1.修改服务器内核参数,服务器配置文件/etc/sysctl.conf修改或者添加内容如下9 G2 z. l+ T- ?9 h
- net.ipv4.ip_forward = 19 o2 l. C) v& E) P% ]5 K
- net.ipv4.conf.default.rp_filter = 0( q( W% ]& y0 X* w5 f
- net.ipv4.conf.all.rp_filter = 0, F) Q( a2 d8 `( I5 ~- N
- net.ipv4.conf.all.send_redirects = 0& S$ f$ e6 y* X, d/ Y
- net.ipv4.conf.default.send_redirects = 0* `' e5 J2 R% P# E8 H. }9 s
- net.ipv4.conf.all.accept_redirects = 0
+ {9 A# V/ S. R4 r - net.ipv4.conf.default.accept_redirects = 0
+ q& d1 G, z1 \; k0 J3 o% |5 k! | - net.core.xfrm_larval_drop = 1
' V" {1 z k) G' x, O2.防火墙添加规则
7 |+ }7 q" M) g- iptables -t nat -A POSTROUTING ! -s 127.0.0.1/8 -j MASQUERADE3 y% H' y* p% R
- iptables -I FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
|
发表于 2019-3-29 00:20:11