centos in the NAT iptable

CentOS5.3 NAT anyway neither reference n configuration methods to no avail.

 

Think it is a problem with the operating system, and 6.6, there is a configuration of the graphical boot interface, very easy to get.

 

Later found in English Web page

 

echo “1” > /proc/sys/net/ipv4/ip_forward

 

So that you can have. Looking for more place, finally know when this is in the OS system does not forward traffic by default, forces the forwarding method.

 

System forwards need to modify the configuration file as usual.

 

/etc/sysctl.conf

 

Inside

 

net.ipv4.ip_forward = 1

 

Does not work because the default value is 0,disable, switch 1 is enable.

 

sysctl -p

 

Update, restart can also, of course.

 

chkconfig iptables on

 

Normal open the firewall, as a service.

 

Then/etc/sysconfig/iptables the configuration file.

 

Using the add command is implemented here eth0 for the outside, eth1 for the internal

 

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

 

This is external not internal restrictions, the external IP address of the network adapter for DHCP is useful.

 

iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j SNAT –to-source 172.26.1.79

 

This is an internal network 192.168.1.0/24 and to the outside, replace the source address of 172.26.1.79

 

External access to internal servers, such as remote desktop

 

iptables -t nat PREROUTING -i eth0 -p tcp –dport 3389 -j DNAT –to-destination 192.168.1.2

 

-I entry of eth0 is the network card, input I mean;-p TCP, the Protocol is TCP;–dport 3389 port number is 3389,–to-destination is the internal server IP address

 

Only this was not enough, above is the NAT table,-t table is specified,

 

In the filter table also need to be configured

 

iptables -t filter -A FORWARD -i eth0 -m state –state NEW -m tcp -p tcp -d 192.168.1.2 –dport 3389 -j ACCEPT

 

Not release to the internal flow in the forward link is no good. Why the-d is 192.168.1.2, because in front of the PREROUTING NAT table has been NAT routing, reach FORWARD when dealing with processes, destination address from the NIC IP addresses 192.168.1.2 to enter of course can only be used in intranet intranet IP address filtering.

 

To forward traffic permits

 

iptables -A FORWARD -m state –state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -p icmp -j ACCEPT
iptables -A FORWARD -i lo -j ACCEPT
iptables -A FORWARD -o eth0 -j ACCEPT

 

Do not use the firewall system with graphic configuration using RH-Firewall-1-INPUT, get all messed up.

 

5.3 speed is very slow, remote desktop, images are fixed, see 5.3 default letter forwarded for a reason.

 

6.6 no problem, speed is also acceptable.

 

Here are a few network configuration commands

 

If there is only one network card, added later, then only the

 

/etc/sysconfig/network-scripts/ifcfg-eth0

 

No ifcfg-eth1, you can copy the ifcfg-eth0 to ifcfg-eth1, and then modify the contents.

 

Need network adapter hardware to view file

 

/etc/udev/rules.d/70-persistent-net.rules

 

Confirm that there are new network card, write down MAC address,

 

DEVICE=eth1

 

NAME=”System eth1″
HWADDR=00:50:56:A0:40:18
IPADDR=192.168.1.1
PREFIX=24
GATEWAY=
DNS1=
DOMAIN=

 

Modification, IP address, mask, and HWADDR is the MAC address, if the version is higher, UUID, and eth0 can be modified.

 

No gateway for network cards. PREFIX is the prefix, and the mask is a different wording. OS version, 5 writing NETMASK,6 is the PREFIX

 

iptables -F

 

Clears all the rules in the default table filter chain rules

 

iptables -X

 

Clear the default table filter user custom rule in the chain

 

/Etc/rc.d/init.d/iptables save or if service iptables save

 

Save command in the configuration, or restart no

 

service iptables restart

 

Restart services