内網的server 為HTTP,IP:10.0.0.85 linux防火牆FW有兩個網卡,etho 192.168.122.11連接配接外網,eth1 10.0.0.250連接配接外網,拓撲如下:
<a href="http://blog.51cto.com/attachment/201303/142410246.jpg" target="_blank"></a>
在server上添加一條預設路由:
[root@vm1 ~]# route add default gw 10.0.0.250
開啟HTTP 注意将不用的網卡down掉
ifconfig eth1(lo) down
FW臨時添加網卡eth1:
[root@vm1 ~]# ifconfig eth0 10.0.0.250 netmask 255.255.255.0 up
FW上開啟核心IP轉發:
[root@vm1 ~]# cat /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@vm1 ~]# sysctl -p
[root@vm1 ~]# iptables -F -t nat
[root@vm1 ~]# iptables -X -t nat
[root@vm1 ~]# iptables -Z -t nat
[root@vm1 ~]# iptables -t nat -P PREROUTING ACCEPT
[root@vm1 ~]# iptables -t nat -P POSTROUTING ACCEPT
[root@vm1 ~]# iptables -t nat -P OUTPUT ACCEPT
[root@vm1 ~]# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.0.0.85
[root@vm1 ~]# /etc/init.d/iptables save 儲存
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
[root@vm1 ~]# /etc/init.d/iptables restart 重新開機
[root@vm1 ~]# /etc/init.d/httpd start 開啟HTTP
Starting httpd:
這樣在外網的92.168.122.1就可以通過通路192.168.122.11去通路WEB server了
如果是FTP SERVER那麼還得做個SNAT,如:
[root@vm1 ~]# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.122.1
[root@vm1 ~]# modprobe nf-nat-ftp
本文轉自 369藍寶 51CTO部落格,原文連結:http://blog.51cto.com/3739387/1157971,如需轉載請自行聯系原作者
![linux-svn解除安裝與安裝[圖]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)