- 本地主机的配置参数
外网的ip参数
内网的ip参数
- Ip配置。Eth0为外网 eth1为内网
[root@localhost ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:d1:e9:c8 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.123/24 brd 192.168.0.255 scope global eth0
inet6 fe80::20c:29ff:fed1:e9c8/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 00:0c:29:d1:e9:d2 brd ff:ff:ff:ff:ff:ff
inet 192.168.28.2/24 brd 192.168.28.255 scope global eth1
inet6 fe80::20c:29ff:fed1:e9d2/64 scope link
valid_lft forever preferred_lft forever
- Eth0配置
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
HWADDR=00:0c:29:d1:e9:c8
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=192.168.0.123
NETMASK=255.255.255.0
GATEWAY=192.168.0.1
DNS1=192.168.0.1
- Eth1配置
[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth0
TYPE=Ethernet
HWADDR=00:0c:29:d1:e9:d2
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=192.168.28.2
NETMASK=255.255.255.0
- 开启路由转发
[root@localhost ~]# sed -i '7 s/0/1/' /etc/sysctl.conf
[root@localhost ~]# sed -n '7p' /etc/sysctl.conf
net.ipv4.ip_forward = 1
- 清除IPtables规则
[root@localhost ~]# iptables -F
[root@localhost ~]# iptables -t nat -F
- 添加规则,让192.168.28.0网段的都可以上网
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.28.0/24 -j MASQUERADE
- 测试
[root@localhost ~]# ping www.baidu.com
PING www.a.shifen.com (182.61.200.7) 56(84) bytes of data.
64 bytes from 182.61.200.7: icmp_seq=1 ttl=51 time=14.1 ms
64 bytes from 182.61.200.7: icmp_seq=2 ttl=51 time=70.2 ms
^C
--- www.a.shifen.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1189ms
rtt min/avg/max/mdev = 14.196/42.223/70.250/28.027 ms
- 在虚拟机测试机的windows的设置
- 配置DNAT,使位于内网的服务器(192.168.28.102)所发布的web服务,能够对外发布,让外网的客户能够访问
[root@localhost ~]# netstat -anpt|grep httpd
tcp 0 0 :::80 :::* LISTEN 5906/httpd
[root@localhost ~]# echo "<h1>haolilong</h1>" > /var/www/html/index.html
[root@localhost ~]# cat /var/www/html/index.html
- <h1>haolilong</h1>
添加规则
[root@localhost ~]# iptables -t nat -A PREROUTING -i eth0 -p tcp -d 192.168.0.123 --dport 8888 -j DNAT --to-destination 192.168.28.102:80
[root@localhost ~]# iptables -t nat -A PREROUTING -i eth0 -p tcp -d 192.168.0.123 --dport 2222 -j DNAT --to-destination 192.168.28.102:22