A机【网关】:两个网卡,一个是192.168.10.201【桥连】,另一个是172.16.20.1【仅主机模式】
sysctl -w net.ipv4.ip_forward=1
B机【内网主机】:172.16.20.2【仅主机模式】
route add default gw 172.16.20.1
C机【外网主机】:192.168.10.204桥连模式
[root@system-4 ~]# route add -net 172.16.20.0/24 gw 192.168.10.201
A机:
[root@system-1 ~]# iptables -A FORWARD -d 172.16.20.2 -p tcp –dport 80 -j ACCEPT
[root@system-1 ~]# iptables -A FORWARD -s 172.16.20.2 -p tcp –sport 80 -j ACCEPT
B机:ftp服务 http服务
A机:将转发默认设为DROP: iptables -P FORWARD DROP
设置防火墙规则:
iptables -I FORWARD -d 172.16.20.0/24 -p tcp -m multiport –dports 22,21,80 -m state –state NEW -j ACCEPT
iptables -I FORWARD -m state –state RELATED,ESTABLISHED -j ACCEPT
