Criando um gateway rapidamente, neste TipConf mostrarei os caminhos para setar um gateway rapidamente com regras em ComandLine.Eu utilizo-me deste cenário para implementar alguns testes na minha rede no VirtualBox.
Criarei dois subcenários, o primeiro quando desejo permitir o acesso entre as redes.
Inventário:
S/O : Debian 8.5 Kernel 3.16 [default]
eth0: Internet
eth1: 172.16.0.0/24 Lan1
eth2: 172.16.1.0/24 Lan2
Cenário 01:
Um ambiente onde as redes 172.16.0.0/24 e 172.16.1.0/24 se comuniquem.
root# echo 1 > /proc/sys/net/ipv4/ip_forward
root# iptables -t nat -A POSTROUTING -s 172.16.0.0/24 -o eth0 -j MASQUERADE
root# iptables -t nat -A POSTROUTING -s 172.16.1.0/24 -o eth0 -j MASQUERADE
root# iptables -nvL FORWARD && iptables -nvL POSTROUTING -t nat
stdout>
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * eth0 172.16.0.0/24 0.0.0.0/0
0 0 MASQUERADE all -- * eth0 172.16.1.0/24 0.0.0.0/0
stdout>
Cenário 02:
Um ambiente onde as redes 172.16.0.0/24 e 172.16.1.0/24 <b>não</b> se comuniquem.
root# echo 1 > /proc/sys/net/ipv4/ip_forward
root# iptables -t nat -A POSTROUTING -s 172.16.0.0/24 -o eth0 -j MASQUERADE
root# iptables -t nat -A POSTROUTING -s 172.16.1.0/24 -o eth0 -j MASQUERADE
root# iptables -A FORWARD -s 172.16.0.0/24 -d 172.16.1.0/24 -j DROP
root# iptables -A FORWARD -s 172.16.1.0/24 -d 172.16.0.0/24 -j DROP
root# iptables -nvL FORWARD && iptables -nvL POSTROUTING -t nat
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DROP all -- * * 172.16.0.0/24 172.16.1.0/24
0 0 DROP all -- * * 172.16.1.0/24 172.16.0.0/24
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * eth0 172.16.0.0/24 0.0.0.0/0
0 0 MASQUERADE all -- * eth0 172.16.1.0/24 0.0.0.0/0
Comments
Post a Comment