CentOS5.3 NAT anyway neither reference n configuration methods to no avail.
Think it is a problem with the operating system, and 6.6, there is a configuration of the graphical boot interface, very easy to get.
Later found in English Web page
echo “1” > /proc/sys/net/ipv4/ip_forward
So that you can have. Looking for more place, finally know when this is in the OS system does not forward traffic by default, forces the forwarding method.
System forwards need to modify the configuration file as usual.
net.ipv4.ip_forward = 1
Does not work because the default value is 0,disable, switch 1 is enable.
Update, restart can also, of course.
chkconfig iptables on
Normal open the firewall, as a service.
Then/etc/sysconfig/iptables the configuration file.
Using the add command is implemented here eth0 for the outside, eth1 for the internal
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
This is external not internal restrictions, the external IP address of the network adapter for DHCP is useful.
iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT –to-source 172.26.1.79
This is an internal network 192.168.1.0/24 and to the outside, replace the source address of 172.26.1.79
External access to internal servers, such as remote desktop
iptables -t nat PREROUTING -i eth0 -p tcp –dport 3389 -j DNAT –to-destination 192.168.1.2
-I entry of eth0 is the network card, input I mean;-p TCP, the Protocol is TCP;–dport 3389 port number is 3389,–to-destination is the internal server IP address
Only this was not enough, above is the NAT table,-t table is specified,
In the filter table also need to be configured
iptables -t filter -A FORWARD -i eth0 -m state –state NEW -m tcp -p tcp -d 192.168.1.2 –dport 3389 -j ACCEPT
Not release to the internal flow in the forward link is no good. Why the-d is 192.168.1.2, because in front of the PREROUTING NAT table has been NAT routing, reach FORWARD when dealing with processes, destination address from the NIC IP addresses 192.168.1.2 to enter of course can only be used in intranet intranet IP address filtering.
To forward traffic permits
iptables -A FORWARD -m state –state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p icmp -j ACCEPT
iptables -A FORWARD -i lo -j ACCEPT
iptables -A FORWARD -o eth0 -j ACCEPT
Do not use the firewall system with graphic configuration using RH-Firewall-1-INPUT, get all messed up.
5.3 speed is very slow, remote desktop, images are fixed, see 5.3 default letter forwarded for a reason.
6.6 no problem, speed is also acceptable.
Here are a few network configuration commands
If there is only one network card, added later, then only the
No ifcfg-eth1, you can copy the ifcfg-eth0 to ifcfg-eth1, and then modify the contents.
Need network adapter hardware to view file
Confirm that there are new network card, write down MAC address,
Modification, IP address, mask, and HWADDR is the MAC address, if the version is higher, UUID, and eth0 can be modified.
No gateway for network cards. PREFIX is the prefix, and the mask is a different wording. OS version, 5 writing NETMASK,6 is the PREFIX
Clears all the rules in the default table filter chain rules
Clear the default table filter user custom rule in the chain
/Etc/rc.d/init.d/iptables save or if service iptables save
Save command in the configuration, or restart no
service iptables restart