我构建了本地服务器群集。
server2 eth0 IP:168.168.1.2
Gateway: 168.168.1.1
NETMASK: 255.255.0.0
server3: eth0 IP: 168.168.1.3
Gateway: 168.168.1.1
NETMASK: 255.255.0.0
server1: eth0 IP: 168.168.1.1
eth0:1 IP x.x.x.x(provided by ISP)
GATWWAY x.x.x.x(provided by ISP)
我想将server1构建为子网的网关。 我可以成功访问server1上的公共网络。但是,它在server2上失败了。我在server1上运行以下命令
#iptables -t nat -F
#iptables -t nat -A POSTROUTING -s 168.168.0.0/16 -o eth0:1 -j MASQUERADE
#iptables -t nat -A POSTROUTING -o eth0:1 -j MASQUERADE
#iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
#iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain LOGGING (0 references)
target prot opt source destination
在server2上
#ping 173.194.127.240
PING 173.194.127.240 (173.194.127.240) 56(84) bytes of data.
From 168.168.1.1: icmp_seq=2 Redirect Host(New nexthop: x.x.x.x(ISP gateway))
From 168.168.1.1: icmp_seq=3 Redirect Host(New nexthop: x.x.x.x(ISP gateway))
From 168.168.1.1: icmp_seq=4 Redirect Host(New nexthop: x.x.x.x(ISP gateway))
--- 173.194.127.240 ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5950ms
我在server1上的配置出了什么问题。我应该如何使用iptables配置网关?非常感谢
答案 0 :(得分:0)
在同一界面上同时使用LAN和WAN IP地址并非最佳做法。我建议为您的WAN连接安装新的NIC(例如eth1)。您的配置看起来很好,只需在安装新网卡后使用eth1代替eth0:1。