在 VirtualBox 中运行 2 个服务器。服务器 1(将作为防火墙)
$ sysctl net.ipv4.ip_forwward
net.ipv4.ip_forward = 1
$ sudo ufw status
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
Anywhere on enp0s3 ALLOW FWD Anywhere on enp0s8
Anywhere on enp0s8 ALLOW FWD Anywhere on enp0s3
Anywhere (v6) on enp0s3 ALLOW FWD Anywhere (v6) on enp0s8
Anywhere (v6) on enp0s8 ALLOW FWD Anywhere (v6) on enp0s3
服务器 2 (将作为 Web 服务器):
$ sudo ip route
default via 192.168.0.1 dev enp0s3
192.168.0.0/24 dev enp0s3 proto kernel scope link src 192.168.0.1
$ ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 192.168.0.1 icmp_seq=1 Destination Host Unreachable
服务器2可以ping通防火墙的内部和外部IP地址。