内外网络配置

• 本地主机的配置参数

外网的ip参数

内网的ip参数

• Ip配置。Eth0为外网   eth1为内网

[root@localhost ~]# ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 scope host lo

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

    link/ether 00:0c:29:d1:e9:c8 brd ff:ff:ff:ff:ff:ff

    inet 192.168.0.123/24 brd 192.168.0.255 scope global eth0

    inet6 fe80::20c:29ff:fed1:e9c8/64 scope link

       valid_lft forever preferred_lft forever

3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

    link/ether 00:0c:29:d1:e9:d2 brd ff:ff:ff:ff:ff:ff

    inet 192.168.28.2/24 brd 192.168.28.255 scope global eth1

    inet6 fe80::20c:29ff:fed1:e9d2/64 scope link

       valid_lft forever preferred_lft forever

 

• Eth0配置

[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0

HWADDR=00:0c:29:d1:e9:c8

TYPE=Ethernet

ONBOOT=yes

NM_CONTROLLED=yes

BOOTPROTO=static

IPADDR=192.168.0.123

NETMASK=255.255.255.0

GATEWAY=192.168.0.1

DNS1=192.168.0.1

 

• Eth1配置

[root@localhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1

DEVICE=eth0

TYPE=Ethernet

HWADDR=00:0c:29:d1:e9:d2

ONBOOT=yes

NM_CONTROLLED=yes

BOOTPROTO=static

IPADDR=192.168.28.2

NETMASK=255.255.255.0

 

• 开启路由转发

[root@localhost ~]# sed -i '7 s/0/1/' /etc/sysctl.conf

[root@localhost ~]# sed -n '7p' /etc/sysctl.conf

net.ipv4.ip_forward = 1

 

• 清除IPtables规则

[root@localhost ~]# iptables -F

[root@localhost ~]# iptables -t nat -F

 

• 添加规则，让192.168.28.0网段的都可以上网

iptables -t nat -A POSTROUTING -o eth0 -s 192.168.28.0/24 -j MASQUERADE

 

• 测试

[root@localhost ~]# ping www.baidu.com

PING www.a.shifen.com (182.61.200.7) 56(84) bytes of data.

64 bytes from 182.61.200.7: icmp_seq=1 ttl=51 time=14.1 ms

64 bytes from 182.61.200.7: icmp_seq=2 ttl=51 time=70.2 ms

^C

--- www.a.shifen.com ping statistics ---

2 packets transmitted, 2 received, 0% packet loss, time 1189ms

rtt min/avg/max/mdev = 14.196/42.223/70.250/28.027 ms

 

• 在虚拟机测试机的windows的设置

 

• 配置DNAT,使位于内网的服务器（192.168.28.102）所发布的web服务，能够对外发布，让外网的客户能够访问

[root@localhost ~]# netstat -anpt|grep httpd

tcp        0      0 :::80                       :::*                        LISTEN      5906/httpd  

[root@localhost ~]# echo "<h1>haolilong</h1>" > /var/www/html/index.html

[root@localhost ~]# cat /var/www/html/index.html

• <h1>haolilong</h1>

添加规则

[root@localhost ~]# iptables -t nat -A PREROUTING -i eth0 -p tcp -d 192.168.0.123 --dport 8888 -j DNAT --to-destination 192.168.28.102:80

[root@localhost ~]# iptables -t nat -A PREROUTING -i eth0 -p tcp -d 192.168.0.123 --dport 2222 -j DNAT --to-destination 192.168.28.102:22