标签:proc table pac min span des receive cap curl
[root@whya ~]# ip route add default via 192.168.60.160 [root@whya ~]# ip route del default via 192.168.60.2 [root@whya ~]# ip route list default via 192.168.60.160 dev ens33 192.168.60.0/24 dev ens33 proto kernel scope link src 192.168.60.130 metric 100
[root@whyd ~]# ip addr add 172.16.1.101/24 dev ens33
打开转发功能:
[root@whyd ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
[root@whye ~]# ip addr add 172.16.1.102/24 dev ens33 [root@whye ~]# ip addr del 192.168.60.170 dev ens33
更改网卡:
[root@whye ~]# ip route add default via 172.16.1.101
[root@whye ~]# ip route del default via 192.168.60.2
root@whya ~]# ping 172.16.1.102 PING 172.16.1.102 (172.16.1.102) 56(84) bytes of data. 64 bytes from 172.16.1.102: icmp_seq=1 ttl=64 time=0.445 ms 64 bytes from 172.16.1.102: icmp_seq=2 ttl=64 time=0.290 ms 64 bytes from 172.16.1.102: icmp_seq=3 ttl=64 time=0.352 ms
[root@whye ~]# tcpdump -i ens33 -nn icmp [root@whye ~]# tcpdump -i ens33 -nn icmp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes 22:36:24.958462 IP 192.168.60.130 > 172.16.1.102: ICMP echo request, id 10102, seq 5, length 64 22:36:24.958496 IP 172.16.1.102 > 192.168.60.130: ICMP echo reply, id 10102, seq 5, length 64
[root@whyd ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
转发策略:
[root@whyd ~]# iptables -t nat -A POSTROUTING -s 192.168.60.0/24 -j SNAT --to-source 172.16.1.101 从192.168.60.0/24出来的数据包地址都改为172.16.1.101
[root@whya ~]# ping -c1 172.16.1.102 PING 172.16.1.103 (172.16.1.103) 56(84) bytes of data. 64 bytes from 172.16.1.102: icmp_seq=1 ttl=63 time=1.72 ms --- 172.16.1.102 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.726/1.726/1.726/0.000 ms
[root@whye ~]# tcpdump -i ens33 -nn icmp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes 22:39:50.413260 IP 172.16.1.101 > 172.16.1.102: ICMP echo request, id 10107, seq 1, length 64 22:39:50.413315 IP 172.16.1.102 > 172.16.1.101: ICMP echo reply, id 10107, seq 1, length 64
[root@whyd ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
设置策略:
[root@whyd ~]# iptables -t nat -A POSTROUTING -s 192.168.60.0/24 -d 172.16.1.0/24 -j MASQUERADE 从192.168.60.0/24出来到172.16.1.0/24的数据包都进行伪装
[root@whya ~]# ping -c1 172.16.1.102 PING 172.16.1.102 (172.16.1.102) 56(84) bytes of data. 64 bytes from 172.16.1.102: icmp_seq=1 ttl=63 time=1.10 ms --- 172.16.1.102 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 1.100/1.100/1.100/0.000 ms
[root@whye ~]# tcpdump -i ens33 -nn icmp tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes 23:25:13.278352 IP 172.16.1.101 > 172.16.1.102: ICMP echo request, id 10676, seq 1, length 64 23:25:13.278440 IP 172.16.1.102 > 172.16.1.101: ICMP echo reply, id 10676, seq 1, length 64
[root@whya html]# echo nihao > /var/www/html/index.html
[root@whyd ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
策略:
[root@whyd ~]# iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 192.168.60.130:80 将来在80端口的请求转到192.168.60.130:80上
[root@whya html]# cat /var/www/html/index.html nihao
[root@whye ~]# curl http://172.16.1.101 nihao
标签:proc table pac min span des receive cap curl
原文地址:https://www.cnblogs.com/MR-ws/p/11259542.html
