1.修改服务器内核参数,服务器配置文件/etc/sysctl.conf修改或者添加内容如下, r1 M4 V0 a, o3 b6 G( H# W
- net.ipv4.ip_forward = 10 x# _, X0 S5 N% G
- net.ipv4.conf.default.rp_filter = 0, @7 M. L3 l+ p3 i. d- w7 s/ p
- net.ipv4.conf.all.rp_filter = 0, G6 q$ `+ n8 f ?
- net.ipv4.conf.all.send_redirects = 0, _/ F, K0 m A+ w1 N2 i4 ?
- net.ipv4.conf.default.send_redirects = 0
0 W( G) w. P$ d$ i' t - net.ipv4.conf.all.accept_redirects = 0; A W/ ^+ i9 t, u+ o! ~
- net.ipv4.conf.default.accept_redirects = 0! F: e: s! W. j6 @8 O0 b6 `
- net.core.xfrm_larval_drop = 1
2.防火墙添加规则" h$ D7 @9 h/ J$ V( o5 V
- iptables -t nat -A POSTROUTING ! -s 127.0.0.1/8 -j MASQUERADE
6 a( ^+ K; G3 g. F6 z: G, \ - iptables -I FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
|
发表于 2019-3-29 00:20:11