Ubuntu 24.04 UFW IP マスカレードの設定方法
環境
Ubuntu 24.04
概要
Internet
-------------+-------------
Gateway|192.168.0.1
|
External |
enp1s0|192.168.0.40
+------------+------------+
| |
| test.com |
| |
+------------+------------+
enp7s0|10.0.0.40
Internal |
|
Internet
-------------+-------------
Gateway|192.168.0.1
|
External |
enp1s0|192.168.0.40
+------------+------------+
| |
| test.com |
| |
+------------+------------+
enp7s0|10.0.0.40
Internal |
|
Internet -------------+------------- Gateway|192.168.0.1 | External | enp1s0|192.168.0.40 +------------+------------+ | | | test.com | | | +------------+------------+ enp7s0|10.0.0.40 Internal | |
1.Forward ポリシーを有効にします。
# vi /etc/default/ufw
# 19行目 : 変更
DEFAULT_FORWARD_POLICY="ACCEPT"
# vi /etc/sysctl.conf
# 28行目 : コメント解除
net.ipv4.ip_forward=1
# 19行目 : 変更
DEFAULT_FORWARD_POLICY="ACCEPT"
# vi /etc/sysctl.conf
# 28行目 : コメント解除
net.ipv4.ip_forward=1
# 19行目 : 変更 DEFAULT_FORWARD_POLICY="ACCEPT" # vi /etc/sysctl.conf # 28行目 : コメント解除 net.ipv4.ip_forward=1
# 設定リロード
# sysctl -p
# ufw reload
# sysctl -p
# ufw reload
# sysctl -p # ufw reload
2.UFW デフォルト設定に加えて、Internal 側の任意のコンピューターが、[10.0.0.40] をゲートウェイとして、インターネット側に接続できるよう設定します。
# ufw status verbose
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), allow (routed)
New profiles: skip
Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), allow (routed)
New profiles: skip
Status: active Logging: on (low) Default: deny (incoming), allow (outgoing), allow (routed) New profiles: skip
# vi /etc/ufw/before.rules
.....
.....
# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT
.....
.....
# don't delete the 'COMMIT' line or these rules won't be processed
COMMIT
..... ..... # don't delete the 'COMMIT' line or these rules won't be processed COMMIT
# 最終行に追記
# NAT
*nat
-F
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.0.0.0/24 -o enp1s0 -j MASQUERADE
COMMIT
# NAT
*nat
-F
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -s 10.0.0.0/24 -o enp1s0 -j MASQUERADE
COMMIT
# NAT *nat -F :POSTROUTING ACCEPT [0:0] -A POSTROUTING -s 10.0.0.0/24 -o enp1s0 -j MASQUERADE COMMIT
# ufw reload