IDC资讯中心
#!/bin/sh
#####################################
# example nat usage for 2.4 kernels #
# stephanie lockwood-childs 1/17/01 #
#####################################
#———————-#
# variable definitions #
#———————-#
ext=eth0
int=eth1
# “masquerading” example
priv_nets=”128.111.1.1 128.111.185.0/255.255.255.0″
masq_net=192.168.1.0/255.255.255.0
# “general snat” example
map_from=192.168.1.0/255.255.255.0
map_to=128.111.185.30-128.111.185.42
# “redirection” example
internal_ip=10.10.1.1
# “port forwarding” example
external_ip=128.111.1.200
news_server=10.10.1.38
mail_server=10.10.1.69
# “load balancing” example
virtual_server=news.sblug.com
server_range=10.10.1.9-10.10.1.15
#————-#
# nat section #
#————-#
#
# flush previous rules
#
iptables -t nat -f
#
# masquerading
#
# masquerading for outgoing connections, except privileged nets are exempt
for net in $priv_nets ; do
iptables -t nat -a postrouting -d $net -o $ext -j accept
done
iptables -t nat -a postrouting -s $masq_net -o $ext -j masquerade
#
# general snat
#
# internal computers w/ private ips “borrow” public ips of other internal computers to ssh out
iptables -t nat -a postrouting -s $map_from -o $ext -p tcp –dport ssh -j snat –to-source $map_to
iptables -t nat -a postrouting -s $map_from -o $ext -p udp –dport ssh -j snat –to-source $map_to
#
# redirection
#
# redirect internal net http traffic through squid proxy, but allow direct access to local web server
iptables -t nat -a prerouting -i $int -d ! $internal_ip -p tcp –dport www -j redirect –to-port 8080
#
# port forwarding
#
# forward gateway port 7000 to news server and gateway port 8000 to pop mail server
iptables -t nat -a prerouting -d $external_ip -p tcp –dport 7000 -j dnat –to-dest $news_server:nntp
iptables -t nat -a prerouting -d $external_ip -p tcp –dport 8000 -j dnat –to-dest $mail_server:pop3
#
# load balancing
#
# basic load balancing by redirecting nntp requests to any of several local news servers
iptables -t nat -a prerouting -d $virtual_server -p tcp –dport nntp -j dnat –to-dest $server_range
