====== 08 Ubuntu Nat iptables直 ====== ===== forwadを有効化 ===== sysctcl -w net.ipv4.ip_forward=1 ==== 再起動しても反映 ==== # grep net.ipv4.ip_forward /etc/sysctl.conf net.ipv4.ip_forward=1 ===== SNAT ===== 下記の状態で、eth1側から192.168.100.0/24からのアクセスだけIPマスカレードする。 |enp1s0|グローバル側|10.10.10.76| |enp6s0|ローカル側|192.168.100.76| iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A POSTROUTING -o enp1s0 -j MASQUERADE iptables -P FORWARD DROP iptables -A FORWARD -i enp6s0 -s 192.168.100.0/24 -j ACCEPT ===== iptables 永続化 ===== 下記で再起動後も反映するように設定しておく [[01_linux:30_ubuntu:03_ipables]] ====== Ubuntu NAT ufw編 ====== net.ipv4.ip_forward設定までは同じ ===== ufw enable ===== # ufw enable Command may disrupt existing ssh connections. Proceed with operation (y|n)? y Firewall is active and enabled on system startup ===== allow ssh ===== 現状の接続が切れるとSSHできなくなるので、すぐにSSHをEnableへ # ufw allow ssh Rule added Rule added (v6) ===== Nat設定 ===== # vi /etc/ufw/before.rules # FORWARD *filter -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i enp6s0 -s 192.168.100.0/24 -j ACCEPT COMMIT # NAT *nat -F :POSTROUTING ACCEPT [0:0] -A POSTROUTING -o enp1s0 -j MASQUERADE COMMIT ufw reload # ufw reload Firewall reloaded ===== 状態確認 ===== # ufw status Status: active To Action From -- ------ ---- 22/tcp ALLOW XXX.XXX.XXX.XXX {{tag>Ubuntu NAT}}