iptables1.4.12.1移植到arm平臺(tái)
開(kāi)發(fā)板內(nèi)核—linux-2.6.30
本文引用地址:http://m.butianyuan.cn/article/201611/317663.htmiptables版本—1.4.12.1
移植過(guò)程:
內(nèi)核需要對(duì)iptables的支持并加上nat功能
Networking support --->
Networking options --->
Network packet filtering framework (Netfilter)
│ │ --- Network packet filtering framework (Netfilter) │ │
│ │ [*] Network packet filtering debugging │ │
│ │ [*] Advanced netfilter configuration │ │
│ │ Core Netfilter Configuration ---> │ │
│ │ < > IP virtual server support ---> │ │
│ │ IP: Netfilter Configuration --->
Core Netfilter Configuration里面的配置如下:
<*> Netfilter connection tracking support
-*- Netfilter Xtables support (required for ip_tables)
IP: Netfilter Configuration里面的配置如下:
[*] proc/sysctl compatibility with old connection tracking
<*> IP tables support (required for filtering/masq/NAT)
<*> Packet filtering
<*> REJECT target support
< > LOG target support
< > ULOG target support
<*> Full NAT
<*> MASQUERADE target support
<*> NETMAP target support
<*> REDIRECT target support
<*> Basic SNMP-ALG support
重新編譯。
進(jìn)入iptables目錄,運(yùn)行configure文件
./configure --prefix=/opt/iptables/ --host=arm-linux --with-ksource=/root/linux-2.6.30/
make
make install
進(jìn)入/opt/iptables/目錄看看吧,應(yīng)該生成了可執(zhí)行文件。
使用無(wú)線(xiàn)網(wǎng)卡建立無(wú)線(xiàn)網(wǎng)絡(luò),通過(guò)eth0來(lái)做nat轉(zhuǎn)換上網(wǎng),需要使用防火墻和內(nèi)核的nat功能,配置命令如下:
//把所有192.168.0.0網(wǎng)絡(luò)的數(shù)據(jù)交由eth0來(lái)處理
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.0.0/24 -j MASQUERADE
iptables -t nat -A POSTROUTING -j MASQUERADE
iptables -F FORWARD
這樣所有無(wú)線(xiàn)網(wǎng)絡(luò)客戶(hù)端就可以都可以上網(wǎng)了
評(píng)論