-3
我構建了一個本地服務器羣集。使用iptables的linux config網關
server2 eth0 IP:168.168.1.2
Gateway: 168.168.1.1
NETMASK: 255.255.0.0
server3: eth0 IP: 168.168.1.3
Gateway: 168.168.1.1
NETMASK: 255.255.0.0
server1: eth0 IP: 168.168.1.1
eth0:1 IP x.x.x.x(provided by ISP)
GATWWAY x.x.x.x(provided by ISP)
我想建立server1作爲子網的網關。 而且我可以成功訪問server1上的公共網絡。但是,它在server2上失敗。我在Server1上
#iptables -t nat -F
#iptables -t nat -A POSTROUTING -s 168.168.0.0/16 -o eth0:1 -j MASQUERADE
#iptables -t nat -A POSTROUTING -o eth0:1 -j MASQUERADE
#iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
#iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain LOGGING (0 references)
target prot opt source destination
運行以下命令在Server2上
#ping 173.194.127.240
PING 173.194.127.240 (173.194.127.240) 56(84) bytes of data.
From 168.168.1.1: icmp_seq=2 Redirect Host(New nexthop: x.x.x.x(ISP gateway))
From 168.168.1.1: icmp_seq=3 Redirect Host(New nexthop: x.x.x.x(ISP gateway))
From 168.168.1.1: icmp_seq=4 Redirect Host(New nexthop: x.x.x.x(ISP gateway))
--- 173.194.127.240 ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5950ms
這有什麼錯我的server1上的配置。我應該如何使用iptables配置網關?非常感謝
a)這個問題在這裏是題外話,屬於http://www.serverfault.com。等待它在那裏遷移b)我是一個擁有20年經驗的系統管理員,我不會直接或不敢小心翼翼地操縱iptables,因爲我有可能做錯或愚蠢的事情。我強烈建議使用[Tom Eastep的* Shorewall *](http://shorewall.net)或[firewalld](https://fedoraproject.org/wiki/FirewallD)(僅適用於類似RedHat的系統)。對於你的用例,我會一路使用Shorewall。 – 2015-11-18 08:41:33