Possible until now,You have been very skilled how to open nat and port forwarding on Linux - after all, this operation may also require a server at the time of deployment。But its operation is too cumbersome,Especially when we use edit iptables ufw after that,But you can not directly edit the iptables,This time in the end what to do it?
wantUse ufw to open nat masquerading and port forwarding,You can refer to this articleUnder Ubuntu more simple firewall Uncomplicated FirewallLook at the front end of the firewall ufw,In fact, it gives us a more advanced operations,使用 ufw,Avoid to edit iptables、Backup iptables and set boot automatically restore iptables,Thus,Configuration is much simpler。
First of all,We need
Change ufw default forwarding policy
Locate the file "/etc/default/ufw”
Modify the content:
|
1 |
DEFAULT_FORWARD_POLICY="ACCEPT" ←将 DROP 改为 ACCEPT |
Open forwarding
edit"/etc/ufw/sysctl.conf"file,The inside of the forwarding options uncomment(If you want to open ipv6 forwarding,Then put ipv6 Notes also removed)。
|
1 2 3 4 |
# Uncomment this to allow this host to route packets between interfaces net/ipv4/ip_forward=1 #net/ipv6/conf/default/forwarding=1 #net/ipv6/conf/all/forwarding=1 |
Add Forwarding Entry
At last,We edit "/etc/ufw/before.rules'File to add an entry to forward - and grammar iptables Identical Syntax,After the end of the file contents inside "COMMIT" new line:
|
1 2 3 4 5 6 7 8 |
# NAT table rules,在相关位置插入 filter *nat :POSTROUTING ACCEPT [0:0] # Forward traffic through eth0 - Change to match you out-interface # 按照需求插入你的转发条目 -A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE COMMIT |
Open Port Forwarding
Written above * nat inside the block is inserted below the command to:
|
1 2 3 4 5 6 |
# NAT table rules *nat :PREROUTING ACCEPT [0:0] # Port Forwardings 写你的端口转发条目即可 -A PREROUTING -i eth0 -p tcp --dport 22 -j DNAT --to-destination 192.168.1.10 |
Restart ufw configuration to take effect
|
1 |
ufw reload |
Original article written by LogStudio:R0uter's Blog » Open nat masquerading and port forwarding on ufw
Reproduced Please keep the source and description link:https://www.logcg.com/archives/993.html
Treasure bloggers ah,wireguard tutorial、Tutorials and tutorial iptables ufw of all I have benefited,Xie Xiebo main。
Ha ha ha do not deserve it do not deserve it
Support a good article about it