防火墙内外网隔离实例

1: Linux firewall allow intranet workstation (windows8) to access internet
2: Workstation(windows8) get ip from Linux DHCP server.


防火墙内外网隔离实例_iptables 

条件

1: Computer with internet access
2: WMware workstation 9.0.
3: CentOS 6.4(firewall server).
4: CentOS 6.4(DHCP SERVER).

5: Windows 8 (Workstation).

解决方案

虚拟机

1: Install OS system in VMware.

防火墙内外网隔离实例_dhcp_02

2: OS Network Settings.

Firewall:

1: WAN Network(NAT)
2: LAN Network(Host Only)

防火墙内外网隔离实例_防火墙_03

DHCP

1: LAN Network.

防火墙内外网隔离实例_dhcp_04

Windows 8

1: LAN Network.

防火墙内外网隔离实例_防火墙_05

VM Hostonly Network

防火墙内外网隔离实例_iptables_06

防火墙

LAN(eth0) and WAN (eth1) Settings.
vi /etc/sysconfig/network-scripts/eth0

防火墙内外网隔离实例_防火墙_07

vi /etc/sysconfig/network-scripts/eth1

防火墙内外网隔离实例_iptables_08

Service network restart.

防火墙内外网隔离实例_iptables_09

Check Firewall ip, WAN: ifconfig eth0 LAN: ifconfig eth1

防火墙内外网隔离实例_防火墙_10

Check if can access internet: Ping www.google.com

防火墙内外网隔离实例_iptables_11

Check the Internet DNS, vi /etc/ resolv.conf

防火墙内外网隔离实例_iptables_12

vi /etc/rc.local, sh /etc/rc.local

防火墙内外网隔离实例_iptables_13

Check the Route, route -n.

防火墙内外网隔离实例_dhcp_14

echo "1" > /proc/sys/net/ipv4/ip_forward**

防火墙内外网隔离实例_iptables_15

IPTABLES

1: Firewall server: iptables -t nat -A PREROUTING -i eth0 -j DNAT --to-destination 192.168.1.99
2: Firewall server: iptables -t nat -A POSTROUTING -s 192.168.1.99 -o eth0 -j SNAT --to-source 192.168.60.130
3: Firewall server: iptables -t nat -L

防火墙内外网隔离实例_防火墙_16

DHCP服务器

vi /etc/sysconfig/network-scripts/ifcfg-eth0

防火墙内外网隔离实例_防火墙_17

vi /etc/dhcp/dhcpd.conf

防火墙内外网隔离实例_dhcp_18

Service dhcpd restart

防火墙内外网隔离实例_防火墙_19

Windows客户端

Ip settings

防火墙内外网隔离实例_dhcp_20

Check the Win8 if get ip from dhcp server. ipconfig/all

防火墙内外网隔离实例_dhcp_21

客户端测试上网

4: Win8 Workstation: Go to Win8 check, if can access internet.

防火墙内外网隔离实例_dhcp_22

5:service iptables stop: 再次打开网页,就不能网了


博主个人网站www.davis-wiki.com