系统版本:centos6.9
硬件:eth0和eth1口的x86服务器
需求:eth0作为外网接口.eth1桥接br0接口通过nat后上网
1.配置eth0
[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
HWADDR=00:30:18:0B:AF:80
TYPE=Ethernet
UUID=5ad1f1fa-18e8-495d-9938-b8f1c9343aa3
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=192.168.14.200
NETMASK=255.255.255.0
GATEWAY=192.168.14.1
DNS1=192.168.14.1
DNS2=114.114.114.114
2.配置br桥接口
[root@localhost ~]# brctl addbr br0
[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-br0
DEVICE="br0"
ONBOOT=yes
NETBOOT=yes
IPV6INIT=yes
BOOTPROTO=none
TYPE=Bridge
NM_CONTROLLED=no
NAME="br0"
IPADDR=192.168.188.22
NETMASK=255.255.255.0
[root@localhost ~]# brctl addif br0 eth1 #将eth1加入br0
[root@localhost ~]# brctl show #查看已有网桥检查是否加入成功
bridge name bridge id STP enabled interfaces
br0 8000.0030180baf81 no eth1
3.开启系统的ip转发功能
[root@localhost ~]# echo "1">/proc/sys/net/ipv4/ip_forward
或者
[root@localhost ~]# vi /etc/sysctl.conf
设置:
net.ipv4.ip_forward = 1
[root@localhost ~]# sysctl -p #检查是否修改成功
4.修改防火墙,添加NAT规则 (删除其他无用规则,有需要再添加)
[root@localhost ~]# vi /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Wed Mar 28 00:00:11 2018
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [1:108]
:OUTPUT ACCEPT [1:108]
-A POSTROUTING -s 192.168.1.0/24 -j SNAT --to-source 192.168.14.200 #添加NAT规则
-A POSTROUTING -s 192.168.1.0/24 -o eth0 -j MASQUERADE #添加NAT规则
COMMIT
# Completed on Wed Mar 28 00:00:11 2018
# Generated by iptables-save v1.4.7 on Wed Mar 28 00:00:11 2018
*filter
:INPUT ACCEPT [38:4567]
:FORWARD ACCEPT [4968:5721817]
:OUTPUT ACCEPT [31:3336]
COMMIT
# Completed on Wed Mar 28 00:00:11 2018