雙網卡NAT實做 - Linux

Madame · 2010-12-18

Table of Contents

Post
Comments
Related Posts

Internet--[Master router]+[DNS]-----------[ R2 ] (Public IP)
(Net_1 IP+Pubic IP) (Net_1 IP) | (Net2 IP)192.168.1.1
192.192.125.11/24 |
----------[PC1(Win 7)]
(Net_2 IP)
//目前狀況:// 192.168.1.100
(1)R2可以正常Internet， PC1不能

(2)兩台互相ping的到，
R2可ping到yahoo也可正常上網，但PC01 ping不出去

(3)檢測/etc/sysctl.conf 為0，
iptable.rule中已經有寫 "1"> ip_forward，sysctl.conf中還須設為1嗎?

(4)/etc/sysconfig/network 舊文章中有的有寫上 ipforward=yes
請問需要寫嗎?

(5)iptable.rule
http://cid-7898f3a38d05d8ab.office.live.com/self.aspx/.Public/iptables2.rule

(6)純NAT的 iptables nat prerouting rule要設定嗎0.0
==================
#<1>
#Statement
#R2
-[eth0]-140.118.1.3 (Pubic IP)
-[eth1]-192.168.1.1/24 (Net_2 IP)
#PC01
-[eth0]-192.168.1.100/24 (Net_1 IP)

#<2>
#Set
#2.1.0
#cat /etc/sysconfig/network-script/if*1 #EXTIF
DEVICE=eth0
BOOTPROTO=static
ONBOOT=yes
HWADDR=99:34:56:78:90:13
IPADDR=140.118.1.3
NETMASK=255.255.255.0
NETWORK=140.118.1.0
BROADCAST=140.118.1.255
IPV6INIT=yes
IPV6_AUTOCONF=yes

#2.1.1
#cat /etc/sysconfig/network-script/if*0 #INIF
DEVICE=eth1
BOOTPROTO=static
ONBOOT=yes
HWADDR=12:34:56:78:90:12
IPADDR=192.168.1.1
NETMASK=255.255.255.0
NETWORK=192.168.1.0
BROADCAST=192.168.1.255

#<3>
#cat /etc/sysconfig/network
NETWORKING=yes
NETWOTKING_IPV6=yes
HOSTNAME=kingofsdtw
GATWAY=192.192.125.254 #Net_1 IP

#<4>
#cat /etc/resolv.conf
nameserver 192.192.125.11 #Net_1 IP(DNS)
nameserver 192.192.125.10 #Net_1 IP(DNS2)

#<5>
#cat /etc/rc.d/rc.local
touch /var/lock/subsys/local
/usr/local/virus/iptables/iptables.rule

#<6>
#PC01_Set_win7
IP=192.168.1.100
BROADCASTS=255.255.255.0
GATWAT=192.168.1.1
DNS=""

#<7>
#嘗試除錯

#7.1
#/etc/sysctl.conf ip_forward= 0
-PC01_Set_win7 加入DNS 192.168.1.1
-ping -t 192.168.1.1 ->Yes
-ping -t 192.192.1.11 ->Yes #(Net_2)
-ping -t www.yahoo.com.tw ->Can't
-[R2] ping 192.168.1.100 ->Yes

#7.2
#/etc/sysctl.conf ip_forward= 0
-PC01_Set_win7 去除DNS
-ping -t 192.168.1.1 ->Yes
-ping -t 192.192.1.11 ->Yes #(Net_2)
-ping -t www.yahoo.com.tw ->Can't
-[R2] ping 192.168.1.100 ->Yes

可以上了0.0
#7.3
#/etc/sysctl.conf ip_forward= 0
-PC01_Set_win7 更改DNS 192.192.125.11
-ping -t 192.168.1.1 ->Yes
-ping -t 192.192.1.11 ->Yes #(Net_2)
-ping -t www.yahoo.com.tw ->Yes
-[R2] ping 192.168.1.100 ->Yes

#7.4
#/etc/sysctl.conf ip_forward= 1
-ping -t www.yahoo.com.tw ->Yes
-ping -t 192.168.1.1 ->Yes
-ping -t 192.192.1.11 ->Yes #(Net_2)
-[R2] ping 192.168.1.100 ->Yes

--

Linux