====== 08 Ubuntu Nat iptables直 ======

===== forwadを有効化 =====

  sysctcl -w net.ipv4.ip_forward=1

==== 再起動しても反映 ====

  # grep net.ipv4.ip_forward /etc/sysctl.conf
  net.ipv4.ip_forward=1

===== SNAT =====

下記の状態で、eth1側から192.168.100.0/24からのアクセスだけIPマスカレードする。
|enp1s0|グローバル側|10.10.10.76|
|enp6s0|ローカル側|192.168.100.76|

  iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
  iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
  iptables -A POSTROUTING -o enp1s0 -j MASQUERADE
  
  iptables -P FORWARD DROP
  iptables -A FORWARD -i enp6s0 -s 192.168.100.0/24 -j ACCEPT 

===== iptables 永続化 =====

下記で再起動後も反映するように設定しておく
[[01_linux:30_ubuntu:03_ipables]]



====== Ubuntu NAT ufw編 ======

net.ipv4.ip_forward設定までは同じ

===== ufw enable =====

<code>
# ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup
</code>

===== allow ssh =====

現状の接続が切れるとSSHできなくなるので、すぐにSSHをEnableへ
<code>
# ufw allow ssh
Rule added
Rule added (v6)
</code>

===== Nat設定 =====

<code>
# vi /etc/ufw/before.rules

# FORWARD
*filter
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -i enp6s0 -s 192.168.100.0/24 -j ACCEPT
COMMIT

# NAT
*nat
-F
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o enp1s0 -j MASQUERADE
COMMIT
</code>

ufw reload
<code>
# ufw reload
Firewall reloaded
</code>


===== 状態確認 =====

<code>
# ufw status 
Status: active

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW       XXX.XXX.XXX.XXX
</code>
{{tag>Ubuntu NAT}}