配置ipv4转发
修改servera配置文件/etc/sysctl.conf ,修改参数为1
net.ipv4.ip_forward = 1
配置生效: sysctl -p
修改网卡的zone
[root@192-168-109-110 ~]# firewall-cmd --permanent --zone=external --change-interface=ens160
The interface is under control of NetworkManager, setting zone to 'external'.
success
设置IP地址伪装(SNAT)
[root@192-168-109-110 ~]# firewall-cmd --zone=external --add-masquerade --permanent
Warning: ALREADY_ENABLED: masquerade
success
添加富规则,将source为192.168.109.0/24网段来的数据包伪装成external(即ens160)地址
[root@192-168-109-110 ~]# firewall-cmd --zone=external --add-rich-rule='rule family=ipv4 source address=192.168.109.0/24 masquerade'
success
重启防火墙使配置生效
[root@192-168-109-110 ~]# firewall-cmd --reload
success
测试效果:
[root@192-168-109-115 ~]# ping www.baidu.com
ping: www.baidu.com: Name or service not known
[root@192-168-109-115 ~]# ping www.baidu.com
PING www.a.shifen.com (182.61.200.6) 56(84) bytes of data.
64 bytes from 182.61.200.6 (182.61.200.6): icmp_seq=1 ttl=52 time=51.6 ms
64 bytes from 182.61.200.6 (182.61.200.6): icmp_seq=2 ttl=52 time=72.8 ms
^C
--- www.a.shifen.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 3ms
rtt min/avg/max/mdev = 51.627/62.194/72.762/10.570 ms