**一.配置网关服务器**
1.生成ens34和ens35网卡:
cp /etc/sysconfig/network-scripts/ifcfg-ens32 /etc/sysconfig/network-scripts/ifcfg-ens34
anghs
cp /etc/sysconfig/network-scripts/ifcfg-ens32 /etc/sysconfig/network-scripts/ifcfg-ens35
2.配置ens35网卡:vim /etc/sysconfig/network-scripts/ifcfg-ens35
![在这里插入图片描述](https://www.icode9.com/i/ll/?i=20210511151700868.png)
3.配置ens34网卡:vim /etc/sysconfig/network-scripts/ifcfg-ens34
![在这里插入图片描述](https://www.icode9.com/i/ll/?i=20210511151826658.png)
4.重启网卡:systemctl restart network
5.查看全部网卡是否配置成功:ifconfig
![在这里插入图片描述](https://www.icode9.com/i/ll/?i=20210511152007669.png?,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl81NjY2NTMyOA==,size_16,color_FFFFFF,t_70)
6.开启路由功能:vim /etc/sysctl.conf
![在这里插入图片描述](https://www.icode9.com/i/ll/?i=20210511152302559.png?,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl81NjY2NTMyOA==,size_16,color_FFFFFF,t_70)
7.重新加载内核:sysctl -p
![在这里插入图片描述](https://www.icode9.com/i/ll/?i=20210511152429703.png)
8.启动防火墙服务:systemctl start firewalld
9.将ens32移动到区域trusted:firewall-cmd --add-interface=ens32 --zone=trusted
10.将ens34移动到区域externa:firewall-cmd --add-interface=ens34 --zone=external
11.将ens35移动到区域dmz:firewall-cmd --add-interface=ens32 --zone=dmz
12.设置默认区域:firewall-cmd --set-default-zone=trusted
11.写防火墙规则:firewall-cmd --zone=external --add-icmp-block=echo-request
12.修改端口号:vim /etc/ssh/sshd_config
![在这里插入图片描述](https://www.icode9.com/i/ll/?i=2021051120035564.png)
13.启动sshd:systemctl restart sshd
14.允许TCP12345号端口通信:firewall-cmd --add-port=12345/tcp --zone=external
15.关闭系统ip地址伪装:firewall-cmd --remove-masquerade --zone=external
16.配置将192.168.100.0/24网络伪装到防火墙外网接口IP地址访问:firewall-cmd --zone=external --add-rich-rule='rule family=ipv4 source address=192.168.100.0/24 masquerade'
17.将内网服务器192.168.100.10的80端口映射到192.168.200.20的80端口上:firewall-cmd --zone=external --add-rich-rule='rule family=ipv4 destination address=192.168.200.20/32 forward-port port=80 protocol=tcp to-addr=192.168.100.10'
18.添加防火墙规则允许http协议通信:firewall-cmd --add-service=http --zone=external
**二.配置外网**
1.配置网卡:vim /etc/sysconfig/network-scripts/ifcfg-ens32
![在这里插入图片描述](https://www.icode9.com/i/ll/?i=2021051115445897.png?,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl81NjY2NTMyOA==,size_16,color_FFFFFF,t_70)
2.重启网卡:systemctl restart network
3.查看网卡是否配置成功:route -n
![在这里插入图片描述](https://www.icode9.com/i/ll/?i=20210511154716442.png)
4.挂载:mount /dev/cdrom /mnt/
5.删除自带的yum源:rm -rf /etc/yum.repos.d/CentOS-*
6.安装httpd服务:yum -y install httpd mod_ssl
yum -y install httpd ssl_mod
7.配置网站默认首页:echo "www.wan.com" > /var/www/html/index.html
8.启动httpd服务:systemctl start httpd
9.开启防火墙服务:systemctl start firewalld
10.设置默认区域:firewall-cmd --set-default-zone=external
12.将ens32移动到区域external:firewall-cmd --add-interface=ens32 --zone=external
13.拒绝ping:firewall-cmd --add-icmp-block=echo-request
14.允许https协议通信:firewall-cmd --add-service=https --zone=external
15.允许TCP443号端口通信:firewall-cmd --add-port=443/tcp --zone=external
16.修改端口号:vim /etc/ssh/sshd_config
![在这里插入图片描述](https://www.icode9.com/i/ll/?i=20210511201735172.png)
17.启动hhsd:systemctl restart sshd
18.查看是否生效:netstart -anptu | grep 12345
![在这里插入图片描述](https://www.icode9.com/i/ll/?i=2021051120210383.png)
19.允许TCP12345号端口通信:firewall-cmd --add-port=12345/tcp --zone=external
20.关闭网关:vim /etc/sysconfig/network-scripts/ifcfg-ens32
![在这里插入图片描述](https://www.icode9.com/i/ll/?i=20210511204820386.png?,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl81NjY2NTMyOA==,size_16,color_FFFFFF,t_70)
21.systemctl restart network
**三.配置dmz**
1.配置网卡:vim /etc/sysconfig/network-scripts/ifcfg-ens32
![在这里插入图片描述](https://www.icode9.com/i/ll/?i=20210511190309628.png?,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl81NjY2NTMyOA==,size_16,color_FFFFFF,t_70)
2.重启网卡:systemctl restart network
3.查看网卡是否配置成功:route -n
4.挂载:mount /dev/cdrom /mnt/
5.删除自带的yum源:rm -rf /etc/yum.repos.d/CentOS-*
6.安装httpd服务:yum -y install httpd mod_ssl
7.配置网站默认首页:echo "www.dmz.com" > /var/www/html/index.html
8.启动httpd服务:systemctl start httpd
9.开启防火墙服务:systemctl start firewalld.service
10.设置默认区域:firewall-cmd --set-default-zone=dmz
12.将ens32移动到区域dmz:firewall-cmd --add-interface=ens32 --zone=dmz
**四.配置测试机**
1.配置网卡:vim /etc/sysconfig/network-scripts/ifcfg-ens32
![在这里插入图片描述](https://www.icode9.com/i/ll/?i=20210511191920689.png?,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl81NjY2NTMyOA==,size_16,color_FFFFFF,t_70)
2.重启网卡:systemctl restart network
3.查看网卡是否配置成功:route -n
4.开启防火墙服务:systemctl start firewalld
5.设置默认区域:firewall-cmd --set-default-zone=trusted
6.将ens32移动到区域trusted:firewall-cmd --add-interface=ens32 --zone=trusted
7.挂载:mount /dev/cdrom /mnt/
8.删除自带的yum源:rm -rf /etc/yum.repos.d/CentOS-*
8.安装服务: yum -y install httpd
9.启动服务: systemctl start httpd
10配置网站默认首页.echo "www.lan.com" > /var/www/html/index.html
11.是否可以ping通:ping 192.168.200.10
![在这里插入图片描述](https://www.icode9.com/i/ll/?i=20210511192613490.png?,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl81NjY2NTMyOA==,size_16,color_FFFFFF,t_70)
**五.测试**
![在这里插入图片描述](https://www.icode9.com/i/ll/?i=20210511211625208.png?,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl81NjY2NTMyOA==,size_16,color_FFFFFF,t_70)
2.外网切换到图形界面测试:init 5
![在这里插入图片描述](https://www.icode9.com/i/ll/?i=20210511215548337.png?,type_ZmFuZ3poZW5naGVpdGk,shadow_10,text_aHR0cHM6Ly9ibG9nLmNzZG4ubmV0L3dlaXhpbl81NjY2NTMyOA==,size_16,color_FFFFFF,t_70)