一、iptables工具移植
1、交叉编译iptables-1.4.12
./configure --prefix=/home/huabiao/bin
--exec-prefix=/home/huabiao/bin
--host=arm
--with- kernel=/home/huabiao/share/HI3520D/linux-3.0.y
--disable-shared CC=arm-hisiv200-linux-gcc
make
make install
2、把编译好的iptables工具拷贝到/bin目录下
二、linux内核配置,实现NAT(Network Address Translation网络地址翻译)功能
1、linux2.6.30版本配置:
General setup --->
[*] Sysctl support (在ROMFS文件系统中/proc/sys/net/ipv4/出现ip_forward,linux2.6.30版本中该项位于文件系统目录下)
Networking options --->
[*] Network packet filtering (replaces ipchains)
IP: Netfilter Configuration --->(全部选择即可)
按照上述方法配置完内核后,使用是执行iptables -t nat -nL 命令时会出错,如下所示:
iptables v1.4.2: can’t initialize iptables table `filter’: Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
这是因为该方法配置不全,但是内核缺少依赖项所致,正确完整的配置应该如下所示:
Networking —->
Networking options —->
[*] Network packet filtering (replaces ipchains) —>
Core Netfilter Configuration —>
<*> Netfilter Xtables support (required for ip_tables)
IP: Netfilter Configuration —>
<*> Connection tracking (required for masq/NAT)
<*> IP tables support (required for filtering/masq/NAT)
<*> IP range match support
<*> Packet filtering
<*> REJECT target support
<*> Full NAT
安装上面的配置配置好内核,基本保证没有问题。
2、linux-3.0版本配置:
三、使用iptables配置网络转发功能
ifconfig eth0 192.168.100.1
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -Fiptables -P INPUT ACCEPT
iptables -P OUTPUT ACCEPT
iptables -P FORWARD ACCEPT
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
dnsmasq --user=root --pid-file=/var/dnsmasq.pid (不要dhcp就不用dnsmasq)
