linux-packet-forwarding
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revisionNext revision | Previous revision | ||
| linux-packet-forwarding [2017/12/23 11:05] – [Linux Packet Forwarding] baumi | linux-packet-forwarding [2022/01/29 11:27] (current) – [Basic outgoing masquerding script] baumi | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ~~META: | ~~META: | ||
| date created = 2017-04-01 09:00 | date created = 2017-04-01 09:00 | ||
| - | &date modified = 2017-04-01 09:00 | ||
| ~~ | ~~ | ||
| ====== Linux Packet Forwarding ====== | ====== Linux Packet Forwarding ====== | ||
| Line 10: | Line 9: | ||
| network=192.168.3.0/ | network=192.168.3.0/ | ||
| ext_if=eth0 | ext_if=eth0 | ||
| - | | + | ext_ip=$(ip address show $ext_if | awk -F "[ /]" '/inet / { print $6 }') |
| + | |||
| + | # Turn off forwarding | ||
| + | echo 0 > / | ||
| + | # Create NAT rule | ||
| + | iptables -t nat -I POSTROUTING -s $network -o $ext_if -j SNAT --to-source $ext_ip | ||
| + | # Create FW rules to allow traffic | ||
| + | iptables -I FORWARD -s $network -j ACCEPT | ||
| + | iptables -I FORWARD -m conntrack --ctstate ESTABLISHED -j ACCEPT | ||
| + | # Turn on forwarding | ||
| echo 1 > / | echo 1 > / | ||
| - | iptables -t nat -A POSTROUTING -s $network -o $ext_if -j MASQUERADE | ||
| </ | </ | ||
| ===== Incoming port forwarding ===== | ===== Incoming port forwarding ===== | ||
| <code bash> | <code bash> | ||
| + | #!/bin/bash | ||
| port=80 | port=80 | ||
| host=192.168.3.80 | host=192.168.3.80 | ||
| iptables -t nat -A PREROUTING -m tcp -p tcp --dport $port -j DNAT --to-destination $host:$port | iptables -t nat -A PREROUTING -m tcp -p tcp --dport $port -j DNAT --to-destination $host:$port | ||
| </ | </ | ||
| - | |||
| {{tag>kb linux network iptables}} | {{tag>kb linux network iptables}} | ||
linux-packet-forwarding.1514023516.txt.gz · Last modified: by baumi