Moh*_*LEL 6 networking linux nat kernel linux-kernel
我有一个安装了 Linux 系统的路由器。
我希望我的路由器支持 NAT 发夹。
Kernel Linux 中是否存在这样的功能?如果是如何激活它?是否有补丁可以将其应用于我的内核以支持发夹?
来自维基百科的发夹解释:
Let us consider a private network with the following:
Gateway address: 192.168.0.1
Host 1: 192.168.0.5
Host 2: 192.168.0.7
The gateway has an external IP : 192.0.2.1
Host 1 runs a P2P application P1 on its port 12345 which is externally mapped to 4444.
Host 2 runs a P2P application P2 on its port 12345 which is externally mapped to 5555.
If the NAT device supports hairpinning, then P1 application can connect to the P2 application using the external endpoint 192.0.2.1:5555.
If not, the communication will not work.
小智 4
正如评论中指出的,执行此操作的方法是为两个内部服务创建两个 NAT 规则,如下所示:
iptables -t nat -A PREROUTING -d public.ip -p tcp --dport 4444 -j DNAT --to inthost1:12345
iptables -t nat -A PREROUTING -d public.ip -p tcp --dport 5555 -j DNAT --to inthost2:12345
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d inthost1 -p tcp --dport 12345 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -d inthost2 -p tcp --dport 12345 -j MASQUERADE
这样,如果一个内部主机向另一个内部主机发送数据包,该数据包将显示为来自“网关”(NAT 盒),以便 NAT 盒收到回复并可以将其转发到另一个内部盒。