iptables는 동일한 IP 주소를 가진 여러 장치를 NAT합니다

Question

나는 결코 iptables 전문가는 아니지만 이것이 결국 이것의 도움으로 작업하게 된 것입니다.기사위의 제안은 다음에서 나왔습니다.아룩크스.

#!/bin/bash

#flush routes
ip route flush 192.168.122.0/24
ip route flush 192.168.122.1
ip route flush default via 192.168.122.1

#flush iptables
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X

#NAT'd packet responses sent back to the eth0 ip
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.2.38
iptables -t nat -A POSTROUTING -j MASQUERADE

#Add a separate routing table and firewall mark for each incoming port  
ip rule add fwmark 4 table 4

#mark the packets
iptables -t mangle -A PREROUTING -p tcp --dport 8084 -j MARK --set-mark 4

#route through the appropriate interface    
ip route add 192.168.122.0/24 dev wlan4 table 4

#packets to 8084 nat'd to device 8080
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 8084 -j DNAT --to-destination 192.168.122.1:8080

#turn off spoofing protection
sysctl -w net.ipv4.conf.eth0.rp_filter=0

#do it for all the interfaces 
ip rule add fwmark 3 table 3
iptables -t mangle -A PREROUTING -p tcp --dport 8083 -j MARK --set-mark 3
ip route add 192.168.122.0/24 dev wlan3 table 3
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 8083 -j DNAT --to-destination 192.168.122.1:8080  

ip rule add fwmark 2 table 2
iptables -t mangle -A PREROUTING -p tcp --dport 8082 -j MARK --set-mark 2
ip route add 192.168.122.0/24 dev wlan2 table 2
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 8082 -j DNAT --to-destination 192.168.122.1:8080

ip rule add fwmark 1 table 1
iptables -t mangle -A PREROUTING -p tcp --dport 8081 -j MARK --set-mark 1
ip route add 192.168.122.0/24 dev wlan1 table 1
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 8081 -j DNAT --to-destination 192.168.122.1:8080

Answer 1

나는 결코 iptables 전문가는 아니지만 이것이 결국 이것의 도움으로 작업하게 된 것입니다.기사위의 제안은 다음에서 나왔습니다.아룩크스.

#!/bin/bash

#flush routes
ip route flush 192.168.122.0/24
ip route flush 192.168.122.1
ip route flush default via 192.168.122.1

#flush iptables
iptables -P INPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -P OUTPUT ACCEPT
iptables -t nat -F
iptables -t mangle -F
iptables -F
iptables -X

#NAT'd packet responses sent back to the eth0 ip
iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.2.38
iptables -t nat -A POSTROUTING -j MASQUERADE

#Add a separate routing table and firewall mark for each incoming port  
ip rule add fwmark 4 table 4

#mark the packets
iptables -t mangle -A PREROUTING -p tcp --dport 8084 -j MARK --set-mark 4

#route through the appropriate interface    
ip route add 192.168.122.0/24 dev wlan4 table 4

#packets to 8084 nat'd to device 8080
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 8084 -j DNAT --to-destination 192.168.122.1:8080

#turn off spoofing protection
sysctl -w net.ipv4.conf.eth0.rp_filter=0

#do it for all the interfaces 
ip rule add fwmark 3 table 3
iptables -t mangle -A PREROUTING -p tcp --dport 8083 -j MARK --set-mark 3
ip route add 192.168.122.0/24 dev wlan3 table 3
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 8083 -j DNAT --to-destination 192.168.122.1:8080  

ip rule add fwmark 2 table 2
iptables -t mangle -A PREROUTING -p tcp --dport 8082 -j MARK --set-mark 2
ip route add 192.168.122.0/24 dev wlan2 table 2
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 8082 -j DNAT --to-destination 192.168.122.1:8080

ip rule add fwmark 1 table 1
iptables -t mangle -A PREROUTING -p tcp --dport 8081 -j MARK --set-mark 1
ip route add 192.168.122.0/24 dev wlan1 table 1
iptables -t nat -A PREROUTING -i eth0 -p tcp -m tcp --dport 8081 -j DNAT --to-destination 192.168.122.1:8080

iptables는 동일한 IP 주소를 가진 여러 장치를 NAT합니다

답변1

관련 정보