Ubuntu 16.04 端口转发问题 2 x NIC

tag-icon tag-icon routing
Ubuntu 16.04 端口转发问题 2 x NIC

我正在尝试在我们的路由器和 Windows AD 网络之间设置网关/防火墙!我已遵循了网络上的许多说明和教程,但我仍然缺少一些东西,因为我无法从内部网络(Windows)获得 INTERNET 访问权限以通过 Linus Box!

盒子里有 2 个以太网适配器...两者都有静态 IP,因为网络的两侧都是使用此配置设置的。

Internal NIC enp3s0 ...11.0.0.2 (255.255.255.0)
External NIC enp2s0 ...10.0.0.3 (255.255.255.0)

Some things i can do! 

1) I can... from the internal network ping any of those IP's Above! enp3s0 is directly attached to the internal network and enp2s0 is INTERNET facing (DSL Router)

Here is some more info! 

Any pointers will be much appreciated !

enp2s0    Link  encap:Ethernet   HWaddr  c4:12:f5:31:84:40  
          inet  addr:10.0.0.3   Bcast:10.0.0.255   Mask:255.255.255.0
          inet6  addr:  fe80::cd1a:d428:fd52:1ad2/64  Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:13371 errors:0 dropped:0 overruns:0 frame:0
          TX packets:13400 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:7781316 (7.7 MB)  TX bytes:1791327 (1.7 MB)

enp3s0    Link  encap:Ethernet   HWaddr  00:30:67:2d:27:18  
          inet  addr:11.0.0.2   Bcast:11.0.0.255   Mask:255.255.255.0
          inet6  addr:  fe80::d24b:38b2:cb59:4e3f/64  Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:870 errors:0 dropped:0 overruns:0 frame:0
          TX packets:190 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:63526 (63.5 KB)  TX bytes:15403 (15.4 KB)

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:3239 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3239 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1 
          RX bytes:375798 (375.7 KB)  TX bytes:375798 (375.7 KB)

-----------------------------------------------------------------------------

Kernel IP routing table

Destination      Gateway          Genmask          Flags Metric Ref     Use  Iface

0.0.0.0          10.0.0.2         0.0.0.0          UG     100     0         0  enp2s0

0.0.0.0          10.0.0.3         0.0.0.0          UG     101     0         0  enp3s0

10.0.0.0         0.0.0.0          255.255.255.0    U      100     0         0  enp2s0

10.0.0.3         0.0.0.0          255.255.255.255  UH     100     0         0  enp3s0

11.0.0.0         0.0.0.0          255.255.255.0    U      100     0         0  enp3s0

169.254.0.0      0.0.0.0          255.255.0.0      U      1000    0         0  enp2s0

答案1

您必须运行此命令才能通过 路由数据包从内部网络到外部接口iptables

iptables -t nat -A POSTROUTING -s 11.0.0.0/24 -o enp2s0 -j MASQUERADE

也打开/etc/sysctl.conf
更改net.ipv4.ip_forward=0net.ipv4.ip_forward=1

然后输入此命令:

sysctl -p

相关内容