原创】iptables+iproute2+nat 实现举例(UML图画的..

网络拓扑结构如图所示：


实验环境:NAT服务器
试验要求：1. 将192段网络打上“1”号标记，将10段网络打上“2”号标记
2. 创建路由表依次为M1 A M2
3.“1”网段和“2”网段进行静态转换，分别从出口3.3.3.254和1.1.1.254向外网转换，172段网络进行动态转换并且三个出口的权值分别为25,50,25
实现思路:
1.开启ip转发
2.虚拟4块网卡 创造虚拟的网络环境
3.定义路由表
4.打标记
5.创建路由表
6.设置NAT
脚本代码:
CODE [root@localhost codfei]# more iptables.sh
#!/bin/bash
############start ip_forward
echo '1'>/proc/sys/net/ipv4/ip_forward
###########virtual network card
ifconfig eth1:9 1.1.1.9 netmask 255.255.255.0
ifconfig eth1:10 2.2.2.9 netmask 255.255.255.0
ifconfig eth1:11 3.3.3.9 netmask 255.255.255.0
ifconfig eth1:12 192.168.0.9 netmask 255.255.255.0
############define tables
echo '33 M1'>>/etc/iproute2/rt_tables
echo '34 M2'>>/etc/iproute2/rt_tables
echo '35 A'>>/etc/iproute2/rt_tables
#######MARK IP
iptables -t mangle -A PREROUTING -s 192.168.10.0/24 -j MARK --set-mark 1
iptables -t mangle -A PREROUTING -s 10.10.10.0/24 -j MARK --set-mark 2
#######ip route M1
ip route add table M1 default via 3.3.3.254
ip route add table M1 realm 1 via 192.168.0.254
ip rule add from 192.168.10.0/24 lookup M1
ip rule add to 192.168.10.0/24 lookup M1
#######ip route M2
ip route add table M2 default via 1.1.1.254
ip route add table M2 realm 2 via 192.168.0.254
ip rule add from 10.10.10.0/24 lookup M2
ip rule add to 10.10.10.0/24 lookup M2
#############ip route A
ip route add table A default scope global \
nexthop via 1.1.1.1 weight 25 \
nexthop via 2.2.2.1 weight 50 \
nexthop via 3.3.3.1 weight 25
##### NAT
iptables -t nat -A POSTROUTING -s 172.24.0.0/24 -j MASQUERADE
iptables -t nat -A POSTROUTING -m mark --mark 1 -j SNAT --to 3.3.3.1
iptables -t nat -A POSTROUTING -m mark --mark 2 -j SNAT --to 1.1.1.1


在redhat as 4测试通过
CODE
[root@localhost codfei]# ./iptables.sh
RTNETLINK answers: File exists
RTNETLINK answers: File exists
[root@localhost codfei]# ip route show
2.2.2.0/24 dev eth1  proto kernel  scope link  src 2.2.2.9
192.168.0.0/24 dev eth1  proto kernel  scope link  src 192.168.0.9
1.1.1.0/24 dev eth1  proto kernel  scope link  src 1.1.1.9
3.3.3.0/24 dev eth1  proto kernel  scope link  src 3.3.3.9
169.254.0.0/16 dev eth1  scope link
default via 192.168.102.210 dev eth1