linux-packet-forwarding
Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
| linux-packet-forwarding [2017/08/22 08:01] – created baumi | linux-packet-forwarding [2022/01/29 11:27] (current) – [Basic outgoing masquerding script] baumi | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ~~META: | ~~META: | ||
| date created = 2017-04-01 09:00 | date created = 2017-04-01 09:00 | ||
| - | &date modified = 2017-04-01 09:00 | ||
| ~~ | ~~ | ||
| ====== Linux Packet Forwarding ====== | ====== Linux Packet Forwarding ====== | ||
| + | |||
| + | ===== Basic outgoing masquerding script ===== | ||
| <code bash> | <code bash> | ||
| #!/bin/bash | #!/bin/bash | ||
| network=192.168.3.0/ | network=192.168.3.0/ | ||
| ext_if=eth0 | ext_if=eth0 | ||
| - | | + | ext_ip=$(ip address show $ext_if | awk -F "[ /]" '/inet / { print $6 }') |
| - | echo 1 > /proc/net/ | + | |
| - | iptables -t nat -A POSTROUTING -s $network -o $ext_if -J MASQUERADE | + | # Turn off forwarding |
| + | echo 0 > /proc/sys/net/ | ||
| + | # Create NAT rule | ||
| + | iptables -t nat -I POSTROUTING -s $network -o $ext_if -j SNAT --to-source $ext_ip | ||
| + | # Create FW rules to allow traffic | ||
| + | iptables -I FORWARD -s $network -j ACCEPT | ||
| + | iptables -I FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT | ||
| + | # Turn on forwarding | ||
| + | echo 1 > / | ||
| + | </ | ||
| + | |||
| + | ===== Incoming port forwarding ===== | ||
| + | <code bash> | ||
| + | # | ||
| + | port=80 | ||
| + | host=192.168.3.80 | ||
| + | iptables -t nat -A PREROUTING -m tcp -p tcp --dport $port -j DNAT --to-destination $host:$port | ||
| </ | </ | ||
| {{tag>kb linux network iptables}} | {{tag>kb linux network iptables}} | ||
linux-packet-forwarding.1503381708.txt.gz · Last modified: 2017/08/22 08:01 by baumi