n°µ Network Address Translation (½Ð°Ñ¾\ NAT HOWTO) ¥H¤Î«Ê¥]¹LÂo¡M¤w¬O«Ü¥±`¤§¨Æ¤F¡C¦n®ø®§¬O¡M±N¥¦Ì²V¦X°_¨Ó¨Ï¥Î¹ê¬O§¹¥þ¨S°ÝÃDªº¡C
·í§A³]p«Ê¥]¹LÂoªº®ÉÔ¡M¥i¥H§¹¥þ¤£¥Î²z·|±zn°µ«ç¼Ëªº NAT ¡C©ó«Ê¥]¹LÂo¤¤¬Ý¨ìªº¨Ó·½»P¥Øªº¦a¡M¥u·|¬O `¯u¥¿ªº' ¨Ó·½©M¥Øªº¦a¡CÁ|¨Ò¨Ó»¡¡M¦pªG±z°µ NAT ¡Mn±N©Ò¦³³s¨ì 1.2.3.4 port 80 ªº³s½u°e¨ì 10.1.1.1 port 8080 ¥h¡M³o¼Ë«Ê¥]¹LÂo·|¬Ý¨º¨Ç°e¨ì 10.1.1.1 port 8080 (¯u¥¿ªº¥Øªº¦a)¡M¦Ó¤£¬O 1.2.3.4 port 80¡CÃþ¦üªº¡M±z¤]¥i¥H©¿²¤«Ê¥]°°¸Ë¡R«Ê¥]·|¬Ý°_¨Ó¬O¨Ó¦Û¯u¥¿ªº¤º³¡ IP ¦a§}(¤ñ¤è 10.1.1.1)¡M¦^À³¤]¬Ý°_¨Ó°e¦^¨º¸Ì¡C
±z¥i¥H¹B¥Î `state' ¤ñ¹ï©µ¦ù(match extension)¦ÓµL»ÝÅý«Ê¥]¹LÂo°µÃB¥ ªº¤u§@¡M¦]¬°µL½×¦p¦ó¡M NAT ³£·|n¨D³s½u°lÂÜ¡C¬°¤F¼W±j¦b NAT HOWTO ¸Ì±¨ºÓ²³æªº«Ê¥]°°¸Ë¨Ò¤l¡M¥h¾×±¼¨Ó¦Û ppp0 ¬É±ªº¥ô¦ó·s³s±µ¡M±z¥i¥H³o¼Ë°µ¡R
# Masquerade out ppp0
iptables -t nat -A POSTROUTING -o ppp0 -j MASQUERADE
# Disallow NEW and INVALID incoming or forwarded packets from ppp0.
iptables -A INPUT -i ppp0 -m state --state NEW,INVALID -j DROP
iptables -A FORWARD -i ppp0 0 -m state --state NEW,INVALID -j DROP
# Turn on IP forwarding
echo 1 > /proc/sys/net/ipv4/ip_forward