1.修改服务器内核参数,服务器配置文件/etc/sysctl.conf修改或者添加内容如下" F! t3 f! J" }+ }
- net.ipv4.ip_forward = 1. V& o" N& f* u/ |' @
- net.ipv4.conf.default.rp_filter = 05 _% C8 W; d- d7 Z( m
- net.ipv4.conf.all.rp_filter = 0
9 \4 I* l7 k7 o8 h' k6 ? - net.ipv4.conf.all.send_redirects = 0
" ~, a5 g" l: {* s$ h5 C - net.ipv4.conf.default.send_redirects = 0
" Z. h# [# @2 P- ] - net.ipv4.conf.all.accept_redirects = 0
' F) ]* B5 j* O% W% [1 @ - net.ipv4.conf.default.accept_redirects = 0
/ H' h$ \) ?; Q( P - net.core.xfrm_larval_drop = 1
2.防火墙添加规则- X7 @2 w8 u1 t" g; t( b
- iptables -t nat -A POSTROUTING ! -s 127.0.0.1/8 -j MASQUERADE
3 A# ^0 ]' x' T& o/ W* Z- ?& H6 Q - iptables -I FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
|
发表于 2019-3-29 00:20:11