1.修改服务器内核参数,服务器配置文件/etc/sysctl.conf修改或者添加内容如下
9 i7 m2 T: Z# m* w+ P( K- net.ipv4.ip_forward = 1
: ~ e) J8 n, A a) j - net.ipv4.conf.default.rp_filter = 0
; k/ J8 c! p& [' v& { Y) B+ y; W - net.ipv4.conf.all.rp_filter = 0
& P, O6 b* [6 l3 F4 k - net.ipv4.conf.all.send_redirects = 0
0 O* z E% F/ m( ]% g+ b9 v$ j7 m - net.ipv4.conf.default.send_redirects = 0
5 x% t* P( |, y# v: Z1 \$ R - net.ipv4.conf.all.accept_redirects = 0
6 p: ?/ U# G6 {1 p/ N3 ], ] - net.ipv4.conf.default.accept_redirects = 0
: E0 S) w: C' X/ g% f - net.core.xfrm_larval_drop = 1
, q' s7 E$ E/ K& I n; q1 z, S0 u2.防火墙添加规则1 Y) t( o; w( K H' Y% U
- iptables -t nat -A POSTROUTING ! -s 127.0.0.1/8 -j MASQUERADE* p( T2 G& u7 R
- iptables -I FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
|
发表于 2019-3-29 00:20:11