This is a method of configuring a NAT router on Linux and NATing and communicating with one of the addresses of two VLANs. The content is for verification purposes and does not take security into consideration. Please be careful during production operation.
Suppose you have a VLAN operated by the following two organizations.
VLAN1: 192.168.1.0/24 VLAN2: 10.0.0.0/24
Now suppose you want to access 10.0.0.100 on VLAN2 from 192.168.1.100 on VLAN1. The VLAN1 side organization assumes that the 10.0.0.0/24 address is being used for other purposes, and the VLAN1 side makes the 10.0.0.100 address visible to 192.168.2.100. On the VLAN2 side, on the other hand, 192.168.1.100 can be accessed without address translation.
`SELINUX = disabled``` in `/ etc / selinux / config```.`net.ipv4.ip_forward = 1``` to `/etc/sysctl.conf```.iptables.# iptables -t nat -A POSTROUTING -d 192.168.1.100 -j SNAT --to-source 192.168.2.100
# iptables -t nat -A PREROUTING -d 192.168.2.100 -j DNAT --to-destination 10.0.0.100
The first line translates the source address to 192.168.2.100 when a packet with a destination of 192.168.1.100 is received. The second line translates the destination address to 10.0.0.100 when the destination receives a packet of 192.168.2.100. Specify PREROUTING so that the destination address is translated and then routed. This setting disappears when you restart, so please execute it every time you start. (I didn't know how to persist)
Recommended Posts