wikiv3:exgateway

Exemplo de Gateway

Configuração de rede

# cat /etc/network/interfaces
 
source /etc/network/interfaces.d/*
 
auto lo
iface lo inet loopback
 
allow-hotplug eth0
iface eth0 inet dhcp
pre-up iptables-restore < /etc/firewall/rules
 
allow-hotplug eth1
iface eth1 inet static
	address 200.0.113.254
	netmask 255.255.255.0
 
allow-hotplug eth2
iface eth2 inet static
	address 192.0.2.254
	netmask 255.255.255.0

Aplicando regras

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
 
iptables -t nat -A PREROUTING -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A PREROUTING -i eth0 -p udp -d 203.0.113.254 --dport 53 -j DNAT --to 192.0.2.200
iptables -t nat -A PREROUTING -i eth0 -p tcp -d 203.0.113.254 --dport 389 -j DNAT --to 192.0.2.50
 
iptables -t nat -A POSTROUTING -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

Salvando as regras

# iptables-save > /etc/firewall/rules

Habilitando o passagem de pacotes

# vim /etc/sysctl.d/99-sysctl.conf
[...]
net.ipv4.ip_forward=1
[...]

checando…

# sysctl -p
net.ipv4.ip_forward = 1