当前位置: 技术问答>linux和unix
听朋友说这高手多,立即注册来提问题
来源: 互联网 发布时间:2017-05-30
本文导语: 听朋友说这高手多,立即注册来提问题。急啊! 实验室机房升级,可是学校给的ip不够用了。叫兽让我做一个GATEWAY出来。让内网IP的机器可以通过分享一个公共IP的方式来上网。我答应了,可是LINUX不熟悉啊!今天再...
听朋友说这高手多,立即注册来提问题。急啊!
实验室机房升级,可是学校给的ip不够用了。叫兽让我做一个GATEWAY出来。让内网IP的机器可以通过分享一个公共IP的方式来上网。我答应了,可是LINUX不熟悉啊!今天再搞不定,这个工作就危险了。
做网关的机器是centos 6.5, 内网IP 192.168.200.1.查了些资料,做了如下工作:
net.ipv4.ip_forward=1
然后在iptables里,做了这个
-A FORWARD -i eth2 -m iprange --src-range 192.168.200.2 - 192.168.200.20
重启了机器,但是不好使啊!
所以,哪位好心的大神来帮帮我吧!知道明天长假,也不知道还有人么?
实验室机房升级,可是学校给的ip不够用了。叫兽让我做一个GATEWAY出来。让内网IP的机器可以通过分享一个公共IP的方式来上网。我答应了,可是LINUX不熟悉啊!今天再搞不定,这个工作就危险了。
做网关的机器是centos 6.5, 内网IP 192.168.200.1.查了些资料,做了如下工作:
net.ipv4.ip_forward=1
然后在iptables里,做了这个
-A FORWARD -i eth2 -m iprange --src-range 192.168.200.2 - 192.168.200.20
重启了机器,但是不好使啊!
所以,哪位好心的大神来帮帮我吧!知道明天长假,也不知道还有人么?
|
u had a good start. The first two steps are all correct. And you will have to further tweak ur iptables rules. Assuming you have two nics, eth2 is for local network and eth1 is connected to outside world
In the FORWARD chain, you have defined outgoing source to this ip range. That tells iptables to forward the traffic from these ips to their destination. u should also do something like:
-A FORWARD -eth2 -m iprange --dst-range 192.168.200.2 - 192.168.200.20 -j ACCEPT
Also, you will have to define the rule in the nat table after filter:
*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -m --src-range 192.168.200.2 - 192.168.200.20 -o eth1 -j MASQUERADE
COMMIT
Since you are using centos, you can find a full reference at RedHat website:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/Security_Guide/s1-firewall-ipt-fwd.html
Good luck!
In the FORWARD chain, you have defined outgoing source to this ip range. That tells iptables to forward the traffic from these ips to their destination. u should also do something like:
-A FORWARD -eth2 -m iprange --dst-range 192.168.200.2 - 192.168.200.20 -j ACCEPT
Also, you will have to define the rule in the nat table after filter:
*nat
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -m --src-range 192.168.200.2 - 192.168.200.20 -o eth1 -j MASQUERADE
COMMIT
Since you are using centos, you can find a full reference at RedHat website:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/4/html/Security_Guide/s1-firewall-ipt-fwd.html
Good luck!
|
这个不知道,放到 “系统维护与使用区” 可能更合适,假期的人比较少
|
Assuming you have two nics, eth2 is for local network and eth1 is connected to outside world