内网的server 为HTTP,IP:10.0.0.85 linux防火墙FW有两个网卡,etho 192.168.122.11连接外网,eth1 10.0.0.250连接外网,拓扑如下:
<a href="http://blog.51cto.com/attachment/201303/142410246.jpg" target="_blank"></a>
在server上添加一条默认路由:
[root@vm1 ~]# route add default gw 10.0.0.250
开启HTTP 注意将不用的网卡down掉
ifconfig eth1(lo) down
FW临时添加网卡eth1:
[root@vm1 ~]# ifconfig eth0 10.0.0.250 netmask 255.255.255.0 up
FW上开启内核IP转发:
[root@vm1 ~]# cat /etc/sysctl.conf
net.ipv4.ip_forward = 1
[root@vm1 ~]# sysctl -p
[root@vm1 ~]# iptables -F -t nat
[root@vm1 ~]# iptables -X -t nat
[root@vm1 ~]# iptables -Z -t nat
[root@vm1 ~]# iptables -t nat -P PREROUTING ACCEPT
[root@vm1 ~]# iptables -t nat -P POSTROUTING ACCEPT
[root@vm1 ~]# iptables -t nat -P OUTPUT ACCEPT
[root@vm1 ~]# iptables -t nat -A PREROUTING -i eth0 -p tcp --dport 80 -j DNAT --to-destination 10.0.0.85
[root@vm1 ~]# /etc/init.d/iptables save 保存
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
[root@vm1 ~]# /etc/init.d/iptables restart 重启
[root@vm1 ~]# /etc/init.d/httpd start 开启HTTP
Starting httpd:
这样在外网的92.168.122.1就可以通过访问192.168.122.11去访问WEB server了
如果是FTP SERVER那么还得做个SNAT,如:
[root@vm1 ~]# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 192.168.122.1
[root@vm1 ~]# modprobe nf-nat-ftp
本文转自 369蓝宝 51CTO博客,原文链接:http://blog.51cto.com/3739387/1157971,如需转载请自行联系原作者
![linux-svn卸载与安装[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)