | <code> | ||
+ | gate### apt install nftables | ||
+ | |||
+ | gate# man nft | ||
+ | |||
+ | gate# nft add table nat | ||
+ | |||
+ | gate# nft 'add chain nat postrouting { type nat hook postrouting priority srcnat ; }' | ||
+ | |||
+ | gate# nft add rule nat postrouting ip saddr 192.168.X.0/24 oif eth1 snat to 172.16.1.X | ||
+ | gate# nft add rule nat postrouting ip saddr 192.168.100+X.0/24 oif eth1 snat to 172.16.1.X | ||
+ | |||
+ | gate# nft list ruleset | ||
+ | |||
+ | gate# nft flush ruleset | ||
+ | |||
+ | gate# systemctl enable nftables.service --now | ||
+ | |||
+ | gate# cat /etc/nftables.conf | ||
+ | </code><code> | ||
+ | ... | ||
+ | table ip nat { | ||
+ | chain postrouting { | ||
+ | type nat hook postrouting priority srcnat; policy accept; | ||
+ | ip saddr 192.168.100+X.0/24 oif "eth1" snat to 172.16.1.X | ||
+ | } | ||
+ | } | ||
+ | </code><code> | ||
+ | gate# systemctl reload nftables.service | ||
+ | </code> | ||
+ | |||
==== CentOS (firewalld) ==== | ==== CentOS (firewalld) ==== | ||