热门标签
热门文章
- 1力扣62-不同路径(动态规划,递归,数学公式多方法比较 Java题解)_力扣不同路径
- 2数据库中的算法实现_数据库算法实现
- 3VSCode学习笔记No.3_vscode 关闭代理
- 42023年十款开源测试开发工具推荐!_开源测试工具
- 5适用于电脑的 8 款文件-软件迁移软件 – 快速安全地更换电脑!_局域网文件传输工具
- 6python练习题(1)--顺序程序设计_已知变量string=' python
- 73-5、以太坊在本地私有链创建节点,新增节点,节点间的同步,详细篇(黄金篇)?_eth新加入节点同步数据
- 8【SPIE独立出版 | EI&Scopus检索 | 往届均已见刊检索】第三届高级算法与信号图像处理国际会议AASIP2023_spie出版社
- 92021秋招-算法-BFS-DFS_秋招算法 dfs-bfs
- 10区块链溯源技术的应用:区块链溯源在零售业中的应用_区块链 溯源
当前位置: article > 正文
Linux:iptables防火墙部署优化之连接转移(目的地地址转化)
作者:AllinToyou | 2024-05-26 23:19:44
赞
踩
Linux:iptables防火墙部署优化之连接转移(目的地地址转化)
Linux:iptables防火墙部署优化之连接转移(目的地地址转化)
node1操作
检测ip情况
#查看网卡的ip信息 [root@node1 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:33:49:40 brd ff:ff:ff:ff:ff:ff altname enp3s0 altname ens160 inet 172.25.254.200/24 brd 172.25.254.255 scope global noprefixroute eth0 valid_lft forever preferred_lft forever inet6 fe80::fa94:b632:5bd6:a146/64 scope link noprefixroute valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:33:49:4a brd ff:ff:ff:ff:ff:ff altname enp19s0 altname ens224 inet 192.168.0.100/24 brd 192.168.0.255 scope global noprefixroute eth1 valid_lft forever preferred_lft forever inet6 fe80::518f:2870:1a4c:178f/64 scope link noprefixroute valid_lft forever preferred_lft forever
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
关闭firewalld防火墙服务,并锁定该服务
[root@node1 ~]# systemctl disable --now firewalld.service
Removed "/etc/systemd/system/multi-user.target.wants/firewalld.service".
Removed "/etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service".
# 锁定firewalld服务
[root@node1 ~]# systemctl mask firewalld.service
Created symlink /etc/systemd/system/firewalld.service → /dev/null.
- 1
- 2
- 3
- 4
- 5
- 6
- 7
开启iptables服务
[root@node1 ~]# systemctl enable --now iptables.service
Created symlink /etc/systemd/system/multi-user.target.wants/iptables.service → /usr/lib/systemd/system/iptables.service.
- 1
- 2
清空iptables的默认策略
[root@node1 ~]# iptables -F
[root@node1 ~]# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
开启内核路由转发功能
# 发现内核路由转发功能未开启
[root@node1 ~]# sysctl -a | grep ip_forward
net.ipv4.ip_forward = 0
net.ipv4.ip_forward_update_priority = 1
net.ipv4.ip_forward_use_pmtu = 0
# 修改配置文件,开启内核路由转发功能
[root@node1 ~]# vim /etc/sysctl.conf
[root@node1 ~]# sysctl -p
net.ipv4.ip_forward = 1
[root@node1 ~]# sysctl -a | grep ip_forward
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_update_priority = 1
net.ipv4.ip_forward_use_pmtu = 0
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
配置iptables的策略,实现连接转移(目的地地址转换)
[root@server100 ~]# iptables -t nat -A PREROUTING -i eth0 -j DNAT --to-dest 192.168.0.200
[root@server100 ~]# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT all -- anywhere anywhere to:192.168.0.200
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
node2测试,是否可以登录转移
ssh root@172.25.254.100 Warning: Permanently added '172.25.254.100' (ED25519) to the list of known hosts. root@172.25.254.100's password: Activate the web console with: systemctl enable --now cockpit.socket Register this system with Red Hat Insights: insights-client --register Create an account or view all your systems at https://red.ht/insights-dashboard Last login: Thu May 16 20:09:18 2024 from 192.168.0.1 [root@node2 ~]# [root@node2 ~]# ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000 link/ether 00:0c:29:8c:36:ce brd ff:ff:ff:ff:ff:ff altname enp3s0 altname ens160 inet 192.168.0.200/24 brd 192.168.0.255 scope global noprefixroute eth0 valid_lft forever preferred_lft forever inet6 fe80::261:1a18:738d:cacb/64 scope link noprefixroute valid_lft forever preferred_lft forever
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
这里原来是登录到node1主机,但是却登录到了node2主机
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/AllinToyou/article/detail/628857
推荐阅读
相关标签
