我正在CentOS 7上做一些防火墙工作。我的最终目标是基本上使服务器的内部IP地址与分配给它的浮动IP地址相同。我禁用了firewalld并安装了iptables-services。
的/ etc /红帽释放
CentOS Linux release 7.2.1511 (Core)
iptables v1.4.21
运行此脚本时,我得到了
iptables v1.4.21:未知选项“SNAT” 以及未知选项“DNAT”
我的脚本是
#!/bin/bash
PRIVIP="107.170.40.128" # e.g., assuming this is the private IP address
FLOATIP="104.196.55.167" # e.g. assuming this is the floating IP address
echo "iptables"
echo "/sbin/iptables -t nat -A PREROUTING -d ${PRIVIP}/32 -j DNAT -–to-destination ${FLOATIP}"
/sbin/iptables -t nat -A PREROUTING -d ${PRIVIP}/32 -j DNAT -–to-destination ${FLOATIP}
echo "/sbin/iptables -t nat -A POSTROUTING -s ${FLOATIP}/32 -j SNAT -–to-source ${PRIVIP}"
/sbin/iptables -t nat -A POSTROUTING -s ${FLOATIP}/32 -j SNAT -–to-source ${PRIVIP}
echo "arp"
/sbin/arp -i eth0 -Ds ${PRIVIP} eth0 netmask 255.255.255.255 pub
/sbin/arp -an
echo "sleep"
sleep 10
systemctl restart network
Centos 6中的DNAT和SNAT选项发生了什么变化?