我有一个 pptp 服务器,它在成功认证后向每个用户分配一个本地 IP。这些 IP 在 10.1.1.2-10.1.1.254 范围内。这一切都正常,但是我有一组 128 个公共 IP,我想将它们与这些 IP 一起使用,这样当它们在互联网上显示时,它们就会有不同的公共 IP(或者每 2 个私有 IP 至少有 1 个公共 IP)。
我没有在 IPTables 中添加 MASQUERADE,因为这会使我的观点落空,因此我添加了一些 POSTROUTING 来分配 IP,但这不起作用,您能告诉我为什么吗?
这是我在 IPTABLES 中的路由:
iptables -t nat -A POSTROUTING -s 10.1.1.2 -o enp2s0f0 -j SNAT --to-source 111.222.62.131
iptables -t nat -A POSTROUTING -s 10.1.1.3 -o enp2s0f0 -j SNAT --to-source 111.222.62.131
iptables -t nat -A POSTROUTING -s 10.1.1.4 -o enp2s0f0 -j SNAT --to-source 111.222.62.132
iptables -t nat -A POSTROUTING -s 10.1.1.5 -o enp2s0f0 -j SNAT --to-source 111.222.62.132
如您所见,我正在成对共享公共 IP 和私有 IP。问题是有些 IP 可以正常连接到 pptp 服务器,但无法路由到互联网,而其他 IP 可以正常连接并路由。
以下是 iptables -t nat -L -v -n 的输出:
Chain PREROUTING (policy ACCEPT 1152K packets, 91M bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 350K packets, 22M bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 26973 packets, 1619K bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 26975 packets, 1619K bytes)
pkts bytes target prot opt in out source destination
303 43577 SNAT all -- * enp2s0f0 10.1.1.2 0.0.0.0/0 to:111.222.62.131
43696 2901K SNAT all -- * enp2s0f0 10.1.1.3 0.0.0.0/0 to:111.222.62.131
209K 15M SNAT all -- * enp2s0f0 10.1.1.4 0.0.0.0/0 to:111.222.62.132
642K 41M SNAT all -- * enp2s0f0 10.1.1.5 0.0.0.0/0 to:111.222.62.132
545K 56M SNAT all -- * enp2s0f0 10.1.1.6 0.0.0.0/0 to:111.222.62.133
330K 20M SNAT all -- * enp2s0f0 10.1.1.7 0.0.0.0/0 to:111.222.62.133
528K 38M SNAT all -- * enp2s0f0 10.1.1.8 0.0.0.0/0 to:111.222.62.134
0 0 SNAT all -- * enp2s0f0 10.1.1.10 0.0.0.0/0 to:111.222.62.135
128K 7713K SNAT all -- * enp2s0f0 10.1.1.11 0.0.0.0/0 to:111.222.62.135
46652 3366K SNAT all -- * enp2s0f0 10.1.1.12 0.0.0.0/0 to:111.222.62.136
110K 7777K SNAT all -- * enp2s0f0 10.1.1.14 0.0.0.0/0 to:111.222.62.137
164K 16M SNAT all -- * enp2s0f0 10.1.1.16 0.0.0.0/0 to:111.222.62.138
0 0 SNAT all -- * enp2s0f0 10.1.1.17 0.0.0.0/0 to:111.222.62.138
172K 18M SNAT all -- * enp2s0f0 10.1.1.18 0.0.0.0/0 to:111.222.62.139
1010 66407 SNAT all -- * enp2s0f0 10.1.1.19 0.0.0.0/0 to:111.222.62.139
170K 11M SNAT all -- * enp2s0f0 10.1.1.20 0.0.0.0/0 to:111.222.62.140
128K 9770K SNAT all -- * enp2s0f0 10.1.1.22 0.0.0.0/0 to:111.222.62.141
389K 26M SNAT all -- * enp2s0f0 10.1.1.23 0.0.0.0/0 to:111.222.62.141
261K 26M SNAT all -- * enp2s0f0 10.1.1.24 0.0.0.0/0 to:111.222.62.142
480K 34M SNAT all -- * enp2s0f0 10.1.1.25 0.0.0.0/0 to:111.222.62.142
256K 16M SNAT all -- * enp2s0f0 10.1.1.26 0.0.0.0/0 to:111.222.62.143
19186 1278K SNAT all -- * enp2s0f0 10.1.1.27 0.0.0.0/0 to:111.222.62.143
507K 32M SNAT all -- * enp2s0f0 10.1.1.28 0.0.0.0/0 to:111.222.62.144
19871 1261K SNAT all -- * enp2s0f0 10.1.1.29 0.0.0.0/0 to:111.222.62.144
295K 19M SNAT all -- * enp2s0f0 10.1.1.30 0.0.0.0/0 to:111.222.62.145
0 0 SNAT all -- * enp2s0f0 10.1.1.31 0.0.0.0/0 to:111.222.62.145
3721 278K SNAT all -- * enp2s0f0 10.1.1.32 0.0.0.0/0 to:111.222.62.146
0 0 SNAT all -- * enp2s0f0 10.1.1.33 0.0.0.0/0 to:111.222.62.146
515K 32M SNAT all -- * enp2s0f0 10.1.1.34 0.0.0.0/0 to:111.222.62.147
41889 3145K SNAT all -- * enp2s0f0 10.1.1.35 0.0.0.0/0 to:111.222.62.147
630K 45M SNAT all -- * enp2s0f0 10.1.1.36 0.0.0.0/0 to:111.222.62.148
131K 13M SNAT all -- * enp2s0f0 10.1.1.38 0.0.0.0/0 to:111.222.62.149
275K 18M SNAT all -- * enp2s0f0 10.1.1.39 0.0.0.0/0 to:111.222.62.149
0 0 SNAT all -- * enp2s0f0 10.1.1.40 0.0.0.0/0 to:111.222.62.150
118K 7865K SNAT all -- * enp2s0f0 10.1.1.41 0.0.0.0/0 to:111.222.62.150
589K 48M SNAT all -- * enp2s0f0 10.1.1.42 0.0.0.0/0 to:111.222.62.151
16463 1175K SNAT all -- * enp2s0f0 10.1.1.43 0.0.0.0/0 to:111.222.62.151
58869 4170K SNAT all -- * enp2s0f0 10.1.1.44 0.0.0.0/0 to:111.222.62.152
31771 2058K SNAT all -- * enp2s0f0 10.1.1.45 0.0.0.0/0 to:111.222.62.152
167K 15M SNAT all -- * enp2s0f0 10.1.1.47 0.0.0.0/0 to:111.222.62.153
0 0 SNAT all -- * enp2s0f0 10.1.1.48 0.0.0.0/0 to:111.222.62.154
5316 360K SNAT all -- * enp2s0f0 10.1.1.49 0.0.0.0/0 to:111.222.62.154
98939 6896K SNAT all -- * enp2s0f0 10.1.1.50 0.0.0.0/0 to:111.222.62.155
790K 69M SNAT all -- * enp2s0f0 10.1.1.51 0.0.0.0/0 to:111.222.62.155
64745 4131K SNAT all -- * enp2s0f0 10.1.1.52 0.0.0.0/0 to:111.222.62.156
89317 6077K SNAT all -- * enp2s0f0 10.1.1.53 0.0.0.0/0 to:111.222.62.156
251K 18M SNAT all -- * enp2s0f0 10.1.1.54 0.0.0.0/0 to:111.222.62.157
0 0 SNAT all -- * enp2s0f0 10.1.1.55 0.0.0.0/0 to:111.222.62.157
24222 2088K SNAT all -- * enp2s0f0 10.1.1.56 0.0.0.0/0 to:111.222.62.158
127K 8505K SNAT all -- * enp2s0f0 10.1.1.57 0.0.0.0/0 to:111.222.62.158
400K 27M SNAT all -- * enp2s0f0 10.1.1.58 0.0.0.0/0 to:111.222.62.159
0 0 SNAT all -- * enp2s0f0 10.1.1.59 0.0.0.0/0 to:111.222.62.159
313K 21M SNAT all -- * enp2s0f0 10.1.1.60 0.0.0.0/0 to:111.222.62.160
37024 2416K SNAT all -- * enp2s0f0 10.1.1.62 0.0.0.0/0 to:111.222.62.161
54308 3610K SNAT all -- * enp2s0f0 10.1.1.63 0.0.0.0/0 to:111.222.62.161
0 0 SNAT all -- * enp2s0f0 10.1.1.64 0.0.0.0/0 to:111.222.62.162
420K 26M SNAT all -- * enp2s0f0 10.1.1.65 0.0.0.0/0 to:111.222.62.162
93274 8624K SNAT all -- * enp2s0f0 10.1.1.66 0.0.0.0/0 to:111.222.62.163
207K 14M SNAT all -- * enp2s0f0 10.1.1.67 0.0.0.0/0 to:111.222.62.163
103K 6942K SNAT all -- * enp2s0f0 10.1.1.68 0.0.0.0/0 to:111.222.62.164
234K 20M SNAT all -- * enp2s0f0 10.1.1.69 0.0.0.0/0 to:111.222.62.164
130K 8657K SNAT all -- * enp2s0f0 10.1.1.70 0.0.0.0/0 to:111.222.62.165
0 0 SNAT all -- * enp2s0f0 10.1.1.71 0.0.0.0/0 to:111.222.62.165
36398 3140K SNAT all -- * enp2s0f0 10.1.1.73 0.0.0.0/0 to:111.222.62.166
97306 15M SNAT all -- * enp2s0f0 10.1.1.74 0.0.0.0/0 to:111.222.62.167
2275 143K SNAT all -- * enp2s0f0 10.1.1.75 0.0.0.0/0 to:111.222.62.167
404K 35M SNAT all -- * enp2s0f0 10.1.1.76 0.0.0.0/0 to:111.222.62.168
32052 2056K SNAT all -- * enp2s0f0 10.1.1.77 0.0.0.0/0 to:111.222.62.168
28211 2045K SNAT all -- * enp2s0f0 10.1.1.78 0.0.0.0/0 to:111.222.62.169
54749 3809K SNAT all -- * enp2s0f0 10.1.1.80 0.0.0.0/0 to:111.222.62.170
786 52297 SNAT all -- * enp2s0f0 10.1.1.81 0.0.0.0/0 to:111.222.62.170
27780 1898K SNAT all -- * enp2s0f0 10.1.1.82 0.0.0.0/0 to:111.222.62.171
195K 13M SNAT all -- * enp2s0f0 10.1.1.83 0.0.0.0/0 to:111.222.62.171
1466 97841 SNAT all -- * enp2s0f0 10.1.1.84 0.0.0.0/0 to:111.222.62.172
0 0 SNAT all -- * enp2s0f0 10.1.1.85 0.0.0.0/0 to:111.222.62.172
22968 1526K SNAT all -- * enp2s0f0 10.1.1.86 0.0.0.0/0 to:111.222.62.173
56645 3705K SNAT all -- * enp2s0f0 10.1.1.87 0.0.0.0/0 to:111.222.62.173
13654 1125K SNAT all -- * enp2s0f0 10.1.1.88 0.0.0.0/0 to:111.222.62.174
148K 9979K SNAT all -- * enp2s0f0 10.1.1.89 0.0.0.0/0 to:111.222.62.174
514K 94M SNAT all -- * enp2s0f0 10.1.1.90 0.0.0.0/0 to:111.222.62.175
18243 1235K SNAT all -- * enp2s0f0 10.1.1.91 0.0.0.0/0 to:111.222.62.175
30617 2214K SNAT all -- * enp2s0f0 10.1.1.92 0.0.0.0/0 to:111.222.62.176
0 0 SNAT all -- * enp2s0f0 10.1.1.93 0.0.0.0/0 to:111.222.62.176
31116 2061K SNAT all -- * enp2s0f0 10.1.1.94 0.0.0.0/0 to:111.222.62.177
74 4974 SNAT all -- * enp2s0f0 10.1.1.95 0.0.0.0/0 to:111.222.62.177
3482 215K SNAT all -- * enp2s0f0 10.1.1.96 0.0.0.0/0 to:111.222.62.178
90743 5996K SNAT all -- * enp2s0f0 10.1.1.97 0.0.0.0/0 to:111.222.62.178
0 0 SNAT all -- * enp2s0f0 10.1.1.98 0.0.0.0/0 to:111.222.62.179
91806 5965K SNAT all -- * enp2s0f0 10.1.1.99 0.0.0.0/0 to:111.222.62.179
4243 287K SNAT all -- * enp2s0f0 10.1.1.100 0.0.0.0/0 to:111.222.62.180
10963 711K SNAT all -- * enp2s0f0 10.1.1.101 0.0.0.0/0 to:111.222.62.180
0 0 SNAT all -- * enp2s0f0 10.1.1.102 0.0.0.0/0 to:111.222.62.181
373K 23M SNAT all -- * enp2s0f0 10.1.1.104 0.0.0.0/0 to:111.222.62.182
120K 7599K SNAT all -- * enp2s0f0 10.1.1.105 0.0.0.0/0 to:111.222.62.182
224K 15M SNAT all -- * enp2s0f0 10.1.1.106 0.0.0.0/0 to:111.222.62.183
6730 434K SNAT all -- * enp2s0f0 10.1.1.107 0.0.0.0/0 to:111.222.62.183
7337 473K SNAT all -- * enp2s0f0 10.1.1.108 0.0.0.0/0 to:111.222.62.184
4096 328K SNAT all -- * enp2s0f0 10.1.1.109 0.0.0.0/0 to:111.222.62.184
1326K 125M SNAT all -- * enp2s0f0 10.1.1.110 0.0.0.0/0 to:111.222.62.185
0 0 SNAT all -- * enp2s0f0 10.1.1.111 0.0.0.0/0 to:111.222.62.185
96620 6447K SNAT all -- * enp2s0f0 10.1.1.112 0.0.0.0/0 to:111.222.62.186
528K 34M SNAT all -- * enp2s0f0 10.1.1.113 0.0.0.0/0 to:111.222.62.186
0 0 SNAT all -- * enp2s0f0 10.1.1.114 0.0.0.0/0 to:111.222.62.187
2247 149K SNAT all -- * enp2s0f0 10.1.1.115 0.0.0.0/0 to:111.222.62.187
....
355K 31M SNAT all -- * enp2s0f0 10.1.1.204 0.0.0.0/0 to:111.222.62.232
157K 11M SNAT all -- * enp2s0f0 10.1.1.205 0.0.0.0/0 to:111.222.62.232
0 0 SNAT all -- * enp2s0f0 10.1.1.206 0.0.0.0/0 to:111.222.62.233
244K 16M SNAT all -- * enp2s0f0 10.1.1.207 0.0.0.0/0 to:111.222.62.233
37067 2526K SNAT all -- * enp2s0f0 10.1.1.208 0.0.0.0/0 to:111.222.62.234
322K 19M SNAT all -- * enp2s0f0 10.1.1.209 0.0.0.0/0 to:111.222.62.234
506K 32M SNAT all -- * enp2s0f0 10.1.1.210 0.0.0.0/0 to:111.222.62.235
899K 78M SNAT all -- * enp2s0f0 10.1.1.211 0.0.0.0/0 to:111.222.62.235
422K 26M SNAT all -- * enp2s0f0 10.1.1.212 0.0.0.0/0 to:111.222.62.236
0 0 SNAT all -- * enp2s0f0 10.1.1.213 0.0.0.0/0 to:111.222.62.236
431K 28M SNAT all -- * enp2s0f0 10.1.1.215 0.0.0.0/0 to:111.222.62.237
839K 75M SNAT all -- * enp2s0f0 10.1.1.216 0.0.0.0/0 to:111.222.62.238
673K 43M SNAT all -- * enp2s0f0 10.1.1.217 0.0.0.0/0 to:111.222.62.238
571K 40M SNAT all -- * enp2s0f0 10.1.1.218 0.0.0.0/0 to:111.222.62.239
293K 23M SNAT all -- * enp2s0f0 10.1.1.219 0.0.0.0/0 to:111.222.62.239
582K 37M SNAT all -- * enp2s0f0 10.1.1.220 0.0.0.0/0 to:111.222.62.240
0 0 SNAT all -- * enp2s0f0 10.1.1.221 0.0.0.0/0 to:111.222.62.240
0 0 SNAT all -- * enp2s0f0 10.1.1.222 0.0.0.0/0 to:111.222.62.241
11039 758K SNAT all -- * enp2s0f0 10.1.1.223 0.0.0.0/0 to:111.222.62.241
106K 7021K SNAT all -- * enp2s0f0 10.1.1.224 0.0.0.0/0 to:111.222.62.242
0 0 SNAT all -- * enp2s0f0 10.1.1.225 0.0.0.0/0 to:111.222.62.242
391K 24M SNAT all -- * enp2s0f0 10.1.1.226 0.0.0.0/0 to:111.222.62.243
588K 37M SNAT all -- * enp2s0f0 10.1.1.227 0.0.0.0/0 to:111.222.62.243
427K 27M SNAT all -- * enp2s0f0 10.1.1.228 0.0.0.0/0 to:111.222.62.244
315K 20M SNAT all -- * enp2s0f0 10.1.1.229 0.0.0.0/0 to:111.222.62.244
28029 2421K SNAT all -- * enp2s0f0 10.1.1.230 0.0.0.0/0 to:111.222.62.245
0 0 SNAT all -- * enp2s0f0 10.1.1.231 0.0.0.0/0 to:111.222.62.245
0 0 SNAT all -- * enp2s0f0 10.1.1.232 0.0.0.0/0 to:111.222.62.246
0 0 SNAT all -- * enp2s0f0 10.1.1.233 0.0.0.0/0 to:111.222.62.246
0 0 SNAT all -- * enp2s0f0 10.1.1.234 0.0.0.0/0 to:111.222.62.247
0 0 SNAT all -- * enp2s0f0 10.1.1.235 0.0.0.0/0 to:111.222.62.247
0 0 SNAT all -- * enp2s0f0 10.1.1.236 0.0.0.0/0 to:111.222.62.248
0 0 SNAT all -- * enp2s0f0 10.1.1.237 0.0.0.0/0 to:111.222.62.248
0 0 SNAT all -- * enp2s0f0 10.1.1.238 0.0.0.0/0 to:111.222.62.249
0 0 SNAT all -- * enp2s0f0 10.1.1.239 0.0.0.0/0 to:111.222.62.249
0 0 SNAT all -- * enp2s0f0 10.1.1.240 0.0.0.0/0 to:111.222.62.250
0 0 SNAT all -- * enp2s0f0 10.1.1.241 0.0.0.0/0 to:111.222.62.250
0 0 SNAT all -- * enp2s0f0 10.1.1.242 0.0.0.0/0 to:111.222.62.251
0 0 SNAT all -- * enp2s0f0 10.1.1.243 0.0.0.0/0 to:111.222.62.251
0 0 SNAT all -- * enp2s0f0 10.1.1.244 0.0.0.0/0 to:111.222.62.252
0 0 SNAT all -- * enp2s0f0 10.1.1.245 0.0.0.0/0 to:111.222.62.252
0 0 SNAT all -- * enp2s0f0 10.1.1.246 0.0.0.0/0 to:111.222.62.253
0 0 SNAT all -- * enp2s0f0 10.1.1.247 0.0.0.0/0 to:111.222.62.253
0 0 SNAT all -- * enp2s0f0 10.1.1.248 0.0.0.0/0 to:111.222.62.254
0 0 SNAT all -- * enp2s0f0 10.1.1.249 0.0.0.0/0 to:111.222.62.254
1416 155K SNAT all -- * enp2s0f0 10.1.1.79 0.0.0.0/0 to:111.222.62.169
2178 266K SNAT all -- * enp2s0f0 10.1.1.72 0.0.0.0/0 to:111.222.62.166
1745 224K SNAT all -- * enp2s0f0 10.1.1.132 0.0.0.0/0 to:111.222.62.196
351 66601 SNAT all -- * enp2s0f0 10.1.1.61 0.0.0.0/0 to:111.222.62.160
22542 1519K SNAT all -- * enp2s0f0 10.1.1.37 0.0.0.0/0 to:111.222.62.148
2528 248K SNAT all -- * enp2s0f0 10.1.1.190 0.0.0.0/0 to:111.222.62.225
50795 3156K SNAT all -- * enp2s0f0 10.1.1.214 0.0.0.0/0 to:111.222.62.237
8893 688K SNAT all -- * enp2s0f0 10.1.1.15 0.0.0.0/0 to:111.222.62.137
2262 308K SNAT all -- * enp2s0f0 10.1.1.188 0.0.0.0/0 to:111.222.62.224
27080 1630K SNAT all -- * enp2s0f0 10.1.1.157 0.0.0.0/0 to:111.222.62.208
41620 2742K SNAT all -- * enp2s0f0 10.1.1.127 0.0.0.0/0 to:111.222.62.193
170 10545 SNAT all -- * enp2s0f0 10.1.1.46 0.0.0.0/0 to:111.222.62.153
0 0 SNAT all -- * enp2s0f0 10.1.1.124 0.0.0.0/0 to:111.222.62.192
11838 3173K SNAT all -- * enp2s0f0 10.1.1.21 0.0.0.0/0 to:111.222.62.140
59117 3942K SNAT all -- * enp2s0f0 10.1.1.103 0.0.0.0/0 to:111.222.62.181
154K 16M SNAT all -- * enp2s0f0 10.1.1.176 0.0.0.0/0 to:111.222.62.218
407 29599 SNAT all -- * enp2s0f0 10.1.1.13 0.0.0.0/0 to:111.222.62.136
2666 223K SNAT all -- * enp2s0f0 10.1.1.9 0.0.0.0/0 to:111.222.62.134
从 iptables -L FORWARD -v -n 开始:
Chain FORWARD (policy ACCEPT 9052M packets, 10T bytes)
pkts bytes target prot opt in out source destination
28M 53G ACCEPT all -- enp2s0f0 ppp0 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
27M 3429M ACCEPT all -- ppp0 enp2s0f0 0.0.0.0/0 0.0.0.0/0
来自 ip rule ls && ip route ls
0: from all lookup local
32766: from all lookup main
32767: from all lookup default
default via 111.222.62.129 dev enp2s0f0 onlink
10.1.1.4 dev ppp135 proto kernel scope link src 10.1.1.0
10.1.1.5 dev ppp14 proto kernel scope link src 10.1.1.0
10.1.1.6 dev ppp117 proto kernel scope link src 10.1.1.0
10.1.1.7 dev ppp60 proto kernel scope link src 10.1.1.0
10.1.1.8 dev ppp99 proto kernel scope link src 10.1.1.0
10.1.1.9 dev ppp92 proto kernel scope link src 10.1.1.0
10.1.1.11 dev ppp179 proto kernel scope link src 10.1.1.0
10.1.1.13 dev ppp143 proto kernel scope link src 10.1.1.0
10.1.1.14 dev ppp42 proto kernel scope link src 10.1.1.0
10.1.1.15 dev ppp164 proto kernel scope link src 10.1.1.0
10.1.1.16 dev ppp17 proto kernel scope link src 10.1.1.0
10.1.1.18 dev ppp82 proto kernel scope link src 10.1.1.0
10.1.1.19 dev ppp63 proto kernel scope link src 10.1.1.0
10.1.1.20 dev ppp153 proto kernel scope link src 10.1.1.0
10.1.1.21 dev ppp1 proto kernel scope link src 10.1.1.0
10.1.1.22 dev ppp155 proto kernel scope link src 10.1.1.0
10.1.1.23 dev ppp134 proto kernel scope link src 10.1.1.0
10.1.1.25 dev ppp88 proto kernel scope link src 10.1.1.0
10.1.1.26 dev ppp56 proto kernel scope link src 10.1.1.0
10.1.1.27 dev ppp75 proto kernel scope link src 10.1.1.0
10.1.1.28 dev ppp160 proto kernel scope link src 10.1.1.0
10.1.1.29 dev ppp171 proto kernel scope link src 10.1.1.0
10.1.1.30 dev ppp59 proto kernel scope link src 10.1.1.0
10.1.1.32 dev ppp13 proto kernel scope link src 10.1.1.0
10.1.1.34 dev ppp36 proto kernel scope link src 10.1.1.0
10.1.1.35 dev ppp146 proto kernel scope link src 10.1.1.0
10.1.1.36 dev ppp18 proto kernel scope link src 10.1.1.0
10.1.1.37 dev ppp103 proto kernel scope link src 10.1.1.0
10.1.1.37 dev ppp37 proto kernel scope link src 10.1.1.0
10.1.1.38 dev ppp104 proto kernel scope link src 10.1.1.0
10.1.1.39 dev ppp23 proto kernel scope link src 10.1.1.0
10.1.1.41 dev ppp31 proto kernel scope link src 10.1.1.0
10.1.1.42 dev ppp158 proto kernel scope link src 10.1.1.0
10.1.1.43 dev ppp121 proto kernel scope link src 10.1.1.0
10.1.1.44 dev ppp132 proto kernel scope link src 10.1.1.0
10.1.1.46 dev ppp138 proto kernel scope link src 10.1.1.0
10.1.1.47 dev ppp79 proto kernel scope link src 10.1.1.0
10.1.1.49 dev ppp61 proto kernel scope link src 10.1.1.0
10.1.1.50 dev ppp87 proto kernel scope link src 10.1.1.0
10.1.1.51 dev ppp46 proto kernel scope link src 10.1.1.0
10.1.1.52 dev ppp167 proto kernel scope link src 10.1.1.0
10.1.1.53 dev ppp166 proto kernel scope link src 10.1.1.0
10.1.1.54 dev ppp20 proto kernel scope link src 10.1.1.0
10.1.1.56 dev ppp93 proto kernel scope link src 10.1.1.0
10.1.1.57 dev ppp118 proto kernel scope link src 10.1.1.0
10.1.1.58 dev ppp24 proto kernel scope link src 10.1.1.0
10.1.1.60 dev ppp29 proto kernel scope link src 10.1.1.0
10.1.1.62 dev ppp52 proto kernel scope link src 10.1.1.0
10.1.1.63 dev ppp26 proto kernel scope link src 10.1.1.0
10.1.1.65 dev ppp89 proto kernel scope link src 10.1.1.0
10.1.1.66 dev ppp125 proto kernel scope link src 10.1.1.0
10.1.1.67 dev ppp147 proto kernel scope link src 10.1.1.0
10.1.1.68 dev ppp165 proto kernel scope link src 10.1.1.0
10.1.1.69 dev ppp112 proto kernel scope link src 10.1.1.0
10.1.1.70 dev ppp107 proto kernel scope link src 10.1.1.0
10.1.1.73 dev ppp115 proto kernel scope link src 10.1.1.0
10.1.1.73 dev ppp96 proto kernel scope link src 10.1.1.0
10.1.1.74 dev ppp130 proto kernel scope link src 10.1.1.0
10.1.1.75 dev ppp19 proto kernel scope link src 10.1.1.0
10.1.1.76 dev ppp3 proto kernel scope link src 10.1.1.0
10.1.1.77 dev ppp172 proto kernel scope link src 10.1.1.0
10.1.1.78 dev ppp184 proto kernel scope link src 10.1.1.0
10.1.1.80 dev ppp141 proto kernel scope link src 10.1.1.0
10.1.1.81 dev ppp149 proto kernel scope link src 10.1.1.0
10.1.1.82 dev ppp188 proto kernel scope link src 10.1.1.0
10.1.1.83 dev ppp15 proto kernel scope link src 10.1.1.0
....
111.222.62.128/25 dev enp2s0f0 proto kernel scope link src 111.222.62.130
答案1
正如我现在看到的,从您的详细更新来看,很可能您没有在本地网络接口上分配这些 IP。您只添加了111.222.62.130在您的服务器上。为了使 Linux S(ource)NAT 正常工作,您必须将要 NAT 到的每个 IP 地址 (--to-source) 实际添加到您的网络接口上。
检查ip address help
如何为接口分配其他 IP。您必须ip address add 111.222.62.X dev enp2s0f0
为每个要使用 SNAT 的 IP 发出此命令。编写脚本来填充这些值会很方便。
请注意,一旦您在本地接口上添加这些 IP,您的服务器就会通过它们“暴露”到互联网。您可以使用 iptables INPUT 表来阻止到这些 IP 的不需要的本地连接。本地是指仅到您的服务器。通过 NAT 的那些仅受 FORWARD 表的约束。
附言:如果不是这种情况,还请检查并发布您的ip addr ls
。