!!! создаем новую цепочку icmp и заворачиваем в нее трафик icmpĪdd action=jump chain=input comment="GO TO ICPM INPUT" jump-target=icmp protocol=icmpĪdd action=jump chain=forward comment="GO TO ICPM FORWARD" jump-target=icmp protocol=icmp !!! для уменьшения нагрузки можно создавать правила jamp, но они ухудшают читаемость правил firewallĪdd action=accept chain=forward dst-port=80 out-interface=ether1 protocol=tcpĪdd action=accept chain=forward dst-port=443 out-interface=ether1 protocol=tcpĪdd action=accept chain=forward dst-port=8080 out-interface=ether1 protocol=tcpĪdd action=accept chain=forward ddst-port=25 out-interface=ether1 protocol=tcpĪdd action=accept chain=forward dst-port=110 out-interface=ether1 protocol=tcpĪdd action=accept chain=forward dst-port=143 out-interface=ether1 protocol=tcp Src-address=192.168.0.4/32 ip firewall nat> add action=src-nat chain=srcnat \ To add SRC-NAT rules allowing the internal server to talk to the outer networks having its source address translated to 10.0.0.216, while translating other internal hosts' source addresses to ip firewall nat> add action=src-nat chain=srcnat \ Add DST-NAT rule allowing access to the internal server from external ip firewall nat> add action=dst-nat chain=dstnat \ĭst-address=10.0.0.216/32 to-addresses=192.168.0.4Ĥ. You should specify the address that the router will be using while talking to the outer ip route> add gateway=10.0.0.1 prefsrc=10.0.0.217ģ. Add the default route to the router, but be aware of having two addresses. To setup the router follow the steps listed below.ġ. In this example we will 'full NAT' the internal address 192.168.0.4 to the external 10.0.0.216 one while keeping 10.0.0.217 for the router itself as well as for masquerading the internal network. Let us assume two addresses (10.0.0.216 and 10.0.0.217) are assigned to the router. This lets computers on LAN share public IP addresses. Using Network Address Translation (NAT), private IP addresses on LAN are replaced by public IP addresses.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |