日本综合一区二区|亚洲中文天堂综合|日韩欧美自拍一区|男女精品天堂一区|欧美自拍第6页亚洲成人精品一区|亚洲黄色天堂一区二区成人|超碰91偷拍第一页|日韩av夜夜嗨中文字幕|久久蜜综合视频官网|精美人妻一区二区三区

RELATEED CONSULTING
相關(guān)咨詢
選擇下列產(chǎn)品馬上在線溝通
服務(wù)時(shí)間:8:30-17:00
你可能遇到了下面的問(wèn)題
關(guān)閉右側(cè)工具欄

新聞中心

這里有您想知道的互聯(lián)網(wǎng)營(yíng)銷解決方案
配置iptables防火墻(二)-創(chuàng)新互聯(lián)

配置iptables防火墻(二)

創(chuàng)新互聯(lián)建站專業(yè)為企業(yè)提供利川網(wǎng)站建設(shè)、利川做網(wǎng)站、利川網(wǎng)站設(shè)計(jì)、利川網(wǎng)站制作等企業(yè)網(wǎng)站建設(shè)、網(wǎng)頁(yè)設(shè)計(jì)與制作、利川企業(yè)網(wǎng)站模板建站服務(wù),10余年利川做網(wǎng)站經(jīng)驗(yàn),不只是建網(wǎng)站,更提供有價(jià)值的思路和整體網(wǎng)絡(luò)服務(wù)。

DNAT策略的應(yīng)用

1、清空所有表的防火墻

[root@s2 ~]# iptables -F

[root@s2 ~]# iptables -t nat -F

[root@s2 ~]# iptables -t raw -F

[root@s2 ~]# iptables -t mangle -F

2、在網(wǎng)關(guān)防火墻上 兩塊網(wǎng)卡

[root@s2 ~]# ifconfig

eth0    Link encap:Ethernet  HWaddr 00:0C:29:87:17:A0

     inet addr:192.168.10.10  Bcast:192.168.10.255  Mask:255.255.255.0

     inet6 addr: fe80::20c:29ff:fe87:17a0/64 Scope:Link

     UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

     RX packets:53 errors:0 dropped:0 overruns:0 frame:0

     TX packets:80 errors:0 dropped:0 overruns:0 carrier:0

     collisions:0 txqueuelen:1000

     RX bytes:5525 (5.3 KiB)  TX bytes:13431 (13.1 KiB)

     Interrupt:59 Base address:0x2000

eth2    Link encap:Ethernet  HWaddr 00:0C:29:87:17:AA

     inet addr:200.100.100.1  Bcast:200.100.100.255  Mask:255.255.255.0

確認(rèn)網(wǎng)關(guān)上可以ping通內(nèi)網(wǎng)客戶機(jī),外網(wǎng) 客戶機(jī)

[root@s2 ~]# ping 192.168.10.3

PING 192.168.10.3 (192.168.10.3) 56(84) bytes of data.

64 bytes from 192.168.10.3: icmp_seq=1 ttl=128 time=1.22 ms

--- 192.168.10.3 ping statistics ---

1 packets transmitted, 1 received, 0% packet loss, time 0ms

rtt min/avg/max/mdev = 1.225/1.225/1.225/0.000 ms

[root@s2 ~]# ping 200.100.100.2

PING 200.100.100.2 (200.100.100.2) 56(84) bytes of data.

64 bytes from 200.100.100.2: icmp_seq=1 ttl=64 time=1.68 ms

64 bytes from 200.100.100.2: icmp_seq=2 ttl=64 time=0.375 ms

64 bytes from 200.100.100.2: icmp_seq=3 ttl=64 time=0.175 ms

--- 200.100.100.2 ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 1999ms

rtt min/avg/max/mdev = 0.175/0.744/1.682/0.668 ms

3、確認(rèn)開(kāi)啟路由轉(zhuǎn)發(fā)

[root@s2 ~]# vi /etc/sysctl.conf

net.ipv4.ip_forward = 1

[root@s2 ~]# sysctl -p

net.ipv4.ip_forward = 1

net.ipv4.conf.default.rp_filter = 1

net.ipv4.conf.default.accept_source_route = 0

kernel.sysrq = 0

kernel.core_uses_pid = 1

net.ipv4.tcp_syncookies = 1

kernel.msgmnb = 65536

kernel.msgmax = 65536

kernel.shmmax = 4294967295

kernel.shmall = 268435456

4、在網(wǎng)關(guān)上添加DNAT映射,對(duì)于訪問(wèn)網(wǎng)關(guān)80端口的數(shù)據(jù)包,將目標(biāo)地址改為網(wǎng)站服務(wù)器的ip地址的內(nèi)網(wǎng)IP地址

[root@s2 ~]# iptables -t nat -A PREROUTING -i eth1 -d 200.100.100.1 -p tcp --dport 80 -j DNAT --to-destination 192.168.10.3

5、外網(wǎng)用戶訪問(wèn)內(nèi)網(wǎng)的Web服務(wù)器測(cè)試下

配置iptables防火墻(二)

SNAT策略應(yīng)用

1、清空所有表的防火墻

[root@s2 ~]# iptables -F

[root@s2 ~]# iptables -t nat -F

[root@s2 ~]# iptables -t raw -F

[root@s2 ~]# iptables -t mangle -F

2、在網(wǎng)關(guān)防火墻上 兩塊網(wǎng)卡

[root@s2 ~]# ifconfig

eth0    Link encap:Ethernet  HWaddr 00:0C:29:87:17:A0

     inet addr:192.168.10.10  Bcast:192.168.10.255  Mask:255.255.255.0

     inet6 addr: fe80::20c:29ff:fe87:17a0/64 Scope:Link

     UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

     RX packets:53 errors:0 dropped:0 overruns:0 frame:0

     TX packets:80 errors:0 dropped:0 overruns:0 carrier:0

     collisions:0 txqueuelen:1000

     RX bytes:5525 (5.3 KiB)  TX bytes:13431 (13.1 KiB)

     Interrupt:59 Base address:0x2000

eth2    Link encap:Ethernet  HWaddr 00:0C:29:87:17:AA

     inet addr:200.100.100.1  Bcast:200.100.100.255  Mask:255.255.255.0

確認(rèn)網(wǎng)關(guān)上可以ping通內(nèi)網(wǎng)客戶機(jī),外網(wǎng) 客戶機(jī)

[root@s2 ~]# ping 192.168.10.3

PING 192.168.10.3 (192.168.10.3) 56(84) bytes of data.

64 bytes from 192.168.10.3: icmp_seq=1 ttl=128 time=1.22 ms

--- 192.168.10.3 ping statistics ---

1 packets transmitted, 1 received, 0% packet loss, time 0ms

rtt min/avg/max/mdev = 1.225/1.225/1.225/0.000 ms

[root@s2 ~]# ping 200.100.100.2

PING 200.100.100.2 (200.100.100.2) 56(84) bytes of data.

64 bytes from 200.100.100.2: icmp_seq=1 ttl=64 time=1.68 ms

64 bytes from 200.100.100.2: icmp_seq=2 ttl=64 time=0.375 ms

64 bytes from 200.100.100.2: icmp_seq=3 ttl=64 time=0.175 ms

--- 200.100.100.2 ping statistics ---

3 packets transmitted, 3 received, 0% packet loss, time 1999ms

rtt min/avg/max/mdev = 0.175/0.744/1.682/0.668 ms

3、確認(rèn)開(kāi)啟路由轉(zhuǎn)發(fā)

[root@s2 ~]# vi /etc/sysctl.conf

net.ipv4.ip_forward = 1

[root@s2 ~]# sysctl -p

net.ipv4.ip_forward = 1

net.ipv4.conf.default.rp_filter = 1

net.ipv4.conf.default.accept_source_route = 0

kernel.sysrq = 0

kernel.core_uses_pid = 1

net.ipv4.tcp_syncookies = 1

kernel.msgmnb = 65536

kernel.msgmax = 65536

kernel.shmmax = 4294967295

kernel.shmall = 268435456

6、為局域網(wǎng)訪問(wèn)Internet的數(shù)據(jù)的包采用SNAT策略,將源地址更改為服務(wù)器的公網(wǎng)的IP

地址

[root@s2 ~]# iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -j SNAT --to-source 200.100.100.1

7、內(nèi)網(wǎng)客戶機(jī)訪問(wèn)外網(wǎng)Web服務(wù)器測(cè)試

配置iptables防火墻(二)

另外有需要云服務(wù)器可以了解下創(chuàng)新互聯(lián)scvps.cn,海內(nèi)外云服務(wù)器15元起步,三天無(wú)理由+7*72小時(shí)售后在線,公司持有idc許可證,提供“云服務(wù)器、裸金屬服務(wù)器、高防服務(wù)器、香港服務(wù)器、美國(guó)服務(wù)器、虛擬主機(jī)、免備案服務(wù)器”等云主機(jī)租用服務(wù)以及企業(yè)上云的綜合解決方案,具有“安全穩(wěn)定、簡(jiǎn)單易用、服務(wù)可用性高、性價(jià)比高”等特點(diǎn)與優(yōu)勢(shì),專為企業(yè)上云打造定制,能夠滿足用戶豐富、多元化的應(yīng)用場(chǎng)景需求。


當(dāng)前文章:配置iptables防火墻(二)-創(chuàng)新互聯(lián)
當(dāng)前地址:http://www.dlmjj.cn/article/dshpss.html