The networks are jealous of customers and usually we can only access the machines on your network from within the network itself. What comes to be known as an intranet.
But many of my maintenance tasks require access to multiple machines from a move to the intranet and client do not see a feasible option, nor in line with our times.
One solution I liked most is to ask a customer to access only a single machine with public IP address.
To provide security can be configured so that only they can be accessed from the IP address of your office, and to provide flexibility, which also can be accessed from the IP address of your server in a datacenter. Anyway this whole paragraph you can skip if there is not much problem with safety.
The machine with public IP mole that is linux, more than anything because if it is not because we do not need to keep reading because the rest of the article implied that premise.
What we are going to do is what you see in the picture.
Here I see myself with more hair and beard without wishing to access all services of the machines on the intranet 10.10.10 .* and yet only being able to access the machine with public IP 205,205 .205.205 .
What I need is a name and this is Port Forwarding, and the implementation of this simpler than I’ve seen is made by IP Tables.
It’s going to be faster write commands to be run in order to make this work that all the talk after you have counted.
My machine with public access is the distribution of Gentoo Linux and that the examples are for this distro but should not vary much for other distros.
Install iptables (if not already )
# Emerge iptables
We tell the kernel that allows ip-forwarding
# Echo 1> / proc/sys/net/ipv4/ip_forward
Flash whole configuration of iptables that has default
# Iptables-t nat-F
Allow the forward from iptables (eth0 is the public interface )
# Iptables-A FORWARD-i eth0-j ACCEPT
# Iptables-A FORWARD-o eth0-j ACCEPT
This makes the ips are not rolling to mask the possible bypass roads and security filters for IP
# Iptables-t nat-A POSTROUTING-o eth0-j MASQUERADE
And here at last the rules of the Port Forwarding
# Iptables-t nat-A PREROUTING-p tcp-i eth0 - dport 213,306-j DNAT - to-destination 10.10.10.21:3306
# Iptables-t nat-A PREROUTING-p tcp-i eth0 - dport 2180-j DNAT - to-destination 10.10.10.21:80
# Iptables-t nat-A PREROUTING-p tcp-i eth0 - dport 2280-j DNAT - to-destination 10.10.10.22:80
# Iptables-t nat-A PREROUTING-p tcp-i eth0 - dport 2221-j DNAT - to-destination 10.10.10.22:21
# Iptables-t nat-A PREROUTING-p tcp-i eth0 - dport 2322-j DNAT - to-destination 10.10.10.23:22
Keep the current iptables configuration so that the rewritten failure to restart
# / Etc / init.d / iptables save
We service iptables to boot at the start
# Rc-update add default iptables
I think that also you have to do it
# Vim / etc / sysctl.conf
Add / uncomment the following lines:
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
And it should work. If I leave my machine in my office and I go to:
$ Mysql-h205 205 . 205 . 205 P- 213,306
I find the mysql of the machine 10.10.10.21 .
If I go with a browser to:
http :// 205,205 . 205 . 205 : 2280
I encounter with the Apache of the machine 10.10.10.22 .
If you do not check the works linkografía:
- # http://www.gentoo.org/doc/en/home-router-howto.xml doc_chap6