1.修改服务器内核参数,服务器配置文件/etc/sysctl.conf修改或者添加内容如下
: N4 H6 K c! k$ v! z! ?0 ]; F- net.ipv4.ip_forward = 1# }/ |2 A3 M. e$ l; `3 \
- net.ipv4.conf.default.rp_filter = 02 M' d" Y3 [1 I: ?2 s+ l
- net.ipv4.conf.all.rp_filter = 0
, ?3 P7 h0 i5 B, r! n - net.ipv4.conf.all.send_redirects = 06 n* `- M6 W8 r" Z* L7 T; ~7 o
- net.ipv4.conf.default.send_redirects = 00 n# N' y0 k' e+ G% c+ |# Q
- net.ipv4.conf.all.accept_redirects = 0
, M% ~! d2 v4 L5 C8 H/ U - net.ipv4.conf.default.accept_redirects = 0# P+ {/ d: Y- U7 x4 t( p# X
- net.core.xfrm_larval_drop = 1
2 p5 E" e5 s# ~; T. d0 g2.防火墙添加规则
: A1 c# j/ B( m( H7 r: j7 P- iptables -t nat -A POSTROUTING ! -s 127.0.0.1/8 -j MASQUERADE5 f( o3 W, `. B' c0 t( E8 R) p% u2 W
- iptables -I FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
|
发表于 2019-3-29 00:20:11