/usr/share/doc/HOWTO/ja-html/NAT-HOWTO-6.html is in doc-linux-ja-html 2006.05.25-1.1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 | <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
<META NAME="GENERATOR" CONTENT="SGML-Tools 1.0.9">
<TITLE>Linux 2.4 NAT HOWTO: $B%Q%1%C%H$NNAM}K!$N2r@b(B</TITLE>
<LINK HREF="NAT-HOWTO-7.html" REL=next>
<LINK HREF="NAT-HOWTO-5.html" REL=previous>
<LINK HREF="NAT-HOWTO.html#toc6" REL=contents>
</HEAD>
<BODY>
<A HREF="NAT-HOWTO-7.html">$B<!$N%Z!<%8(B</A>
<A HREF="NAT-HOWTO-5.html">$BA0$N%Z!<%8(B</A>
<A HREF="NAT-HOWTO.html#toc6">$BL\<!$X(B</A>
<HR>
<H2><A NAME="s6">6. $B%Q%1%C%H$NNAM}K!$N2r@b(B</A></H2>
<P>$B$3$3$^$G$/$l$P!"NAM}$9$k$Y$-%Q%1%C%H$rA*JL$9$kJ}K!$OJ,$+$C$F$$$^$9!#%k!<%k(B
$B$r40A4$J$b$N$K$9$k$?$a!"%Q%1%C%H$KBP$7$F$d$k$Y$-$3$H$r@53N$K%+!<%M%k$K;X<((B
$B$9$kI,MW$,$"$j$^$9!#(B
<P>
<H2><A NAME="ss6.1">6.1 $BAw?.85(B NAT</A>
</H2>
<P>$BAw?.85(B NAT $B$r9T$&$H$$$&$3$H$O!"Aw?.85%"%I%l%9$r2?$+JL$N$b$N$KJQ49$9$k$H$$$&(B
$B$3$H$G$9!#$3$l$O(B POSTROUTING $B%A%'%$%s$N$b$H$G!":G=*E*$K%Q%1%C%H$,Aw?.$5$l$k(B
$BD>A0$K9T$o$l$^$9!!!]$3$l$O=EMW$JE@$G!"$H$$$&$N$b(B Linux $B%\%C%/%9<+?H$N>e$G(B
$B9T$o$l$kB>$N$I$s$JA`:n!J%k!<%F%#%s%0!"%Q%1%C%H%U%#%k%?%j%s%0!K$b!"%Q%1%C%H$O(B
$B=q$-49$($J$$$H$$$&$3$H$r0UL#$9$k$+$i$G$9!#$=$l$O$^$?!"(B`-o'
$B!JAw?.%$%s%?%U%'!<%9!K%*%W%7%g%s$G<B8=2DG=$G$"$k$H$$$&$3$H$G$b$"$j$^$9!#(B
<P>
<P>$BAw?.85(B NAT $B$O!"(B`-j SNAT' $B$r;H$C$F;XDj$7!"(B`--to-source' $B%*%W%7%g%s$K$h$j!"(B
$BFCDj$N(B IP $B%"%I%l%9!"(BIP $B%"%I%l%9$NHO0O!"$=$7$F!J(BUDP, TCP $B%W%m%H%3%k$N>l9g(B
$B$N$_!KFCDj$N%]!<%HHV9f$d%]!<%HHV9f$NHO0O$r;XDj$7$^$9!#(B
<P>
<BLOCKQUOTE><CODE>
<PRE>
## Change source addresses to 1.2.3.4.
# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 1.2.3.4
## Change source addresses to 1.2.3.4, 1.2.3.5 or 1.2.3.6
# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to 1.2.3.4-1.2.3.6
## Change source addresses to 1.2.3.4, ports 1-1023
# iptables -t nat -A POSTROUTING -p tcp -o eth0 -j SNAT --to 1.2.3.4:1-1023
</PRE>
</CODE></BLOCKQUOTE>
<P>
<H3>IP $B%^%9%+%l!<%I(B</H3>
<P>IP $B%^%9%+%l!<%I$H8F$P$l$kAw?.85(B NAT $B$NFC<l$J%1!<%9$,$"$j$^$9!#$3$l$O!"(B
$BI8=`E*$J%@%$%d%k%"%C%W@\B3$J$I$N!"(BIP $B%"%I%l%9$,F0E*$K3d$jEv$F$i$l$k>l9g(B
$B$K$N$_MxMQ$9$Y$-$b$N$G$9!J@EE*$K(B IP $B%"%I%l%9$,3d$jEv$F$i$l$k$J$i!">e5-$N(B SNAT
$B$r;H$C$F$/$@$5$$!K!#(B
<P>
<P>IP $B%^%9%+%l!<%I$r$d$k$N$K!"Aw?.85%"%I%l%9$rL@<(E*$K;XDj$9$kI,MW$O$"$j$^$;$s!#(B
IP $B%^%9%+%l!<%I$O!"%Q%1%C%H$,=P$F9T$/%$%s%?%U%'!<%9$NAw?.85%"%I%l%9$rMxMQ(B
$B$7$^$9!#$G$9$,$b$C$H=EMW$J$N$O!"$=$N%j%s%/$,Mn$A$?>l9g$K!"!J@Z$i$l$F$7$^$C$?!K(B
$B$=$N%3%M%/%7%g%s$,K:$l$i$l$F$7$^$C$F$b!"?7$?$K(B IP $B%"%I%l%9$,3d$jEv$F$i$l$F(B
$B%3%M%/%7%g%s$,I|5"$7$?$H$-$K!"$[$H$s$I8mF0:n$,5/$-$J$$$H$$$&$3$H$G$9!#(B
<P>
<BLOCKQUOTE><CODE>
<PRE>
## Masquerade everything out ppp0.
# iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
</PRE>
</CODE></BLOCKQUOTE>
<P>
<H2><A NAME="ss6.2">6.2 $B08@h(B NAT</A>
</H2>
<P>$B$3$l$O(B PREROUTING $B%A%'%$%s$N$b$H$G!"%Q%1%C%H$,F~$C$F$-$?$=$N;~$K9T$o$l$^$9(B
$B!!!]$3$l$O!"(BLinux $B%\%C%/%9<+?H$N>e$G9T$o$l$kB>$N$I$s$JA`:n!J%k!<%F%#%s%0!"(B
$B%Q%1%C%H%U%#%k%?%j%s%0!K$b!"%Q%1%C%H$O$=$N!VK\Ev$N!W08@h$r;X$7$F$$$k$H$3$m$G(B
$B9T$&$+$i$G$9!#$=$l$O(B `-i'$B!J<u?.%$%s%?%U%'!<%9!K%*%W%7%g%s$G<B8=2DG=$G$"$k$H(B
$B$$$&$3$H$G$b$"$j$^$9!#(B
<P>
<P>$B08@h(B NAT $B$O!"(B`-j DNAT' $B$r;H$C$F;XDj$7!"(B`--to-destination' $B%*%W%7%g%s$K$h$j!"(B
$BFCDj$N(B IP $B%"%I%l%9!"(BIP $B%"%I%l%9$NHO0O!"$=$7$F!J(BUDP, TCP $B%W%m%H%3%k$N>l9g$N$_!K(B
$BFCDj$N%]!<%HHV9f$d%]!<%HHV9f$NHO0O$r;XDj$7$^$9!#(B
<P>
<BLOCKQUOTE><CODE>
<PRE>
## Change destination addresses to 5.6.7.8
# iptables -t nat -A PREROUTING -i eth0 -j DNAT --to 5.6.7.8
## Change destination addresses to 5.6.7.8, 5.6.7.9 or 5.6.7.10.
# iptables -t nat -A PREROUTING -i eth0 -j DNAT --to 5.6.7.8-5.6.7.10
## Change destination addresses of web traffic to 5.6.7.8, port 8080.
# iptables -t nat -A PREROUTING -p tcp --dport 80 -i eth0 \
-j DNAT --to 5.6.7.8:8080
</PRE>
</CODE></BLOCKQUOTE>
<P>
<H3>$B%j%@%$%l%/%7%g%s(B</H3>
<P>$B%j%@%$%l%/%7%g%s$H8F$P$l$k08@h(B NAT $B$NFC<l$J%1!<%9$,$"$j$^$9!!!]<u?.(B
$B%$%s%?%U%'!<%9$N%"%I%l%9$X$N(B DNAT $B$r9T$&$N$HA4$/F1$88z2L$,$"$j!"(B
$B4JC1JXMx$J$b$N$G$9!#(B
<P>
<BLOCKQUOTE><CODE>
<PRE>
## Send incoming port-80 web traffic to our squid (transparent) proxy
# iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 \
-j REDIRECT --to-port 3128
</PRE>
</CODE></BLOCKQUOTE>
<P>squid $B$,F)2a7?%W%m%-%7$H$7$FF0:n$9$k$h$&@_Dj$9$kI,MW$,$"$k$N$KCm0U$9$k$3$H!*(B
<P>
<H2><A NAME="ss6.3">6.3 $BFM$C9~$s$@%^%C%T%s%0(B</A>
</H2>
<P>$B$[$H$s$I$N?M$K$OA4$/4X78$J$$!"9*L/$J%F%/%K%C%/$,(B NAT $B$K$O$$$/$D$+$"$j$^$9!#(B
$B$3$3$G$O9%4q?4$N6/$$?M$N$?$a$K%I%-%e%a%s%H2=$7$F$*$-$^$9!#(B
<P>
<H3>$B$"$kHO0O$NJ#?t$N%"%I%l%9$+$i$NA*Br(B</H3>
<P>$B$"$kHO0O$N(B IP $B%"%I%l%9$,M?$($i$l!";HMQ$9$k(B IP $B%"%I%l%9$r!"$=$N%^%7%s$,DL?.(B
$B$7$?$&$A:G$b:G6aMxMQ$5$l$?(B IP $B%"%I%l%9$r$b$H$KA*Br$7$^$9!#$3$l$K$h$j86;OE*(B
$B$JIi2YD4@0$,9T$($^$9!#(B
<P>
<H3>NAT $BIT;HMQ%^%C%T%s%0$N@8@.(B</H3>
<P>$BA4$/(B NAT $B$rMQ$$$J$$%3%M%/%7%g%s$rD%$i$;$k;XDj$H$7$F(B `-j ACCEPT' $B$,$"$j$^$9!#(B
<P>
<H3>$BI8=`E*$J(B NAT $B$NF0:n(B</H3>
<P>$B%G%U%)%k%H$G$O!"%f!<%6$K$h$C$FM?$($i$l$?%k!<%k$N@)LsFb$G!"%3%M%/%7%g%s$N(B
$BJQ99$r=PMh$k8B$j>.$5$/$9$k$Y$-$G$9!#$D$^$j!"$=$NI,MW$,$J$1$l$P!"%]!<%HHV9f(B
$B$r:F%^%C%T%s%0$7$F$O$J$i$J$$$H$$$&$3$H$G$9!#(B
<P>
<H3>$B0EL[$NAw?.85%]!<%H%^%C%T%s%0(B</H3>
<P>$B$?$H$($"$k%3%M%/%7%g%s$K(B NAT $B$,@_Dj$5$l$F$$$J$/$F$b!"(B
$B@h$KD%$i$l$?JL$N%3%M%/%7%g%s$,$=$N?7$?$J%3%M%/%7%g%s$K%"%I%l%9(B
$B$,=E$J$k$h$&$K%^%C%T%s%0$5$l$F$$$k>l9g$K$O!"(B
$BAw?.85%]!<%HJQ49$,0EL[$N$&$A$K9T$o$l$k$3$H$,$"$j$^$9!#(B
IP $B%^%9%+%l!<%I$N%1!<%9$r9M$($k$H!"$3$l$O$+$J$j0lHLE*$J$3$H$G$9!'(B
<P>
<OL>
<LI>IP $B%"%I%l%9(B 192.1.1.1 $B$NC<Kv$K$h$C$F!"%&%'%V%3%M%/%7%g%s$,%]!<%H(B1024
$BHV$+$i(B www.netscape.com $B$N%]!<%H(B80$BHV$K3NN)$5$l$F$$$k$H$7$^$9!#(B
</LI>
<LI>$B$3$N@\B3$O%^%9%+%l!<%I%\%C%/%9$NAw?.85(B IP $B%"%I%l%9!J(B1.2.3.4$B!K(B
$B$r;HMQ$7$F%^%9%+%l!<%I$5$l$F$$$^$9!#(B
</LI>
<LI>$B<!$K%^%9%+%l!<%I%\%C%/%9<+?H$,!"!J30It%$%s%?%U%'!<%9$N(B IP $B%"%I%l%9$G$"$k!K(B
1.2.3.4 $B$N%]!<%H(B 1024 $BHV$+$i!"(Bwww.netscape.com $B$N%]!<%H(B
80 $BHV$K%&%'%V%3%M%/%7%g%s$r3NN)$7$h$&$H$7$?$H$7$^$9!#(B
</LI>
<LI>$B$3$N;~(B NAT $B$N%3!<%I$O!"FsHVL\$N%3%M%/%7%g%s$NAw?.85%]!<%HHV9f$r(B
1025 $BHV$KJQ$($k$N$G!"Fs$D$O>WFM$7$^$;$s!#(B</LI>
</OL>
<P>
<P>$B$3$N0EL[$NAw?.85%^%C%T%s%0$K4X$7$F!"%]!<%H$O;0$D$N%/%i%9$KJ,$1$i$l$^$9!'(B
<P>
<UL>
<LI>512$BHV0J2<$N%]!<%H(B</LI>
<LI>512$B!A(B1023$BHV$N%]!<%H(B</LI>
<LI>1024$BHV0J>e$N%]!<%H(B</LI>
</UL>
<P>$B85$N%]!<%H$H0[$J$k%/%i%9$N%]!<%H$K0EL[$N$&$A$K%^%C%T%s%0$5$l$k$3$H$O(B
$B7h$7$F$"$j$^$;$s!#(B
<P>
<H3>NAT $B$,<:GT$9$k$H2?$,5/$3$k$+(B</H3>
<P>$B%f!<%6$,MW5a$9$k%3%M%/%7%g%s$r0l0U$K%^%C%W$9$k$3$H$,$G$-$J$$>l9g!"(B
$B$=$N@\B3MW5a$OGQ4~$5$l$^$9!#$^$?!"%Q%1%C%H$,@5$7$/9=@.$5$l$F$$$J$+$C$?$j!"(B
NAT $B%\%C%/%9$N%a%b%j$,ITB-$7$F$$$k$J$I$NM}M3$G!"$I$N%3%M%/%7%g%s$N0lIt$H$b(B
$BJ,N`$G$-$J$+$C$?%Q%1%C%H$bF1MM$KGK4~$5$l$^$9!#(B
<P>
<H3>$BJ#?t$N%^%C%T%s%0!"=EJ#!"$=$7$F>WFM(B</H3>
<P>$BMM!9$J%"%I%l%9$rB0@-$K$7$F$$$k%Q%1%C%H$KBP$7$F!"$"$k0l$D$N%"%I%l%9(B
$B$r%^%C%T%s%0$9$k(B NAT $B%k!<%k$r@_Dj$9$k$3$H$O2DG=$G$9!!!](BNAT
$B$N%3!<%I$O>WFM$r2sHr$9$k$h$&$K<~E~$K=q$+$l$F$$$^$9!#=>$C$F!"(B
$BAw?.85%"%I%l%9$H$7$F(B 192.168.1.1 $B$H(B 192.168.1.2 $B$NN>J}$KBP$7$F(B
1.2.3.4 $B$r%^%C%W$7$F$bBg>fIW$G$9!#(B
<P>
<P>$B99$K$O%^%C%T%s%0$9$k%^%7%s$rDL2a$7$J$$$HE~C#$G$-$J$$%"%I%l%9$G$5$($"$l$P!"(B
$B<B:]$K;HMQ$5$l$F$k(B IP $B%"%I%l%9$N>e$K=E$M$F%^%C%T%s%0$9$k$3$H$bF1MM$K2DG=$G$9!#(B
$B$D$^$j%$%s%?!<%M%C%HMQ$N%"%I%l%9(B (1.2.3.0/24) $B$,3d$jEv$F$i$l$F$O$$$k$,!"(B
$B<B:]$NFbIt%M%C%H%o!<%/$O$3$l$i$N%"%I%l%9$HF1;~$K(B 192.168.1.0/24
$B$N$H%W%i%$%Y!<%H!&%$%s%?!<%M%C%H!&%"%I%l%9$r;H$C$F$$$?$H$7$F$b!"(B
192.168.1.0/24 $B$N%=!<%9%"%I%l%9$r(B 1.2.3.0 $B$N%M%C%H%o!<%/$KC1=c$K(B
$B%^%C%T%s%0$9$k$@$1$G!">WFM$N62$l$J$7$K(B NAT $B2DG=$G$9!'(B
<P>
<BLOCKQUOTE><CODE>
<PRE>
# iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth1 \
-j SNAT --to 1.2.3.0/24
</PRE>
</CODE></BLOCKQUOTE>
<P>
<P>$BF1$8M}6~$,!"(BNAT $B%\%C%/%9<+?H$K$h$j;HMQ$5$l$k%"%I%l%9$K$b$"$F$O$^$j$^$9(B
$B!!!]$3$l$3$=$,(B $B!J%^%9%+%l!<%I$5$l$k%Q%1%C%H$H!"%\%C%/%9<+?H$+$iMh$k!VK\Ev$N!W(B
$B%Q%1%C%H$N4V$G%$%s%?%U%'!<%9$N%"%I%l%9$r6&M-$9$k$3$H$K$h$k!K(BIP $B%^%9%+%l!<%I(B
$B$NF0:n$J$N$G$9!#(B
<P>
<P>$B$=$N>e!"F1$8%Q%1%C%H$r4v$D$b$N0[$J$k%?!<%2%C%H$K%^%C%W2DG=$G!"$=$N%^%C%T%s%0(B
$B$O6&M-$5$l$^$9!#Nc$($P!"(BIP $B%"%I%l%9(B 1.2.3.5 $B$K%^%C%T%s%0$r$7$?$/$J$$>l9g$O!"(B
$B0J2<$N$h$&$K$9$l$P2DG=$G$9!'(B
<P>
<BLOCKQUOTE><CODE>
<PRE>
# iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o eth1 \
-j SNAT --to 1.2.3.0-1.2.3.4 --to 1.2.3.6-1.2.3.254
</PRE>
</CODE></BLOCKQUOTE>
<P>
<H3>$B%m!<%+%k$K@8@.$5$l$?%3%M%/%7%g%s$N08@h$NJQ99(B</H3>
<P>NAT $B$N%3!<%I$O!"(BOUTPUT $B%A%'%$%s$NCf$K(B DNAT $B%k!<%k$rA^F~$9$k$3$H$r5v2D(B
$B$7$^$9$,!"%+!<%M%k(B 2.4 $B$G$O40A4$K$O%5%]!<%H$5$l$F$$$^$;$s(B
($B2DG=$G$O$"$k$N$G$9$,!"?7$7$$@_Dj%*%W%7%g%s!"$"$kDxEY$N%F%9%H!"(B
$B$=$7$F$+$J$j$N%3!<%G%#%s%0$,I,MW$K$J$j$^$9!#(B
$B$=$l$OC/$+$,(B Rusty $B$K$=$&$7$?$b$N$r=q$/$H@A$1Ii$C$F$/$l$J$$>l9g$NOC$G$9$,!"(B
$BKM$H$7$F$O!"$9$0$K$=$&$J$k$H$O4|BT$7$F$$$^$;$s(B)$B!#(B
<P>
<P>$B8=:_$"$k@)8B$O!"08@h$r%m!<%+%k%^%7%s$K$7$+JQ99$G$-$J$$$3$H$G(B
($BNc(B:`j DNAT --to 127.0.0.1')$B!"B>$N$I$N%^%7%s$K$bJQ99$G$-$:!"(B
$B$=$&$G$J$$$H%j%W%i%$$,@5$7$/E>Aw$5$l$J$$$N$G$9!#(B
<P>
<HR>
<A HREF="NAT-HOWTO-7.html">$B<!$N%Z!<%8(B</A>
<A HREF="NAT-HOWTO-5.html">$BA0$N%Z!<%8(B</A>
<A HREF="NAT-HOWTO.html#toc6">$BL\<!$X(B</A>
</BODY>
</HTML>
|