免费视频淫片aa毛片_日韩高清在线亚洲专区vr_日韩大片免费观看视频播放_亚洲欧美国产精品完整版

打開APP
userphoto
未登錄

開通VIP,暢享免費(fèi)電子書等14項(xiàng)超值服

開通VIP

首頁

好書

留言交流

下載APP

聯(lián)系客服
怎么配置iptables防火墻
配置iptables防火墻(二)
DNAT策略的應(yīng)用
1、清空所有表的防火墻
[root@s2 ~]# iptables -F
[root@s2 ~]# iptables -t nat -F
[root@s2 ~]# iptables -t raw -F
[root@s2 ~]# iptables -t mangle -F
2、在網(wǎng)關(guān)防火墻上 兩塊網(wǎng)卡
[root@s2 ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0C:29:87:17:A0  
          inet addr:192.168.10.10  Bcast:192.168.10.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe87:17a0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:53 errors:0 dropped:0 overruns:0 frame:0
          TX packets:80 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:5525 (5.3 KiB)  TX bytes:13431 (13.1 KiB)
          Interrupt:59 Base address:0x2000 (http://www.hnbenet.com/)
 
eth1      Link encap:Ethernet  HWaddr 00:0C:29:87:17:AA 
          inet addr:200.100.100.1  Bcast:200.100.100.255  Mask:255.255.255.0
確認(rèn)網(wǎng)關(guān)上可以ping通內(nèi)網(wǎng)客戶機(jī),外網(wǎng) 客戶機(jī)
[root@s2 ~]# ping 192.168.10.3
PING 192.168.10.3 (192.168.10.3) 56(84) bytes of data.
64 bytes from 192.168.10.3: icmp_seq=1 ttl=128 time=1.22 ms
 
--- 192.168.10.3 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.225/1.225/1.225/0.000 ms
[root@s2 ~]# ping 200.100.100.2
PING 200.100.100.2 (200.100.100.2) 56(84) bytes of data.
64 bytes from 200.100.100.2: icmp_seq=1 ttl=64 time=1.68 ms
64 bytes from 200.100.100.2: icmp_seq=2 ttl=64 time=0.375 ms
64 bytes from 200.100.100.2: icmp_seq=3 ttl=64 time=0.175 ms
 
--- 200.100.100.2 ping statistics --- (計(jì)算機(jī)學(xué)校http://www.computerpx.com/)
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.175/0.744/1.682/0.668 ms
3、確認(rèn)開啟路由轉(zhuǎn)發(fā)
[root@s2 ~]# vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@s2 ~]# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 4294967295
kernel.shmall = 268435456
4、在網(wǎng)關(guān)上添加DNAT映射,對(duì)于訪問網(wǎng)關(guān)80端口的數(shù)據(jù)包,將目標(biāo)地址改為網(wǎng)站服務(wù)器的ip地址的內(nèi)網(wǎng)IP地址
[root@s2 ~]# iptables -t nat -A PREROUTING -i eth1 -d 200.100.100.1 -p tcp --dport 80 -j DNAT --to-destination 192.168.10.3
5、外網(wǎng)用戶訪問內(nèi)網(wǎng)的Web服務(wù)器測(cè)試下
 
SNAT策略應(yīng)用
1、清空所有表的防火墻
[root@s2 ~]# iptables -F
[root@s2 ~]# iptables -t nat -F
[root@s2 ~]# iptables -t raw -F
[root@s2 ~]# iptables -t mangle -F
2、在網(wǎng)關(guān)防火墻上 兩塊網(wǎng)卡
[root@s2 ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 00:0C:29:87:17:A0 
          inet addr:192.168.10.10  Bcast:192.168.10.255  Mask:255.255.255.0
          inet6 addr: fe80::20c:29ff:fe87:17a0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:53 errors:0 dropped:0 overruns:0 frame:0
          TX packets:80 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:5525 (5.3 KiB)  TX bytes:13431 (13.1 KiB)
          Interrupt:59 Base address:0x2000
 
eth1      Link encap:Ethernet  HWaddr 00:0C:29:87:17:AA 
          inet addr:200.100.100.1  Bcast:200.100.100.255  Mask:255.255.255.0
確認(rèn)網(wǎng)關(guān)上可以ping通內(nèi)網(wǎng)客戶機(jī),外網(wǎng) 客戶機(jī)
[root@s2 ~]# ping 192.168.10.3
PING 192.168.10.3 (192.168.10.3) 56(84) bytes of data.
64 bytes from 192.168.10.3: icmp_seq=1 ttl=128 time=1.22 ms
 
--- 192.168.10.3 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 1.225/1.225/1.225/0.000 ms
[root@s2 ~]# ping 200.100.100.2
PING 200.100.100.2 (200.100.100.2) 56(84) bytes of data.
64 bytes from 200.100.100.2: icmp_seq=1 ttl=64 time=1.68 ms
64 bytes from 200.100.100.2: icmp_seq=2 ttl=64 time=0.375 ms
64 bytes from 200.100.100.2: icmp_seq=3 ttl=64 time=0.175 ms
 
--- 200.100.100.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.175/0.744/1.682/0.668 ms
3、確認(rèn)開啟路由轉(zhuǎn)發(fā)
[root@s2 ~]# vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@s2 ~]# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 4294967295
kernel.shmall = 268435456
6、為局域網(wǎng)訪問Internet的數(shù)據(jù)的包采用SNAT策略,將源地址更改為服務(wù)器的公網(wǎng)的IP
地址
[root@s2 ~]# iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -j SNAT --to-source 200.100.100.1
7、內(nèi)網(wǎng)客戶機(jī)訪問外網(wǎng)Web服務(wù)器測(cè)試



本站僅提供存儲(chǔ)服務(wù),所有內(nèi)容均由用戶發(fā)布,如發(fā)現(xiàn)有害或侵權(quán)內(nèi)容,請(qǐng)點(diǎn)擊舉報(bào)。
打開APP,閱讀全文并永久保存 查看更多類似文章
猜你喜歡
類似文章
怎么從傳統(tǒng)的Linux網(wǎng)絡(luò)視角理解容器網(wǎng)絡(luò)?
網(wǎng)絡(luò)的路由配置以及Centos7的網(wǎng)絡(luò)組實(shí)現(xiàn)
為什么我們家里的IP都是192.168開頭的?
linux命令之ping命令
VirtualBox虛擬機(jī)與主機(jī)互通,并且虛擬機(jī)又能上網(wǎng)配置
Kali Linux 秘籍之BASH Ping輕松搞定跨三層網(wǎng)絡(luò)自動(dòng)IP存活檢測(cè)
更多類似文章 >>
生活服務(wù)
分享 收藏 導(dǎo)長(zhǎng)圖 關(guān)注 下載文章
綁定賬號(hào)成功
后續(xù)可登錄賬號(hào)暢享VIP特權(quán)!
如果VIP功能使用有故障,
可點(diǎn)擊這里聯(lián)系客服!

聯(lián)系客服