5.5. Destination NAT with netfilter (DNAT)
来源:互联网 发布:centos 设置ip地址 编辑:程序博客网 时间:2024/05/01 16:56
5.5. Destination NAT with netfilter (DNAT)
Destination NAT with netfilter is commonly used to publish a service from an internal RFC 1918 network to a publicly accessible IP. To enable DNAT, at least one iptables command is required. The connection tracking mechanism of netfilter will ensure that subsequent packets exchanged in either direction (which can be identified as part of the existing DNAT connection) are also transformed.
In a devilishly subtle difference, netfilter DNAT does not cause the kernel to answer ARP requests for the NAT IP, where iproute2 NAT automatically begins answering ARP requests for the NAT IP.
Example 5.5. Using DNAT for all protocols (and ports) on one IP
[root@real-server]#
iptables -t nat -A PREROUTING -d 10.10.20.99 -j DNAT --to-destination 10.10.14.2
In this example, all packets arriving on the router with a destination of 10.10.20.99 will depart from the router with a destination of 10.10.14.2.
Example 5.6. Using DNAT for a single port
[root@real-server]#
iptables -t nat -A PREROUTING -p tcp -d 10.10.20.99 --dport 80 -j DNAT --to-destination 10.10.14.2
Full network address translation, as performed with iproute2 can be simulated with both netfilter SNAT and DNAT, with the potential benefit (and attendent resource consumption) of connection tracking.
Example 5.7. Simulating full NAT with SNAT and DNAT
[root@real-server]#
iptables -t nat -A PREROUTING -d 205.254.211.17 -j DNAT --to-destination 192.168.100.17
[root@real-server]#
iptables -t nat -A POSTROUTING -s 192.168.100.17 -j SNAT --to-destination 205.254.211.17
5.5.1. Port Address Translation with DNAT
- 5.5. Destination NAT with netfilter (DNAT)
- Destination NAT with netfilter (DNAT)
- netfilter NAT
- NAT DNAT配置
- Netfilter之DNAT和SNAT
- NAT之SNAT和DNAT
- netfilter的nat 分析
- Netfilter,iptable与NAT
- Designing and Implementing Linux Firewalls with QoS using netfilter, iproute2, NAT and l7-filter
- netfilter之NAT代码解读
- 【Linux 驱动】Netfilter/iptables (八) Netfilter的NAT机制
- Linux系统如何平滑生效NAT-DNAT改进以及解释
- NAT的两种模式SNAT和DNAT介绍
- Netfilter connection tracking and nat helper modules
- Linux协议栈-netfilter(3)-NAT
- 防火墙、Iptables、netfilter/iptables、NAT 概述
- netfilter 链接跟踪机制与NAT原理
- destination
- 5.2. Application Layer Protocols with Embedded Network Information
- 5.3. Stateless NAT with iproute2
- An In-Depth Look into the Win32 Portable Executable File Format
- 今天是最后一天
- 5.4. Stateless NAT and Packet Filtering
- 5.5. Destination NAT with netfilter (DNAT)
- 5.6. Port Address Translation (PAT) from Userspace
- rename命令的简单使用
- upper protocol——MGCP
- 加密解密
- upper protocal ——EAP
- 优秀程序员的十个习惯
- 在VC6.0及VS中添加对话框oninitdialog()函数的方法
- OPhone模拟器加载和使用SDCard卡