pavlar
March 8, 2024, 6:04am
1
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -N TCP
iptables -N UDP
ptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
iptables -A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i enp7s0 -o enp8s0 10.44.0.0/16 -j ACCEPT
iptables -A FORWARD -i enp8s0 -o enp7s0 10.44.0.0/16 -j AACEPT
iptables -A POSTROUTING -s 10.44.0.0/16 -o enp7s0 -j SNAT –to-source ( ip-wan)
iptables -A fw-interfaces -i enp7s0 -j ACCEPT
iptables -t nat -A POSTROUTING -s 10.44.0.0/16 -o (ip -wan ) -j MASQUERADE
*(enp7s0 LAN network card, enp8s0 WAN network card)
sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
pavlar
March 8, 2024, 6:55am
2
iptables -A POSTROUTING -s 10.44.0.0/16 -o enp7s0 -j SNAT --to-source ip-wan
iptables: No chain/target/match by that name.
(masquerade with these ip is entered without errors)
iptables -A FORWARD -i enp7s0 -o enp8s0 10.44.0.0/16 -j ACCEPT
Bad argument `10.44.0.0/16’
It worked on Debian
pavlar
March 8, 2024, 1:13pm
3
iptables-save
Generated by iptables-save v1.8.10 on Fri Mar 8 15:09:03 2024
*nat
:PREROUTING ACCEPT [11905:1058629]
:INPUT ACCEPT [11905:1058629]
:OUTPUT ACCEPT [5806:542734]
:POSTROUTING ACCEPT [5760:537300]
-A POSTROUTING -s 10.44.0.0/16 -o enp2s0 -j MASQUERADE
COMMIT
Completed on Fri Mar 8 15:09:03 2024
Generated by iptables-save v1.8.10 on Fri Mar 8 15:09:03 2024
*mangle
:PREROUTING ACCEPT [277335:219341041]
:INPUT ACCEPT [277334:219341001]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [189947:31367948]
:POSTROUTING ACCEPT [189986:31373372]
COMMIT
Completed on Fri Mar 8 15:09:03 2024
Generated by iptables-save v1.8.10 on Fri Mar 8 15:09:03 2024
*raw
:PREROUTING ACCEPT [277335:219341041]
:OUTPUT ACCEPT [189947:31367948]
COMMIT
Completed on Fri Mar 8 15:09:03 2024
Generated by iptables-save v1.8.10 on Fri Mar 8 15:09:03 2024
*security
:INPUT ACCEPT [277334:219341001]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [189947:31367948]
COMMIT
Completed on Fri Mar 8 15:09:03 2024
Generated by iptables-save v1.8.10 on Fri Mar 8 15:09:03 2024
*filter
:INPUT ACCEPT [9521:2326611]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [50151:8765723]
:TCP - [0:0]
:UDP - [0:0]
:fw-interfaces - [0:0]
:fw-open - [0:0]
-A FORWARD -s 10.44.0.0/16 -j ACCEPT
-A FORWARD -d 10.44.0.0/16 -j ACCEPT
*(This is the result after I wrote it:
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o enp2s0 -s 10.44.0.0/16 -j MASQUERADE
iptables -I FORWARD -d 10.44.0.0/16 -j ACCEPT
iptables -I FORWARD -s 10.44.0.0/16 -j ACCEPT
But traffic still does not pass through NAT from the local network address 10.44.7.77)
pavlar
March 8, 2024, 2:02pm
4
I add:
iptables -A FORWARD -j fw-interfaces
iptables -A FORWARD -j fw-open
iptables -A fw-interfaces -i enp2s0 -j ACCEPT
still doesn’t work
iptables-save
Generated by iptables-save v1.8.10 on Fri Mar 8 16:39:06 2024
*nat
:PREROUTING ACCEPT [12733:1134668]
:INPUT ACCEPT [12733:1134668]
:OUTPUT ACCEPT [6586:610540]
:POSTROUTING ACCEPT [6540:605106]
-A POSTROUTING -s 10.44.0.0/16 -o enp2s0 -j MASQUERADE
COMMIT
Completed on Fri Mar 8 16:39:06 2024
Generated by iptables-save v1.8.10 on Fri Mar 8 16:39:06 2024
*mangle
:PREROUTING ACCEPT [310332:239397578]
:INPUT ACCEPT [310331:239397538]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [214072:38102625]
:POSTROUTING ACCEPT [214111:38108049]
COMMIT
Completed on Fri Mar 8 16:39:06 2024
Generated by iptables-save v1.8.10 on Fri Mar 8 16:39:06 2024
*raw
:PREROUTING ACCEPT [310332:239397578]
:OUTPUT ACCEPT [214072:38102625]
COMMIT
Completed on Fri Mar 8 16:39:06 2024
Generated by iptables-save v1.8.10 on Fri Mar 8 16:39:06 2024
*security
:INPUT ACCEPT [310331:239397538]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [214072:38102625]
COMMIT
Completed on Fri Mar 8 16:39:06 2024
Generated by iptables-save v1.8.10 on Fri Mar 8 16:39:06 2024
*filter
:INPUT ACCEPT [42518:22383148]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [74276:15500400]
:TCP - [0:0]
:UDP - [0:0]
:fw-interfaces - [0:0]
:fw-open - [0:0]
-A FORWARD -s 10.44.0.0/16 -j ACCEPT
-A FORWARD -d 10.44.0.0/16 -j ACCEPT
-A FORWARD -j fw-interfaces
-A FORWARD -j fw-open
-A FORWARD -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A fw-interfaces -i enp2s0 -j ACCEPT
-A fw-interfaces -i enp3s0 -j ACCEPT
COMMIT
pavlar
March 8, 2024, 2:59pm
5
iptables -L -n -v
Chain INPUT (policy ACCEPT 57869 packets, 36M bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 – * * 10.44.0.0/16 0.0.0.0/0
0 0 ACCEPT 0 – * * 0.0.0.0/0 10.44.0.0/16
0 0 fw-interfaces 0 – * * 0.0.0.0/0 0.0.0.0/0
0 0 fw-open 0 – * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 – * * 0.0.0.0/0 0.0.0.0/0 ctstate RELATED,ESTABLISHED
Chain OUTPUT (policy ACCEPT 84454 packets, 17M bytes)
pkts bytes target prot opt in out source destination
Chain TCP (0 references)
pkts bytes target prot opt in out source destination
Chain UDP (0 references)
pkts bytes target prot opt in out source destination
Chain fw-interfaces (1 references)
pkts bytes target prot opt in out source destination
0 0 ACCEPT 0 – enp2s0 * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT 0 – enp3s0 * 0.0.0.0/0 0.0.0.0/0