HCM

Happy Coding Monkey

NAT配置

2014-03-27


时隔10年,又搞了一回NAT配置,兼顾学习了下路由表知识。

起因

分析某个移动APP的包协议

预备知识

http://www.rfc-editor.org/rfc/rfc3022.txt

网络拓扑图


       internet
          |
         WIFI                  * 
          |                    *
          | wlan0              *                                        
   +-----------------+ eth0    *    WAN +-----------------+
   |  Test PC (NAT)  |------------------|  TP-Link Router |--- WIFI
   +-----------------+         *        +-----------------+     |
                               *                                | 
                               *                                |
                               *                                |
					              +-----------------+
						      |  Android Phone  |
                                                      +-----------------+

IP配置

Test PC

路由配置

root@hp4400:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.16.13.163   0.0.0.0         UG    0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 wlan0
172.16.0.0      0.0.0.0         255.255.0.0     U     2      0        0 wlan0
172.16.13.163   0.0.0.0         255.255.255.255 UH    0      0        0 eth0
192.168.2.0     0.0.0.0         255.255.255.0   U     1      0        0 eth0

连接好网络后,Test PC反而不能上网。修改路由后才可以

root@hp4400:~# route del default gw 172.16.13.163 
root@hp4400:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 wlan0
172.16.0.0      0.0.0.0         255.255.0.0     U     2      0        0 wlan0
172.16.13.163   0.0.0.0         255.255.255.255 UH    0      0        0 eth0
192.168.2.0     0.0.0.0         255.255.255.0   U     1      0        0 eth0
root@hp4400:~# route add default gw 172.16.13.1 wlan0
root@hp4400:~# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.16.13.1     0.0.0.0         UG    0      0        0 wlan0
169.254.0.0     0.0.0.0         255.255.0.0     U     1000   0        0 wlan0
172.16.0.0      0.0.0.0         255.255.0.0     U     2      0        0 wlan0
172.16.13.163   0.0.0.0         255.255.255.255 UH    0      0        0 eth0
192.168.2.0     0.0.0.0         255.255.255.0   U     1      0        0 eth0

NAT配置

root@hp4400:~# echo "1" > /proc/sys/net/ipv4/ip_forward
root@hp4400:~# iptables  -t nat -A POSTROUTING  -s 192.168.2.0/24 -o wlan0 -j MASQUERADE
root@hp4400:~# iptables -L -t nat --line-numbers
Chain PREROUTING (policy ACCEPT)
num  target     prot opt source               destination

Chain INPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
num  target     prot opt source               destination

Chain POSTROUTING (policy ACCEPT)
num  target     prot opt source               destination
1    MASQUERADE  all  --  192.168.2.0/24       anywhere

搞定!