Iptables-linux服务器做路由转发
1.架构图
域网上网案例,实现内部服务器C可以经过服务器B进行上网。 |
2.局域网机器配置
 |
3.服务器配置
3.1服务器双网卡,一块配置外网IP,一块配置内网IP(内网的不要设置网关) [root@liang ~]# ip a 1: lo: link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eno16777736: link/ether 00:0c:29:03:1e:48 brd ff:ff:ff:ff:ff:ff inet 192.168.1.19/24 brd 192.168.1.255 scope global eno16777736 valid_lft forever preferred_lft forever 3: eno33554976: link/ether 00:0c:29:03:1e:52 brd ff:ff:ff:ff:ff:ff inet 10.0.0.141/24 brd 10.0.0.255 scope global dynamic eno33554976 valid_lft 1555sec preferred_lft 1555sec inet6 fe80::20c:29ff:fe03:1e52/64 scope link valid_lft forever preferred_lft forever 3.2确保服务器可以上网 [root@liang ~]# ping -c 2 baidu.com PING baidu.com (123.125.115.110) 56(84) bytes of data. 64 bytes from 123.125.115.110: icmp_seq=1 ttl=128 time=45.9 ms 64 bytes from 123.125.115.110: icmp_seq=2 ttl=128 time=45.8 ms
--- baidu.com ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1002ms rtt min/avg/max/mdev = 45.807/45.860/45.913/0.053 ms
3.3在内核文件/etc/sysctl.conf里开启转发功能,然后执行sysctl -p生效 [root@liang ~]# tail -1 /etc/sysctl.conf net.ipv4.ip_forward = 1
[root@liang ~]# sysctl -p net.ipv4.ip_forward = 1
3.4配置iptables [root@liang ~]# iptables -F [root@liang ~]# iptables -P INPUT ACCEPT [root@liang ~]# iptables -P FORWARD ACCEPT [root@liang ~]# iptables -P OUTPUT ACCEPT 3.5路由转发 [root@liang ~]# iptables -t nat -A POSTROUTING -s 192.168.1.0/24 \ -o eno33554976 -j SNAT --to-source 10.0.0.141
-s 192.168.1.0/24 内部服务器网段 -o eno33554976 为路由转发服务器的外网网卡 -j SNAT --to-source 10.0.0.141 外网网卡IP地址 iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQUERADE (伪装,适合外网IP地址变化的配置)
|
4.测试:
 |