1.修改服务器内核参数,服务器配置文件/etc/sysctl.conf修改或者添加内容如下! O3 ?, D o7 X/ I2 V" y& [# p: P
- net.ipv4.ip_forward = 1
6 R$ `+ N6 q6 m1 x# Q# _ - net.ipv4.conf.default.rp_filter = 0$ p# V' H9 ]# f* l. C! K
- net.ipv4.conf.all.rp_filter = 0
( b, [, x9 C# y0 r# a - net.ipv4.conf.all.send_redirects = 0- d3 f- g! o- ~$ q
- net.ipv4.conf.default.send_redirects = 0
$ C7 i' Q% t% d4 L0 j# y, T% a - net.ipv4.conf.all.accept_redirects = 02 }* Y8 z% H# \! H
- net.ipv4.conf.default.accept_redirects = 0
( y1 ]& G# N9 j. Q$ Z# b8 Q - net.core.xfrm_larval_drop = 1
4 O0 L- @( g2 l' u2.防火墙添加规则4 d+ j3 T/ ?, e4 I
- iptables -t nat -A POSTROUTING ! -s 127.0.0.1/8 -j MASQUERADE' w" v2 V' P J
- iptables -I FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
|
发表于 2019-3-29 00:20:11