生产环境中,Public IP 经常比较有限,Linux GateWay可以充分利用有限IP为更多的机器提供网络服务,也可以有意识地将某些服务器隐藏在后面,即可以主动获取网络资源,又避免被动访问,更加安全
调整内核参数 net.ipv4.ip_forward 开启转发
[root@linux-gateway ~]# grep forward /etc/sysctl.conf
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
[root@linux-gateway ~]#
sysctl -p 使其生效,然后使用 sysctl -a 来进行确认
[root@linux-gateway ~]# sysctl -a | grep forwarding
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.all.mc_forwarding = 0
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.default.mc_forwarding = 0
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.lo.mc_forwarding = 0
net.ipv4.conf.em4.forwarding = 1
net.ipv4.conf.em4.mc_forwarding = 0
net.ipv4.conf.em2.forwarding = 1
net.ipv4.conf.em2.mc_forwarding = 0
net.ipv4.conf.em3.forwarding = 1
net.ipv4.conf.em3.mc_forwarding = 0
net.ipv4.conf.em1.forwarding = 1
net.ipv4.conf.em1.mc_forwarding = 0
net.ipv6.conf.all.forwarding = 0
net.ipv6.conf.all.mc_forwarding = 0
net.ipv6.conf.default.forwarding = 0
net.ipv6.conf.default.mc_forwarding = 0
net.ipv6.conf.lo.forwarding = 0
net.ipv6.conf.lo.mc_forwarding = 0
net.ipv6.conf.em1.forwarding = 0
net.ipv6.conf.em1.mc_forwarding = 0
net.ipv6.conf.em2.forwarding = 0
net.ipv6.conf.em2.mc_forwarding = 0
net.ipv6.conf.em3.forwarding = 0
net.ipv6.conf.em3.mc_forwarding = 0
net.ipv6.conf.em4.forwarding = 0
net.ipv6.conf.em4.mc_forwarding = 0
[root@linux-gateway ~]#
本文系转载,前往查看
如有侵权,请联系 cloudcommunity@tencent.com 删除。
本文系转载,前往查看
如有侵权,请联系 cloudcommunity@tencent.com 删除。