Illustration:
1.IP planning settings
| Host name | ip address | ip address (the address configured by the second network card) | address category |
| oldboy01 | 192.168. 10.20 | Empty | Only access to intranet hosts |
| oldboy02 | < span style= "font-size: 18pt;">192.168.10.10 | 10.0.0.10 | Access to internal and external network hosts |
2. Modify network card configuration and iptables configuration
??? strong>??? ????< /strong>??? strong>??? ????? strong>??????< strong>???? strong>??????< strong>???? strong>???????? ????< /strong>??? strong>??? ????< /strong>??? strong>??? ????< /strong>???????? ?????????? ?????????? ?? ?????? strong>?? strong>?? ?< /strong> ? ? < strong>?< strong>? strong>?? strong>< /strong>? ?< /strong> ? ?? ?< /strong>? strong>< strong>?< /strong>< strong>? < strong>? ?< /strong> ? ?< /strong>< strong>? < strong>? ?< /strong> ? ?? < strong>? < strong>?? ?? strong>< strong>?< strong>? strong>?? strong>?< /strong> ?< /strong> ? ?? < strong>? strong>?? strong>?< /strong>? ?< /strong>< strong>?< /strong>? strong>?< /strong>? ?< /strong>< strong>
< /strong>
< strong>Start to modify the oldboy01 (LAN) host configuration
[[emailprotected ] ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=none
IPADDR=192.168.10.20 #Set the network card ip
NETMASK=255.255.255.0 # Set the mask
GATEWAY=192.168.10.10 change the gateway configuration IP address
DNS1=223.5.5.5 # Set DNS, if you don’t set DNS, you can’t ping the domain name
USERCTL=no
PEERDNS=yes
IPV6INIT=no
Display the route of oldboy01:
Complete the modification of oldboy01
? ?? < strong>?< strong>? strong>??< /strong>? ?< /strong> ? ????????????????????? ?????????< strong>????? ???????????????< /strong>????????????????????????< strong>????? ?????
2.开始oldboy02(WLAN)的设置
1 [[email protected] ~]# echo "1"> /proc/sys/net/ipv4/ip_forward #修改当前系统内存中ip_forward的值,这是开启ip转发 2 [[email protected] ~]# cat /proc/sys/net/ipv4/ip_forward 3 1
4 [[email protected] ~]# sysctl -p
1 [[email protected] ~]# echo -e "# Controls IP packet forwarding
net.ipv4.ip_forward = 1 " >>/etc/sysctl.conf #将ip转发参数,写入内容到配置文件,每次启动机器时都会开启ip转发功能 2 [[e mail protected] ~]# tail -3 /etc/sysctl.conf 3 # Controls IP packet forwarding 4 net.ipv4.ip_forward = 1
- [[email protected] /]# iptables -t nat -A POSTROUTING -o eth0 -s 192.168.10.0/24 -j SNAT –to 10.0.0.10 #将内网出口规则写入到iptables内存中
- [[email protected] /]# service iptables save #保存设置
- #将上面写入的内容保存到文件中
- iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ] #上面规则写入的配置文件/etc/sysconfig/iptables
- [[email protected] /]# /etc/init.d/iptables restart #重启iptables
- < span style="font-size: 16px;">iptables: Setting chains to policy ACCEPT: nat filter [ OK ]
- iptables: Flushing firewall rules: [ OK ]
- iptables: Unloading modules: [ OK ]
- iptables: Applying firewall rules: [ OK ]
- [[email protected] /]# iptables-save #显示iptables规则(iptables-save可以显示iptables配置文件及内存中新添加的规则)
- # Generated by iptables-save v1.4.7 on Thu Nov 2 14:24:33 2017
- *filter
- :INPUT ACCEPT [10:720]
- :FORWARD ACCEPT [0:0]
- :OUTPUT ACCEPT [7:1032]
- -A OUTPUT -p tcp -m tcp –dport 80 -j ACCEPT
- COMMIT
- # Completed on Thu Nov 2 14:24:33 2017
- # Generated by iptables-save v1.4.7 on Thu Nov 2 14:24:33 2017
- *nat
- :PREROUTING ACCEPT [0:0]
- :POSTROUTING ACCEPT [1:120]
- :OUTPUT ACCEPT [1:120]
- -A POSTROUTING -s 192.168.10.0/24 -o eth0 -j SNAT –to-source 10.0.0.10 #之前追加的iptables规则
- COMMIT
- # Completed on Thu Nov 2 14:24:33 2017
完成修改oldboy02主机配置
3.测试是否可以访问外网oldboy01
