Author: ken on commonly used in redhat7.2 ipchains since the default kernel modules are not installed, there will be using ipchains: Protocolnotavailable errors, don't think 7.2 backwards, in fact, it has been used to build more powerful iptables firewall.
Environment: internal network segments for 192.168.2.0, external network DDN is 10.19.78.0 network segments. External gateway to 10.19.78.1 configured gateway server intranet IP to IP 192.168.2.170, extranet, for 10.19.78.5 two addresses bound in a piece on the network card (double card, of course, better). Change the file permanently configure (1.) Modify/etc/sysconfig/network NETWORKING = yes FORWARD_IPV4 = yes HOSTNAME = server GATEWAY = 10.19.78.1 GATEWAYDEV = et0 # gateway to 10.19.78.1 (2.) In the create file/etc/sysconfig/network-scripts directory ifcfg-et1 DEVICE = et1 USERCTL = no ONBOOT = yes BOOTPROTO = BROADCAST = 10.19.78.7 NETWORK = 10.19.78.0 NETMASK = 255.255.255.248 IPADDR = 10.19.78.5 # native in superior network IP (3.) With the entry into force of the IP configuration/ect/rc.d/init.d/inetrestart (4.) Use the following scripts iptables write gw.s: # begin echo1 >/proc/sys/net/ipv4/ip_forward modprobeiptable_nat modprobeip_conntrack modprobeip_conntrack_tp iptables-FINPUT iptables-FFORWARD iptables-FPOSTROUTING-tnat iptables-tnat-iptables-PFORWARDDROP iptables-AFORWARD-s192.168.2.0/24-jACCEPT iptables-AFORWARD-ieth1-mstate--stateESTABLISHED, RELATED-jACCEPT iptables-tnat-APOSTROUTING-oeth1-s192.168.2.0/24-jSNAT--to10.19.78.5 # end into the gw.sh executable permissions to run, other machine as a gateway to the Internet! you can also reach the/ect/rc.d/rc.local last on purpose to run automatically. This is the most simple iptables, to construct powerful firewall, what we own.
No comments:
Post a Comment