Linux 网关2

2022-06-30 00:15:22 浏览数 (1)

配置主机默认路由

在想要连接外网的服务器上删除原有路由,添加新路由

代码语言:javascript复制
[root@db-server ~]# ip route | grep default
default via 192.168.1.1 dev em1 
[root@db-server ~]# ip route del default 
[root@db-server ~]# ip route add default via 192.168.1.254 dev em1

测试连接

代码语言:javascript复制
[root@db-server ~]# ping www.baidu.com
PING www.a.shifen.com (58.217.200.13) 56(84) bytes of data.
64 bytes from 58.217.200.13: icmp_seq=1 ttl=51 time=7.59 ms
64 bytes from 58.217.200.13: icmp_seq=2 ttl=51 time=7.60 ms
64 bytes from 58.217.200.13: icmp_seq=3 ttl=51 time=7.65 ms
64 bytes from 58.217.200.13: icmp_seq=4 ttl=51 time=7.58 ms
64 bytes from 58.217.200.13: icmp_seq=5 ttl=51 time=7.64 ms
^C
--- www.a.shifen.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4621ms
rtt min/avg/max/mdev = 7.585/7.615/7.653/0.113 ms
[root@db-server ~]#

总结

  • net.ipv4.ip_forward = 1
  • grep forward /etc/sysctl.conf
  • sysctl -a | grep forwarding
  • ip route | grep default
  • iptables -A FORWARD -i em1 -j ACCEPT
  • iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -o em2 -j MASQUERADE
  • -A POSTROUTING -s 192.168.1.0/24 -o em2 -j MASQUERADE
  • -A FORWARD -i em1 -j ACCEPT
  • /etc/init.d/iptables reload
  • ip route del default
  • ip route add default via 192.168.1.254 dev em1

总体分三部

  • 1.打开内核参数 net.ipv4.ip_forward 允许转发
  • 2.打开 filterFORWARD 链内网端口的转发
  • 3.打开 natPOSTROUTING 链的定向地址伪装

原文地址

grep http nat tcp/ip NAT网关

0 人点赞