Iptables Source NAT / Destination NAT

**<SPAN style="COLOR: #1f497d" lang=EN-US><?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /> </SPAN>** **<SPAN style="FONT-SIZE: 13pt" lang=EN-US><FONT color=#000000>Iptables Source NAT / Destination NAT</FONT></SPAN>**

**<SPAN style="FONT-SIZE: 13pt" lang=EN-US><FONT color=#000000 face="맑은 고딕"> </FONT></SPAN>**

<SPAN lang=EN-US><FONT color=#000000 size=2 face="맑은 고딕"> </FONT></SPAN>

<FONT color=#000000><SPAN lang=EN-US>eth1</SPAN>이 외부와 연결 되어 있고 사설<SPAN lang=EN-US> ip 192.168.100.10</SPAN>를 공인<SPAN lang=EN-US> ip 122.12.12.12</SPAN>로<SPAN lang=EN-US>SNAT/ DNAT</SPAN></FONT>

<FONT color=#000000>하는 예제 이다<SPAN lang=EN-US>. </SPAN>노란색으로 된 부분만 유동적으로 처리 하면된다<SPAN lang=EN-US>.</SPAN></FONT>

**<SPAN lang=EN-US><FONT color=#000000 size=2 face="맑은 고딕"> </FONT></SPAN>**

**<FONT color=#000000><SPAN lang=EN-US>1, SNAT/ DNAT </SPAN>추가<SPAN lang=EN-US></SPAN></FONT>**

<SPAN lang=EN-US><FONT color=#000000 size=2 face="맑은 고딕"> </FONT></SPAN>

<FONT color=#000000><SPAN lang=EN-US>1-1, </SPAN>가상 이더넷 추가 </FONT>



<SPAN style="COLOR: white" lang=EN-US>ifconfig </SPAN><SPAN style="COLOR: yellow" lang=EN-US>eth1:3</SPAN><SPAN style="COLOR: yellow" lang=EN-US> 12.1.12.12</SPAN><SPAN style="COLOR: white" lang=EN-US> netmask </SPAN><SPAN style="COLOR: yellow" lang=EN-US>255.255.255.0</SPAN><SPAN style="COLOR: white" lang=EN-US> up</SPAN>

<SPAN style="COLOR: #1f497d" lang=EN-US> </SPAN>

<FONT color=#000000><SPAN lang=EN-US>1-2,</SPAN>가상 이더넷 정보 저장</FONT>



<SPAN style="COLOR: white" lang=EN-US>echo “DEVICE=</SPAN><SPAN style="COLOR: yellow" lang=EN-US>eth1:3</SPAN><SPAN style="COLOR: white" lang=EN-US> </SPAN>


<SPAN style="COLOR: white" lang=EN-US>BOOTPROTO=static</SPAN>


<SPAN style="COLOR: white" lang=EN-US>IPADDR=</SPAN><SPAN style="COLOR: yellow" lang=EN-US>12.1.12.12</SPAN><SPAN style="COLOR: white" lang=EN-US></SPAN>


<SPAN style="COLOR: white" lang=EN-US>NETMASK=</SPAN><SPAN style="COLOR: yellow" lang=EN-US>255.255.255.0</SPAN><SPAN style="COLOR: white" lang=EN-US></SPAN>


<SPAN style="COLOR: white" lang=EN-US>ONBOOT=yes</SPAN>


<SPAN style="COLOR: white" lang=EN-US>TYPE=Ethernet”>/etc/sysconfig/network-scripts/</SPAN><SPAN style="COLOR: yellow" lang=EN-US>ifcfg-eth1:3</SPAN><SPAN style="COLOR: #1f497d" lang=EN-US></SPAN>

<SPAN style="COLOR: #1f497d" lang=EN-US> </SPAN>

<FONT color=#000000><SPAN lang=EN-US>1-3,NAT</SPAN>룰 추가</FONT>



<SPAN style="COLOR: yellow" lang=EN-US><SPAN style="COLOR: white" lang=EN-US>iptables -t nat -A PREROUTING -d <SPAN style="COLOR: yellow" lang=EN-US>12.1.12.12</SPAN> -j DNAT –to-destination <SPAN style="COLOR: yellow" lang=EN-US>192.168.100.10</SPAN><SPAN style="COLOR: yellow" lang=EN-US> </SPAN></SPAN></SPAN>
<SPAN style="COLOR: white" lang=EN-US><FONT color=#ffffff>iptables -t nat </FONT>
<FONT color=#ffffff>-A POSTROUTING -s</FONT> <SPAN style="COLOR: yellow" lang=EN-US>192.168.100.10 </SPAN><FONT color=#ffffff>-j SNAT –to-source</FONT> <SPAN style="COLOR: yellow" lang=EN-US>12.1.12.12</SPAN></SPAN><SPAN style="COLOR: white" lang=EN-US></SPAN>

<SPAN style="COLOR: #1f497d" lang=EN-US> </SPAN>

<FONT color=#000000><SPAN lang=EN-US>1-4,</SPAN>설정 저장 </FONT>



<SPAN style="COLOR: white" lang=EN-US>/etc/init.d/iptables save</SPAN>

<SPAN style="COLOR: #1f497d" lang=EN-US> </SPAN>

<FONT color=#000000><SPAN lang=EN-US>1-5, </SPAN>확인</FONT>



<SPAN style="COLOR: white; mso-themecolor: background1" lang=EN-US><FONT color=#ffffff face="맑은 고딕">iptables -L -t nat -n
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination        
DNAT       all  —  0.0.0.0/0            12.1.12.12          to:192.168.100.10
</FONT></SPAN>


<SPAN style="COLOR: white; mso-themecolor: background1" lang=EN-US><FONT color=#ffffff face="맑은 고딕">Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination        
SNAT       all  —  192.168.100.10       0.0.0.0/0           to:12.1.12.12
</FONT></SPAN>


<SPAN style="COLOR: white; mso-themecolor: background1" lang=EN-US><FONT color=#000000 face="맑은 고딕"><FONT color=#ffffff>Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        
[root@netggio ~]#
</FONT></FONT></SPAN>



<SPAN lang=EN-US><FONT color=#000000 size=2 face="맑은 고딕">target     prot opt source               destination</FONT></SPAN>

<SPAN style="COLOR: #1f497d" lang=EN-US> </SPAN>

<SPAN style="COLOR: #1f497d" lang=EN-US> </SPAN>

**<FONT color=#000000><SPAN lang=EN-US>2, SNAT/ DNAT </SPAN>제거<SPAN lang=EN-US></SPAN></FONT>**

<SPAN style="COLOR: #1f497d" lang=EN-US> </SPAN>

<FONT color=#000000><SPAN lang=EN-US>2-1, NAT </SPAN>룰 삭제</FONT>

<FONT color=#000000><SPAN lang=EN-US>




<SPAN style="COLOR: yellow" lang=EN-US><SPAN style="COLOR: white" lang=EN-US>iptables -t nat -D PREROUTING -d <SPAN style="COLOR: yellow" lang=EN-US>12.1.12.12</SPAN> -j DNAT –to-destination <SPAN style="COLOR: yellow" lang=EN-US>192.168.100.10</SPAN><SPAN style="COLOR: yellow" lang=EN-US> </SPAN></SPAN></SPAN>
<SPAN style="COLOR: white" lang=EN-US><FONT color=#ffffff>iptables -t nat </FONT>
<FONT color=#ffffff>-D POSTROUTING -s</FONT> <SPAN style="COLOR: yellow" lang=EN-US>192.168.100.10 </SPAN><FONT color=#ffffff>-j SNAT –to-source</FONT> <SPAN style="COLOR: yellow" lang=EN-US>12.1.12.12</SPAN></SPAN><SPAN style="COLOR: white" lang=EN-US></SPAN>

</P>

<SPAN style="COLOR: #1f497d" lang=EN-US> </SPAN>  2-2, </SPAN>설정 저장</FONT></FONT></FONT>



<SPAN style="COLOR: white" lang=EN-US>/etc/init.d/iptables save</SPAN>

<SPAN style="COLOR: #1f497d" lang=EN-US> </SPAN>

<FONT color=#000000><SPAN lang=EN-US>2-3, </SPAN>가상 이더넷 다운</FONT>



<SPAN style="COLOR: white" lang=EN-US>ifconfig </SPAN><SPAN style="COLOR: yellow" lang=EN-US>eth1:3</SPAN><SPAN style="COLOR: white" lang=EN-US> down</SPAN>

<SPAN style="COLOR: #1f497d" lang=EN-US> </SPAN>

<FONT color=#000000><SPAN lang=EN-US>2-4</SPAN>가상 이더넷 정보 삭제</FONT>



<SPAN style="COLOR: white" lang=EN-US>rm -rf /etc/sysconfig/network-scripts/</SPAN><SPAN style="COLOR: yellow" lang=EN-US>ifcfg-eth1:3</SPAN><SPAN style="COLOR: white" lang=EN-US></SPAN>

<SPAN style="COLOR: #1f497d" lang=EN-US> </SPAN>

<FONT color=#000000><SPAN lang=EN-US>2-5, </SPAN>확인</FONT>



<SPAN style="COLOR: white; mso-themecolor: background1" lang=EN-US>iptables -L -t nat -n</SPAN>


<SPAN style="COLOR: white; mso-themecolor: background1" lang=EN-US>Chain PREROUTING (policy ACCEPT)</SPAN>


<SPAN style="COLOR: white; mso-themecolor: background1" lang=EN-US>target     prot opt source               destination         </SPAN>


<SPAN style="COLOR: white; mso-themecolor: background1" lang=EN-US> </SPAN>


<SPAN style="COLOR: white; mso-themecolor: background1" lang=EN-US>Chain POSTROUTING (policy ACCEPT)</SPAN>


<SPAN style="COLOR: white; mso-themecolor: background1" lang=EN-US>target     prot opt source               destination         </SPAN>


<SPAN style="COLOR: white; mso-themecolor: background1" lang=EN-US> </SPAN>


<SPAN style="COLOR: white; mso-themecolor: background1" lang=EN-US>Chain OUTPUT (policy ACCEPT)</SPAN>


<SPAN style="COLOR: white; mso-themecolor: background1" lang=EN-US>target     prot opt source               destination</SPAN>

<SPAN lang=EN-US><FONT color=#000000 size=2 face="맑은 고딕"> </FONT></SPAN>

Written on August 5, 2010