- 本地主機的配置參數
外網的ip參數
內網的ip參數
- Ip配置。Eth0爲外網 eth1爲內網
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:d1:e9:c8 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.123/24 brd 192.168.0.255 scope global eth0
inet6 fe80::20c:29ff:fed1:e9c8/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:d1:e9:d2 brd ff:ff:ff:ff:ff:ff
inet 192.168.28.2/24 brd 192.168.28.255 scope global eth1
inet6 fe80::20c:29ff:fed1:e9d2/64 scope link
valid_lft forever preferred_lft forever
- Eth0配置
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
HWADDR=00:0c:29:d1:e9:c8
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=192.168.0.123
NETMASK=255.255.255.0
GATEWAY=192.168.0.1
DNS1=192.168.0.1
- Eth1配置
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth0
TYPE=Ethernet
HWADDR=00:0c:29:d1:e9:d2
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=192.168.28.2
NETMASK=255.255.255.0
- 開啓路由轉發
[root@localhost ~]# sed -i '7 s/0/1/' /etc/sysctl.conf
[root@localhost ~]# sed -n '7p' /etc/sysctl.conf
net.ipv4.ip_forward = 1
- 清除IPtables規則
[root@localhost ~]# iptables -F
[root@localhost ~]# iptables -t nat -F
- 添加規則,讓192.168.28.0網段的都可以上網
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.28.0/24 -j MASQUERADE
- 測試
[root@localhost ~]# ping www.baidu.com
PING www.a.shifen.com (182.61.200.7) 56(84) bytes of data.
64 bytes from 182.61.200.7: icmp_seq=1 ttl=51 time=14.1 ms
64 bytes from 182.61.200.7: icmp_seq=2 ttl=51 time=70.2 ms
^C
--- www.a.shifen.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1189ms
rtt min/avg/max/mdev = 14.196/42.223/70.250/28.027 ms
- 在虛擬機測試機的windows的設置
- 配置DNAT,使位於內網的服務器(192.168.28.102)所發佈的web服務,能夠對外發布,讓外網的客戶能夠訪問
[root@localhost ~]# netstat -anpt|grep httpd
tcp 0 0 :::80 :::* LISTEN 5906/httpd
[root@localhost ~]# echo "<h1>haolilong</h1>" > /var/www/html/index.html
[root@localhost ~]# cat /var/www/html/index.html
- <h1>haolilong</h1>
添加規則
[root@localhost ~]# iptables -t nat -A PREROUTING -i eth0 -p tcp -d 192.168.0.123 --dport 8888 -j DNAT --to-destination 192.168.28.102:80
[root@localhost ~]# iptables -t nat -A PREROUTING -i eth0 -p tcp -d 192.168.0.123 --dport 2222 -j DNAT --to-destination 192.168.28.102:22