IP Masquerade
In an environment where security and other details are not a concern, a Linux machine can be simply turned into a router with NAT functionality, as in the following example.The following example masquerades (forwards packets from 192.168.118.0/24 by making the source IP of the packet look like this machine). This is often useful when communicating with external nodes from a machine inside a private network. The following command is executed on the Router machine shown in the figure.
# iptables -t nat -A POSTROUTING -s 192.168.118.0/24 -j MASQUERADE
Access from external
When you want to access a machine on 192.168.118.0/24 from the outside, use DNAT. The following is an example of forwarding packets to port 8022 of the Router machine being used as a router to port 22 of 192.168.118.10.# iptables -t nat -A PREROUTING -p tcp --dport 8022 -j DNAT --to-destination 192.168.118.10:22
Note
In addition to the above, IP routing must be allowed in the first place. If necessary, the following settings should also be made# echo 1 > /proc/sys/net/ipv4/ip_forward
No comments:
Post a Comment