iptables NAT

iptables 로 NAT 설정해 사용하는 방법

1. 서버쪽 설정

eth0: public IP, eth1: private IP

/etc/sysctl.conf 에서 forwarding을 허용하도록 설정하고 sysctl커맨드로 적용한다.

# vi /etc/sysctl.conf

net.ipv4.ip_forward=1

# sysctl -e -p /etc/sysctl.conf

아래 규칙 적용. 여기서 eth0가 인터넷에 연결된 네트워크 인터페이스.

# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

규칙의 확인

 # iptables -t nat -L -v

Chain PREROUTING (policy ACCEPT 22600 packets, 2415K bytes)
pkts bytes target prot opt in out source destination

Chain INPUT (policy ACCEPT 14553 packets, 2097K bytes)
pkts bytes target prot opt in out source destination

Chain OUTPUT (policy ACCEPT 6628 packets, 479K bytes)
pkts bytes target prot opt in out source destination

Chain POSTROUTING (policy ACCEPT 6502 packets, 470K bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE tcp — any any 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
0 0 MASQUERADE udp — any any 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
0 0 MASQUERADE all — any any 192.168.122.0/24 !192.168.122.0/24
126 8273 MASQUERADE all — any any 192.168.100.0/24 anywhere

 

2. 클라이언트쪽 설정

게이트웨이를 서버쪽의 사설아이피로 설정해준다.

참고문서: http://web.mit.edu/rhel-doc/4/RH-DOCS/rhel-sg-ko-4/s1-firewall-ipt-fwd.html