先找一台可以上网的centos主机。假设其连接公网的网口是eth0,与客户机都属于192.168.0.0/16,使用nat方式上网,则进行如下这番配置:
vim /etc/sysconfig/iptables
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A POSTROUTING -s 192.168.0.0/16 -o eth0 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A FORWARD -s 192.168.0.0/16 -j ACCEPT
-A FORWARD -d 192.168.0.0/16 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
保存退出后重启iptables服务,别忘了开启转发功能,
vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
保存退出再执行
echo "1" >/proc/sys/net/ipv4/ip_forward
客户机只要能顺利与这台centos主机通信即可。假如这台centos主机是两块网卡一公网一内网,我个人猜想-A FORWARD -d后面要加的就是那个公网ip了。客户机网关则统一填写内网ip即可。
本文转自 朱科强 51CTO博客,原文链接:http://blog.51cto.com/zhukeqiang/1860329,如需转载请自行联系原作者
