Linux操作使用

linux 内外网(双网卡)路由配置

by 2nd Dog 
内外IP:192.168.100.100 网关:192.168.100.1
外网IP:192.168.0.11 网关:192.168.0.1

修改静态路由
a.sudo route add -net 192.168.100.0 netmask 255.255.255.0 gw 192.168.100.1 #内网路由
b.sudo route del default #删除默认路由
c.sudo route add default gw 192.168.0.1 #增加默认路由(外网)
网卡转发配置:
If you have 2 NICs on a Linux box, both configured with IP’s you don’t have to add a route from one network to another. That will be done automatically. Add a default gateway address on the WAN NIC. Do not do this in the configuration of the LAN NIC. Then enable forwarding in the kernel: 
echo 1 >> /proc/sys/net/ipv4/ip_forward
To make it auto-set this value on boot uncomment this line in/etc/sysctl.conf 
#net.ipv4.ip_forward=1
Then set up some rules in iptables to perform the natting and forwarding: 
# Always accept loopback traffic
iptables -A INPUT -i lo -j ACCEPT

# We allow traffic from the LAN side
iptables -A INPUT -i eth0 -j ACCEPT

######################################################################
#
#                         ROUTING
#
######################################################################

# eth0 is LAN
# eth1 is WAN

# Allow established connections
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
# Masquerade.
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
# fowarding
iptables -A FORWARD -i eth1 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT
# Allow outgoing connections from the LAN side.
iptables -A FORWARD -i eth0 -o eth1 -j ACCEPT

拓展阅读

Docker与iptables docker与iptables详解
iptables的mangle表
Post Views: 22