我想使用 连接到运行 Ubuntu Server 12.04 的 VPN 服务器eth0并将其输出路由到 ,eth1以便我可以将家用电脑连接到eth1。我该如何实现这一点?
答案1
假设您的服务器有一个基于 Linux 的防火墙和以下两张以太网卡:
eth1(公网IP)=============== {INTERNET}
eth0(内部网络/192.168.0.0/24)============== 192.168.0.1
tun0配置为10.8.0.1作为VPN,整个VPN网络配置为10.8.0.0/24。
在这种情况下,要使其工作,需要 iptables 规则如下:
# Allow traffic initiated from VPN to access LAN
iptables -I FORWARD -i tun0 -o eth0 \
-s 10.8.0.0/24 -d 192.168.0.0/24 \
-m conntrack --ctstate NEW -j ACCEPT
# Allow traffic initiated from VPN to access "the world"
iptables -I FORWARD -i tun0 -o eth1 \
-s 10.8.0.0/24 -m conntrack --ctstate NEW -j ACCEPT
# Allow traffic initiated from LAN to access "the world"
iptables -I FORWARD -i eth0 -o eth1 \
-s 192.168.0.0/24 -m conntrack --ctstate NEW -j ACCEPT
# Allow established traffic to pass back and forth
iptables -I FORWARD -m conntrack --ctstate RELATED,ESTABLISHED \
-j ACCEPT
# Notice that -I is used, so when listing it (iptables -vxnL) it
# will be reversed. This is intentional in this demonstration.
# Masquerade traffic from VPN to "the world" -- done in the nat table
iptables -t nat -I POSTROUTING -o eth1 \
-s 10.8.0.0/24 -j MASQUERADE
# Masquerade traffic from LAN to "the world"
iptables -t nat -I POSTROUTING -o eth1 \
-s 192.168.0.0/24 -j MASQUERADE
希望能够帮到你。