Iptables Source NAT / Destination NAT
**<SPAN style="COLOR: #1f497d" lang=EN-US><?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />
**<SPAN style="FONT-SIZE: 13pt" lang=EN-US>
<SPAN lang=EN-US>
<FONT color=#000000><SPAN lang=EN-US>eth1</SPAN>이 외부와 연결 되어 있고 사설<SPAN lang=EN-US> ip 192.168.100.10</SPAN>를 공인<SPAN lang=EN-US> ip 122.12.12.12</SPAN>로<SPAN lang=EN-US>SNAT/ DNAT</SPAN></FONT>
<FONT color=#000000>하는 예제 이다<SPAN lang=EN-US>. </SPAN>노란색으로 된 부분만 유동적으로 처리 하면된다<SPAN lang=EN-US>.</SPAN></FONT>
**<SPAN lang=EN-US>
**<FONT color=#000000><SPAN lang=EN-US>1, SNAT/ DNAT </SPAN>추가<SPAN lang=EN-US>
<SPAN lang=EN-US>
<FONT color=#000000><SPAN lang=EN-US>1-1, </SPAN>가상 이더넷 추가 </FONT>
<SPAN style="COLOR: white" lang=EN-US>ifconfig </SPAN><SPAN style="COLOR: yellow" lang=EN-US>eth1:3</SPAN><SPAN style="COLOR: yellow" lang=EN-US> 12.1.12.12</SPAN><SPAN style="COLOR: white" lang=EN-US> netmask </SPAN><SPAN style="COLOR: yellow" lang=EN-US>255.255.255.0</SPAN><SPAN style="COLOR: white" lang=EN-US> up |
<SPAN style="COLOR: #1f497d" lang=EN-US>
<FONT color=#000000><SPAN lang=EN-US>1-2,</SPAN>가상 이더넷 정보 저장</FONT>
<SPAN style="COLOR: white" lang=EN-US>echo “DEVICE=</SPAN><SPAN style="COLOR: yellow" lang=EN-US>eth1:3</SPAN><SPAN style="COLOR: white" lang=EN-US> <SPAN style="COLOR: white" lang=EN-US>BOOTPROTO=static <SPAN style="COLOR: white" lang=EN-US>IPADDR=</SPAN><SPAN style="COLOR: yellow" lang=EN-US>12.1.12.12</SPAN><SPAN style="COLOR: white" lang=EN-US> <SPAN style="COLOR: white" lang=EN-US>NETMASK=</SPAN><SPAN style="COLOR: yellow" lang=EN-US>255.255.255.0</SPAN><SPAN style="COLOR: white" lang=EN-US> <SPAN style="COLOR: white" lang=EN-US>ONBOOT=yes <SPAN style="COLOR: white" lang=EN-US>TYPE=Ethernet”>/etc/sysconfig/network-scripts/</SPAN><SPAN style="COLOR: yellow" lang=EN-US>ifcfg-eth1:3</SPAN><SPAN style="COLOR: #1f497d" lang=EN-US> |
<SPAN style="COLOR: #1f497d" lang=EN-US>
<FONT color=#000000><SPAN lang=EN-US>1-3,NAT</SPAN>룰 추가</FONT>
<SPAN style="COLOR: yellow" lang=EN-US><SPAN style="COLOR: white" lang=EN-US>iptables -t nat -A PREROUTING -d <SPAN style="COLOR: yellow" lang=EN-US>12.1.12.12</SPAN> -j DNAT –to-destination <SPAN style="COLOR: yellow" lang=EN-US>192.168.100.10</SPAN><SPAN style="COLOR: yellow" lang=EN-US> </SPAN></SPAN></SPAN> |
<SPAN style="COLOR: #1f497d" lang=EN-US>
<FONT color=#000000><SPAN lang=EN-US>1-4,</SPAN>설정 저장 </FONT>
<SPAN style="COLOR: white" lang=EN-US>/etc/init.d/iptables save |
<SPAN style="COLOR: #1f497d" lang=EN-US>
<FONT color=#000000><SPAN lang=EN-US>1-5, </SPAN>확인</FONT>
<SPAN style="COLOR: white; mso-themecolor: background1" lang=EN-US><FONT color=#ffffff face="맑은 고딕">iptables -L -t nat -n <SPAN style="COLOR: white; mso-themecolor: background1" lang=EN-US><FONT color=#ffffff face="맑은 고딕">Chain POSTROUTING (policy ACCEPT) <SPAN style="COLOR: white; mso-themecolor: background1" lang=EN-US><FONT color=#000000 face="맑은 고딕"><FONT color=#ffffff>Chain OUTPUT (policy ACCEPT) <SPAN lang=EN-US><FONT color=#000000 size=2 face="맑은 고딕">target prot opt source destination</FONT></SPAN> |
<SPAN style="COLOR: #1f497d" lang=EN-US>
<SPAN style="COLOR: #1f497d" lang=EN-US>
**<FONT color=#000000><SPAN lang=EN-US>2, SNAT/ DNAT </SPAN>제거<SPAN lang=EN-US>
<SPAN style="COLOR: #1f497d" lang=EN-US>
<FONT color=#000000><SPAN lang=EN-US>2-1, NAT </SPAN>룰 삭제</FONT>
<FONT color=#000000><SPAN lang=EN-US><SPAN style="COLOR: yellow" lang=EN-US><SPAN style="COLOR: white" lang=EN-US>iptables -t nat -D PREROUTING -d <SPAN style="COLOR: yellow" lang=EN-US>12.1.12.12</SPAN> -j DNAT –to-destination <SPAN style="COLOR: yellow" lang=EN-US>192.168.100.10</SPAN><SPAN style="COLOR: yellow" lang=EN-US> </SPAN></SPAN></SPAN> |
<SPAN style="COLOR: #1f497d" lang=EN-US>
<SPAN style="COLOR: white" lang=EN-US>/etc/init.d/iptables save |
<SPAN style="COLOR: #1f497d" lang=EN-US>
<FONT color=#000000><SPAN lang=EN-US>2-3, </SPAN>가상 이더넷 다운</FONT>
<SPAN style="COLOR: white" lang=EN-US>ifconfig </SPAN><SPAN style="COLOR: yellow" lang=EN-US>eth1:3</SPAN><SPAN style="COLOR: white" lang=EN-US> down |
<SPAN style="COLOR: #1f497d" lang=EN-US>
<FONT color=#000000><SPAN lang=EN-US>2-4</SPAN>가상 이더넷 정보 삭제</FONT>
<SPAN style="COLOR: white" lang=EN-US>rm -rf /etc/sysconfig/network-scripts/</SPAN><SPAN style="COLOR: yellow" lang=EN-US>ifcfg-eth1:3</SPAN><SPAN style="COLOR: white" lang=EN-US> |
<SPAN style="COLOR: #1f497d" lang=EN-US>
<FONT color=#000000><SPAN lang=EN-US>2-5, </SPAN>확인</FONT>
<SPAN style="COLOR: white; mso-themecolor: background1" lang=EN-US>iptables -L -t nat -n <SPAN style="COLOR: white; mso-themecolor: background1" lang=EN-US>Chain PREROUTING (policy ACCEPT) <SPAN style="COLOR: white; mso-themecolor: background1" lang=EN-US>target prot opt source destination <SPAN style="COLOR: white; mso-themecolor: background1" lang=EN-US> <SPAN style="COLOR: white; mso-themecolor: background1" lang=EN-US>Chain POSTROUTING (policy ACCEPT) <SPAN style="COLOR: white; mso-themecolor: background1" lang=EN-US>target prot opt source destination <SPAN style="COLOR: white; mso-themecolor: background1" lang=EN-US> <SPAN style="COLOR: white; mso-themecolor: background1" lang=EN-US>Chain OUTPUT (policy ACCEPT) <SPAN style="COLOR: white; mso-themecolor: background1" lang=EN-US>target prot opt source destination</SPAN> |
<SPAN lang=EN-US>