內外網絡配置

• 本地主機的配置參數

外網的ip參數

內網的ip參數

• Ip配置。Eth0爲外網   eth1爲內網

[root@localhost ~]# ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

    link/ether 00:0c:29:d1:e9:c8 brd ff:ff:ff:ff:ff:ff

    inet 192.168.0.123/24 brd 192.168.0.255 scope global eth0

    inet6 fe80::20c:29ff:fed1:e9c8/64 scope link

       valid_lft forever preferred_lft forever

3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

    link/ether 00:0c:29:d1:e9:d2 brd ff:ff:ff:ff:ff:ff

    inet 192.168.28.2/24 brd 192.168.28.255 scope global eth1

    inet6 fe80::20c:29ff:fed1:e9d2/64 scope link

       valid_lft forever preferred_lft forever

 

• Eth0配置

[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0

HWADDR=00:0c:29:d1:e9:c8

TYPE=Ethernet

ONBOOT=yes

NM_CONTROLLED=yes

BOOTPROTO=static

IPADDR=192.168.0.123

NETMASK=255.255.255.0

GATEWAY=192.168.0.1

DNS1=192.168.0.1

 

• Eth1配置

[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1

DEVICE=eth0

TYPE=Ethernet

HWADDR=00:0c:29:d1:e9:d2

ONBOOT=yes

NM_CONTROLLED=yes

BOOTPROTO=static

IPADDR=192.168.28.2

NETMASK=255.255.255.0

 

• 開啓路由轉發

[root@localhost ~]# sed -i '7 s/0/1/' /etc/sysctl.conf

[root@localhost ~]# sed -n '7p' /etc/sysctl.conf

net.ipv4.ip_forward = 1

 

• 清除IPtables規則

[root@localhost ~]# iptables -F

[root@localhost ~]# iptables -t nat -F

 

• 添加規則，讓192.168.28.0網段的都可以上網

iptables -t nat -A POSTROUTING -o eth0 -s 192.168.28.0/24 -j MASQUERADE

 

• 測試

[root@localhost ~]# ping www.baidu.com

PING www.a.shifen.com (182.61.200.7) 56(84) bytes of data.

64 bytes from 182.61.200.7: icmp_seq=1 ttl=51 time=14.1 ms

64 bytes from 182.61.200.7: icmp_seq=2 ttl=51 time=70.2 ms

^C

--- www.a.shifen.com ping statistics ---

2 packets transmitted, 2 received, 0% packet loss, time 1189ms

rtt min/avg/max/mdev = 14.196/42.223/70.250/28.027 ms

 

• 在虛擬機測試機的windows的設置

 

• 配置DNAT,使位於內網的服務器（192.168.28.102）所發佈的web服務，能夠對外發布，讓外網的客戶能夠訪問

[root@localhost ~]# netstat -anpt|grep httpd

tcp        0      0 :::80                       :::*                        LISTEN      5906/httpd  

[root@localhost ~]# echo "<h1>haolilong</h1>" > /var/www/html/index.html

[root@localhost ~]# cat /var/www/html/index.html

• <h1>haolilong</h1>

添加規則

[root@localhost ~]# iptables -t nat -A PREROUTING -i eth0 -p tcp -d 192.168.0.123 --dport 8888 -j DNAT --to-destination 192.168.28.102:80

[root@localhost ~]# iptables -t nat -A PREROUTING -i eth0 -p tcp -d 192.168.0.123 --dport 2222 -j DNAT --to-destination 192.168.28.102:22