防火墙内外网隔离实例

1: Linux firewall allow intranet workstation (windows8) to access internet
2: Workstation(windows8) get ip from Linux DHCP server.


iptables_1.jpg 

条件

1: Computer with internet access
2: WMware workstation 9.0.
3: CentOS 6.4(firewall server).
4: CentOS 6.4(DHCP SERVER).

5: Windows 8 (Workstation).

解决方案

虚拟机

1: Install OS system in VMware.

2: OS Network Settings.

Firewall:

1: WAN Network(NAT)
2: LAN Network(Host Only)

DHCP

1: LAN Network.

Windows 8

1: LAN Network.

VM Hostonly Network

防火墙

LAN(eth0) and WAN (eth1) Settings.
vi /etc/sysconfig/network-scripts/eth0

vi /etc/sysconfig/network-scripts/eth1

Service network restart.

Check Firewall ip, WAN: ifconfig eth0 LAN: ifconfig eth1

Check if can access internet: Ping www.google.com

Check the Internet DNS, vi /etc/ resolv.conf

vi /etc/rc.local, sh /etc/rc.local

Check the Route, route -n.

echo "1" > /proc/sys/net/ipv4/ip_forward**

IPTABLES

1: Firewall server: iptables -t nat -A PREROUTING -i eth0 -j DNAT --to-destination 192.168.1.99
2: Firewall server: iptables -t nat -A POSTROUTING -s 192.168.1.99 -o eth0 -j SNAT --to-source 192.168.60.130
3: Firewall server: iptables -t nat -L

DHCP服务器

vi /etc/sysconfig/network-scripts/ifcfg-eth0

vi /etc/dhcp/dhcpd.conf

Service dhcpd restart

Windows客户端

Ip settings

Check the Win8 if get ip from dhcp server. ipconfig/all

客户端测试上网

4: Win8 Workstation: Go to Win8 check, if can access internet.

5:service iptables stop: 再次打开网页,就不能网了


博主个人网站www.davis-wiki.com