NAT实现方法
NAT服务器功能:客户端可直接访问外部网络并隐藏客户端IP,使得外部网络无法直接访问内部网络设备,从而隔离内外网络。
设备要求
Linux服务器需具有两块网卡,以连接内部和外部网络网卡一地址172.16.0.20,网卡二地址192.168.1.10。
一台Windows客户端,其IP地址为172.16.0.10,网关为NAT服务器的第一快网卡地址172.16.0.20。
一台Linux客户端,其IP地址为192.168.1.10 。
NAT服务器参数如下
[root@localhost /]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:0C:29:48:42:FB
inet addr:172.16.0.20 Bcast:172.16.255.255 Mask:255.255.0.0
inet6 addr: fe80::20c:29ff:fe48:42fb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10145 errors:0 dropped:0 overruns:0 frame:0
TX packets:1377 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:815264 (796.1 KiB) TX bytes:141496 (138.1 KiB)
[root@localhost /]# ifconfig eth1
eth1 Link encap:Ethernet HWaddr 00:0C:29:48:42:05
inet addr:192.168.1.10 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe48:4205/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1043 errors:0 dropped:0 overruns:0 frame:0
TX packets:471 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:133474 (130.3 KiB) TX bytes:94884 (92.6 KiB)
Interrupt:16 Base address:0x1400
eth0 Link encap:Ethernet HWaddr 00:0C:29:48:42:FB
inet addr:172.16.0.20 Bcast:172.16.255.255 Mask:255.255.0.0
inet6 addr: fe80::20c:29ff:fe48:42fb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10145 errors:0 dropped:0 overruns:0 frame:0
TX packets:1377 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:815264 (796.1 KiB) TX bytes:141496 (138.1 KiB)
[root@localhost /]# ifconfig eth1
eth1 Link encap:Ethernet HWaddr 00:0C:29:48:42:05
inet addr:192.168.1.10 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe48:4205/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1043 errors:0 dropped:0 overruns:0 frame:0
TX packets:471 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:133474 (130.3 KiB) TX bytes:94884 (92.6 KiB)
Interrupt:16 Base address:0x1400
[root@localhost /]# cd /etc/sysconfig/network-scripts
[root@localhost network-scripts]# vi ifcfg-eth0
# Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]
DEVICE=eth0
BOOTPROTO=static
HWADDR=00:0C:29:48:42:FB
ONBOOT=yes
NETMASK=255.255.0.0
IPADDR=172.16.0.20
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
PEERDNS=yes
[root@localhost network-scripts]# vi ifcfg-eth1
# Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]
DEVICE=eth1
ONBOOT=yes
BOOTPROTO=static
HWADDR=00:0c:29:48:42:05
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
PEERDNS=yes
NETMASK=255.255.255.0
IPADDR=192.168.1.10
[root@localhost /]# service network restart
[root@localhost /]# echo "1" > /proc/sys/net/ipv4/ip_forward
[root@localhost /]# echo "1" > /proc/sys/net/ipv4/ip_forward
[root@localhost /]# iptables -t nat -A POSTROUTING -s 172.16.0/24 -j MASQUERADE
[root@localhost /]# iptables -t nat -L POSTROUTING
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 172.16.0.0/24 anywhere
Windows客户端
IP Address 172.16.0.10
netmask 255.255.0.0
Gateway 172.16.0.20
Linux客户端
[root@localhost]# ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:C0:9F:94:78:0E
inet addr:192.168.1.10 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::2c0:9fff:fe94:780e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:850 errors:0 dropped:0 overruns:0 frame:0
TX packets:628 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:369135 (360.4 KiB) TX bytes:75945 (74.1 KiB)
Interrupt:10 Base address:0x3000
eth0 Link encap:Ethernet HWaddr 00:C0:9F:94:78:0E
inet addr:192.168.1.10 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::2c0:9fff:fe94:780e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:850 errors:0 dropped:0 overruns:0 frame:0
TX packets:628 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:369135 (360.4 KiB) TX bytes:75945 (74.1 KiB)
Interrupt:10 Base address:0x3000
