图示说明:

1.IP规划设置

主机名ip地址ip地址(第二个网卡配置的地址)地址类别
oldboy01192.168.10.20仅可访问内网主机
oldboy02192.168.10.1010.0.0.10可访问内外网主机

2.修改网卡配置及iptables配置


开始修改oldboy01(LAN)主机配置

[root@web01 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=none
IPADDR=192.168.10.20          #设置网卡ip
NETMASK=255.255.255.0        # 设置掩码
GATEWAY=192.168.10.10          #修改网关配置为oldboy2局域网IP地址
DNS1=223.5.5.5               #设置DNS,如果不设置DNS,则无法ping通域名
USERCTL=no
PEERDNS=yes
IPV6INIT=no

显示oldboy01的路由:

完成oldboy01的修改

2.开始oldboy02(WLAN)的设置

1 [root@oldboy02 ~]# echo "1"> /proc/sys/net/ipv4/ip_forward #修改当前系统内存中ip_forward的值,这是开启ip转发
2 [root@oldboy02 ~]# cat /proc/sys/net/ipv4/ip_forward
3  1
4 [root@oldboy02 ~]# sysctl -p

 

1 [root@proxy ~]# echo -e "# Controls IP packet forwarding\nnet.ipv4.ip_forward = 1 " >>/etc/sysctl.conf #将ip转发参数,写入内容到配置文件,每次启动机器时都会开启ip转发功能
2 [root@proxy ~]# tail -3 /etc/sysctl.conf
3 # Controls IP packet forwarding
4 net.ipv4.ip_forward = 1          






  • [root@oldboy02 /]#      iptables -t nat -A POSTROUTING -o eth0 -s 192.168.10.0/24 -j SNAT --to 10.0.0.10     #将内网出口规则写入到iptables内存中
  • [root@oldboy02 /]#      service iptables save          #保存设置
  •                                   #将上面写入的内容保存到文件中
  • iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]        #上面规则写入的配置文件/etc/sysconfig/iptables
  • [root@oldboy02 /]# /etc/init.d/iptables restart                #重启iptables
  • iptables: Setting chains to policy ACCEPT: nat filter [ OK ]
  • iptables: Flushing firewall rules: [ OK ]
  • iptables: Unloading modules: [ OK ]
  • iptables: Applying firewall rules: [ OK ]
  • [root@oldboy02 /]# iptables-save                    #显示iptables规则(iptables-save可以显示iptables配置文件及内存中新添加的规则)
  • # Generated by iptables-save v1.4.7 on Thu Nov 2 14:24:33 2017
  • *filter
  • :INPUT ACCEPT [10:720]
  • :FORWARD ACCEPT [0:0]
  • :OUTPUT ACCEPT [7:1032]
  • -A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
  • COMMIT
  • # Completed on Thu Nov 2 14:24:33 2017
  • # Generated by iptables-save v1.4.7 on Thu Nov 2 14:24:33 2017
  • *nat
  • :PREROUTING ACCEPT [0:0]
  • :POSTROUTING ACCEPT [1:120]
  • :OUTPUT ACCEPT [1:120]
  • -A POSTROUTING -s 192.168.10.0/24 -o eth0 -j SNAT --to-source 10.0.0.10             #之前追加的iptables规则
  • COMMIT
  • # Completed on Thu Nov 2 14:24:33 2017


完成修改oldboy02主机配置

3.测试是否可以访问外网oldboy01



01-23 17:04