document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2024-12-26 21:30:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

[Translated] tech/20150423 How IP forwarding Helps Connecting Private interface to Internet in Linux

Browse Source
This commit is contained in:
ictlyh 2015-04-24 14:03:50 +08:00
parent dab6ea6be0
commit dad6cf4cd7
2 changed files with 75 additions and 76 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

76
sources/tech/20150423 How IP forwarding Helps Connecting Private interface to Internet in Linux.md
View File

@ -1,76 +0,0 @@
Translating by ictlyh
How IP forwarding Helps Connecting Private interface to Internet in Linux
================================================================================
Hi everyone, today we'll learn about IP forwarding or Packet forwarding from one network interface to another in Linux using iptables. IP forwarding is a concept to make Linux machine to send data from one network to another as a router. So, it can be used as a **router** or a proxy server that can share internet or network connection from one connection to multiple client machines.
Here are some easy steps to enable IP Forwarding or Network packets forwarding method.
### 1. Enabling IPv4 Forwarding ###
First of all, we'll gonna enable IPv4 forwarding in our Linux Operating System. To do that, we'll need to execute the following command in a shell or a terminal under sudo mode.
$ sudo -s
# echo 1 > /proc/sys/net/ipv4/ip_forward
![Temporary IP Forwarding](http://blog.linoxide.com/wp-content/uploads/2015/03/ip-forward-temporary.png)
**Note: the above command is enables ip forwarding instantly and temporarily until the next reboot. To enable it permanently, we'll need to open /etc/sysctl.conf using our favorite text editor.**
# nano /etc/sysctl.conf
Then, add **net.ipv4.ip_forward = 1** into that file or uncomment that line then, we'll need to save and exit that file.
net.ipv4.ip_forward = 1
![Editing Sysctl](http://blog.linoxide.com/wp-content/uploads/2015/03/sysctl-edit.png)
To enable the changes made run the following command.
# sysctl -p /etc/sysctl.conf
![Enabling Sysctl Changes](http://blog.linoxide.com/wp-content/uploads/2015/03/enabling-changes-sysctl.png)
### 2. Configuring Iptables firewall ###
We'll need to allow specific (or all of the) packets to traverse our router. Before that, we'll need to know the interface name of the network devices connected with our Linux box. To get the interface name, we can simply run the following command in a terminal or a shell.
# ifconfig -a
![Ifconfig](http://blog.linoxide.com/wp-content/uploads/2015/03/ifconfig.png)
Here, in our box we have eth2 as network interface which is connected to the internet or a network and wlan2 is the interface where we need to forward the network packets from eth2 using iptables. So, to do so, we'll need to run the following command.
# iptables -A FORWARD -i wlan2 -o eth2 -j ACCEPT
Note: Please replace wlan2 and eth2 with the device name available in your Linux box.
Now, we'll need iptables to allow traffic for already established connections as netfilter is a stateless firewall. To do so, we'll need to run the following command.
# iptables -A FORWARD -i eth2 -o wlan2 -m state --state ESTABLISHED,RELATED -j ACCEPT
![Forwarding with iptables](http://blog.linoxide.com/wp-content/uploads/2015/03/forwarding-iptables.png)
### 3. Configuring NAT ###
Then, at last we'll need to change the source address as eth2 on packets going out to the internet by executing the command below.
# iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE
![configuring nat](http://blog.linoxide.com/wp-content/uploads/2015/03/configuring-nat.png)
### Conclusion ###
Finally, we've successfully configured Packet forwarding from one interface to another interface on our Linux machine having iptables installed as firewall solution. This article enables to connect your private interface to the internet, you don't need bridging the interfaces, you need to route packets coming in on one interface to the other one, thats all. If you have any questions, suggestions, feedback please write them in the comment box below so that we can improve or update our contents. Thank you ! Enjoy :-)
--------------------------------------------------------------------------------
via: http://linoxide.com/firewall/ip-forwarding-connecting-private-interface-internet/
作者:[Arun Pyasi][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://linoxide.com/author/arunp/

75
translated/tech/20150423 How IP forwarding Helps Connecting Private interface to Internet in Linux.md Normal file
View File

@ -0,0 +1,75 @@
Linux 上IP转发如何帮助专用接口连接到互联网
================================================================================
大家好,今天我们学习一下在 Linux 上用 iptables 实现从一个网络接口到另一个接口的IP转发或者数据包转发。IP转发的概念是使 Linux 机器像路由器一样将数据从一个网络发送到另一个网络。所以,它能作为一个**路由器**或者代理服务器,实现从一个连接到多个客户端机器的共享互联网或者网络连接。
这是一些启用IP转发或网络包转发方法的简单步骤。
### 1. 启用 IPv4 转发 ###
首先,我们打算在我们的 Linux 操作系统上启用 IPv4 转发。要做到这点,我们需要用 sudo 模式在 shell 或终端下执行下面的命令。
$ sudo -s
# echo 1 > /proc/sys/net/ipv4/ip_forward
![临时IP转发](http://blog.linoxide.com/wp-content/uploads/2015/03/ip-forward-temporary.png)
**注意上面的命令能马上启用ip转发但只是临时的直到下一次重启。要永久启用我们需要使用我们喜欢的文本编辑器打开 /etc/sysctl.conf 文件。**
# nano /etc/sysctl.conf
然后,增加 **net.ipv4.ip_forward = 1** 到文件中,或者删除那行的注释,保存并退出文件。
net.ipv4.ip_forward = 1
![编辑 Sysctl](http://blog.linoxide.com/wp-content/uploads/2015/03/sysctl-edit.png)
运行下面的命令启用更改。
# sysctl -p /etc/sysctl.conf
![启用 Sysctl 更改](http://blog.linoxide.com/wp-content/uploads/2015/03/enabling-changes-sysctl.png)
### 2. 配置 Iptables 防火墙 ###
我们需要允许特定的(或者所有的)数据包通过我们的路由器。在这之前,我们要知道连接我们 Linux 的网络设备的接口名称。我们可以通过在终端或者 shell 运行以下命令获得接口名称。
# ifconfig -a
![Ifconfig](http://blog.linoxide.com/wp-content/uploads/2015/03/ifconfig.png)
这里,在我们的机器中, eth2 是连接到互联网或者网络的网卡接口, wlan2 是我们要使用 iptables 从 eth2 转发数据包的接口。要做到这点,我们需要运行以下命令。
# iptables -A FORWARD -i wlan2 -o eth2 -j ACCEPT
注意:请用你 Linux 机器中的可用设备名称替换 wlan2 和 eth2。
现在,由于网络过滤器是一个无状态的防火墙,我们要用 iptables 允许已建立的连接通过。要做到这点,我们要运行下面的命令。
# iptables -A FORWARD -i eth2 -o wlan2 -m state --state ESTABLISHED,RELATED -j ACCEPT
![用 iptables 转发](http://blog.linoxide.com/wp-content/uploads/2015/03/forwarding-iptables.png)
### 3. 配置 NAT ###
然后,最后我们需要通过执行下面的命令修改发送到互联网的数据包的源地址为 eth2。
# iptables -t nat -A POSTROUTING -o eth2 -j MASQUERADE
![配置 nat](http://blog.linoxide.com/wp-content/uploads/2015/03/configuring-nat.png)
### 总结 ###
最后,用安装的 iptables 作为防火墙解决方案,我们在我们的 Linux 机器上成功的配置了从一个接口到另一个接口的数据包转发。这篇文章允许你的专用接口连接到互联网,你不需要桥接接口,而是路由从一个接口进来的数据包到另一个接口,就是这些。如果你有任何问题、建议、反馈,请写到下面的评论框中,然后我们可以改进或更新我们的内容。非常感谢!享受吧 :-)
--------------------------------------------------------------------------------
via: http://linoxide.com/firewall/ip-forwarding-connecting-private-interface-internet/
作者:[Arun Pyasi][a]
译者:[ictlyh](https://github.com/ictlyh)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://linoxide.com/author/arunp/