NAT 테이블을 이용해서 트래픽을 뺑뱅이 돌려보도록 하겠다.
테스트는 네트워크와 물리적으로 떨어진 실아이피를 가지고 해봤으며 여기서는 사설아이피를 통해서 적어두겠다.
들어온대로 역으로해서 트래픽이 오가는게 확인된다.
클라이언트 IP : 218.xxx.xxx.201
192.168.1.2 (DACOM)--> 192.168.2.2 (KT) --> 192.168.3.2 (SK)
192.168.1.2 서버 패킷포워딩 설정
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -d 192.168.1.2 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.2.2
iptables -t nat -A POSTROUTING -d 192.168.2.2 -j SNAT --to-source 192.168.1.2
192.168.1.2 서버에서 확인해본 패킷
17:10:30.566163 IP 218.xxx.xxx.201.17143 > 192.168.1.2.80: P 2145:2860(715) ack 904 win 64933
17:10:30.575759 IP 192.168.1.2.80 > 218.xxx.xxx.201.17143: P 904:1205(301) ack 2860 win 25025
17:10:30.735420 IP 218.xxx.xxx.201.17143 > 192.168.1.2.80: . ack 1205 win 64632
192.168.2.2 서버 패킷포워딩 설정
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -d 192.168.2.2 -p tcp -m tcp --dport 80 -j DNAT --to-destination 192.168.3.2
iptables -t nat -A POSTROUTING -d 192.168.3.2 -j SNAT --to-source 192.168.2.2
192.168.2.2 서버에서 확인해본 패킷
17:10:33.787834 IP 192.168.1.2.17143 > 192.168.2.2.80: P 648796652:648797367(715) ack 2534465083 win 64933
17:10:33.787947 IP 192.168.2.2.17143 > 192.168.3.2.80: P 648796652:648797367(715) ack 2534465083 win 64933
17:10:33.795480 IP 192.168.3.2.80 > 192.168.2.2.17143: P 1:302(301) ack 715 win 25025
17:10:33.795491 IP 192.168.2.2.80 > 192.168.1.2.17143: P 1:302(301) ack 715 win 25025
17:10:33.957007 IP 192.168.1.2.17143 > 192.168.2.2.80: . ack 302 win 64632
17:10:33.957036 IP 192.168.2.2.17143 > 192.168.3.2.80: . ack 302 win 64632
