为什么我的iptables的网络翻译规则不起作用?

时间:2019-07-09 08:12:29

标签: linux iptables nat

我不知道为什么我的MASQUERADE规则(作为SNAT-)不起作用:

enp2s0(192.168.2.83/24)-外部if

vboxnet0(192.168.56.1/24)-内部if 

$ ip addr 
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether e0:d5:5e:8b:63:23 brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.83/24 brd 192.168.2.255 scope global dynamic enp2s0
       valid_lft 196432sec preferred_lft 196432sec
    inet6 fe80::e2d5:5eff:fe8b:6323/64 scope link 
       valid_lft forever preferred_lft forever
3: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 100
    link/none 
    inet 10.42.0.7/24 brd 10.42.0.255 scope global tun0
       valid_lft forever preferred_lft forever
    inet6 fe80::c3e5:f61f:e6d3:d6b0/64 scope link stable-privacy 
       valid_lft forever preferred_lft forever
4: vboxnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 0a:00:27:00:00:00 brd ff:ff:ff:ff:ff:ff
    inet 192.168.56.1/24 brd 192.168.56.255 scope global vboxnet0
       valid_lft forever preferred_lft forever
    inet6 fe80::800:27ff:fe00:0/64 scope link 
       valid_lft forever preferred_lft forever

$ iptables -t nat -A POSTROUTING -o enp3s0 --src 192.168.56.0/24 -j MASQUERADE

$ iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 654 packets, 53203 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 458 packets, 39860 bytes)
 pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 702 packets, 42586 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    3   228 MASQUERADE  all  --  *      *       192.168.56.0/24      0.0.0.0/0

从内部网络内部的主机(192.168.56.2/24):

$ ip route
default via 192.168.56.1 dev enp0s3 onlink 
192.168.56.0/24 dev enp0s3 proto kernel scope link src 192.168.56.2

$ ping 8.8.8.8

在路由器上:

$ tcpdump -i enp2s0 -n host 8.8.8.8
10:58:22.383105 IP 192.168.56.2 > 8.8.8.8: ICMP echo request, id 659, seq 5, length 64
10:58:23.407094 IP 192.168.56.2 > 8.8.8.8: ICMP echo request, id 659, seq 6, length 64
10:58:24.431071 IP 192.168.56.2 > 8.8.8.8: ICMP echo request, id 659, seq 7, length 64
10:58:25.455065 IP 192.168.56.2 > 8.8.8.8: ICMP echo request, id 659, seq 8, length 64
10:58:26.479055 IP 192.168.56.2 > 8.8.8.8: ICMP echo request, id 659, seq 9, length 64
10:58:27.503053 IP 192.168.56.2 > 8.8.8.8: ICMP echo request, id 659, seq 10, length 64

我希望192.168.56.2将被设置为192.168.2.83。我在做什么错了?

0 个答案:

没有答案
相关问题
最新问题