使用iptables内网服务器上外网

1、安装iptables

yum install iptables-services -y

2、关闭firewalld

systemctl stop firewalld
systemctl disable firewalld

3、启动、开机自启动iptables

systemctl start iptables.service
systemctl enable iptables.service

4、配置iptables规则

iptables -t nat -A POSTROUTING -s 172.16.1.0/24 -j SNAT --to-source 10.0.0.72
echo 'net.ipv4.ip_forward = 1' >> /etc/sysctl.conf
sysctl -p
iptables -F
iptables -X
iptables -Z
iptables -A INPUT -p tcp -m multiport --dport 80,443 -j ACCEPT
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -s 10.0.1.0/24 -j ACCEPT
iptables -A INPUT -s 172.16.1.0/24 -j ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
iptables -A FORWARD -i eth1 -s 172.16.1.0/24 -j ACCEPT
iptables -A FORWARD -o eth0 -s 172.16.1.0/24 -j ACCEPT
iptables -A FORWARD -i eth0 -d 172.16.1.0/24 -j ACCEPT
iptables -A FORWARD -o eth1 -d 172.16.1.0/24 -j ACCEPT

5、配置web主机网卡

vim /etc/sysconfig/network-scripts/ifcfg-eth1
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
NAME=eth1
DEVICE=eth1
ONBOOT=yes
IPADDR=172.16.1.7
GATEWAY=172.16.1.72
PREFIX=24
DNS1=223.5.5.5

vim /etc/resolv.conf
nameserver 223.5.5.5

重启网卡

systemctl restart network 

6、测试网络

ping www.baidu.com