PRC (Port Restricted Cone) NAT, how to configure by Linux IPTables
PRC NAT: An internal address (iAddr:iPort) is mapped to an external
address (eAddr:ePort), any packets from iAddr:iPort will be sent through
eAddr:ePort
Hardware: PC with double LAN card.
OS: Red HAT/CentOS
Interface:
eth0: Private IP block //Configure eth0 with
Private IP
eth1: Public IP
// Configure eth1 with Public IP
#vi PRCNAT.sh //Firewall script
#!/bin/bash
IPTABLES=/sbin/iptables
MODPROBE=/sbin/modprobe
INT_NET1=192.168.5.0/24
INT_IF=eth1
EXT_IF=eth0
###Flush
existing rules and set chain policy setting to DROP
echo
"[+] Flushing existing iptables rules..."
$IPTABLES
-F
$IPTABLES
-X
$IPTABLES
-F -t nat
$IPTABLES
-t nat -X
$IPTABLES
-t mangle -X
$IPTABLES
-t mangle -F
$IPTABLES
-P INPUT ACCEPT
$IPTABLES
-P OUTPUT ACCEPT
$IPTABLES
-P FORWARD ACCEPT
###### NAT
rules ######
echo
"[+] Setting up NAT rules..."
$IPTABLES
-t nat -A POSTROUTING -s $INT_NET1 -o $EXT_IF -j MASQUERADE
######
forwarding ######
echo
"[+] Enabling IP forwarding..."
echo 1
> /proc/sys/net/ipv4/ip_forward
####Saving
iptables rule#######
service
iptables save
service
iptables restart
Save and exit
#chmod +x PRCNAT.sh // Provide executable permission.
Run Firewall:
# sh PRCNAT.sh
No comments:
Post a Comment