1.ETH0--LAN
[root@server ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
HWADDR=00:XX:XX:00:97:XX
ONBOOT=yes
TYPE=Ethernet
BOOTPROTO=none
IPADDR=192.168.0.254
NETMASK=255.255.255.0
2.EHT1--WAN
[root@server ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
HWADDR=00:XX:XX:00:97:XX
ONBOOT=yes
BOOTPROTO=none
TYPE=Ethernet
IPADDR=58.240.XX.IP
NETMASK=255.255.255.240
GATEWAY=58.240.XX.GW
3.sysctl
[root@server ~]# cat /etc/sysctl.conf
# Kernel sysctl configuration file for Red Hat Linux
#
# For binary values, 0 is disabled, 1 is enabled. See sysctl(8) and
# sysctl.conf(5) for more details.
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
... ...
[root@server ~]# sysctl -p
net.ipv4.ip_forward = 1
4.SNAT
[root@server ~]# iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth1 -j SNAT --to 58.240.XX.IP
or
[root@server ~]# iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE
保存SNAT配置:
[root@server ~]# /etc/init.d/iptables save
[root@server ~]# cat /etc/sysconfig/iptables
# Generated by iptables-save v1.4.7 on Fri Mar 30 14:10:34 2012
*filter
:INPUT ACCEPT [19774:1796237]
:FORWARD ACCEPT [2088:205908]
:OUTPUT ACCEPT [4335:25558058]
COMMIT
# Completed on Fri Mar 30 14:10:34 2012
# Generated by iptables-save v1.4.7 on Fri Mar 30 14:10:34 2012
*nat
:PREROUTING ACCEPT [152787:30285172]
:POSTROUTING ACCEPT [4:236]
:OUTPUT ACCEPT [9:586]
#-A POSTROUTING -s 192.168.0.0/24 -o eth1 -j SNAT --to 58.240.XX.IP
-A POSTROUTING -o eth1 -j MASQUERADE
COMMIT
# Completed on Fri Mar 30 14:10:34 2012
打完,收工。