1.修改服务器内核参数,服务器配置文件/etc/sysctl.conf修改或者添加内容如下
* k- ?! {( W. Y/ Y9 _- net.ipv4.ip_forward = 12 h: {3 C% |; W7 E7 ~: }
- net.ipv4.conf.default.rp_filter = 0
! ^( b& s$ ~6 y- F. c5 J+ \ - net.ipv4.conf.all.rp_filter = 0, n8 T( W0 C* ^5 M1 j& o
- net.ipv4.conf.all.send_redirects = 0" ~: o$ E. S) d. H
- net.ipv4.conf.default.send_redirects = 05 K" D) S4 B9 _9 s. `* }5 o/ J
- net.ipv4.conf.all.accept_redirects = 0
, p9 V y+ v. }9 ~5 q' a - net.ipv4.conf.default.accept_redirects = 0 S* F/ ]; z. x4 \6 c
- net.core.xfrm_larval_drop = 1
复制代码
) q, _5 v: h' _2.防火墙添加规则
* _ p# O3 R8 k, f f ?- iptables -t nat -A POSTROUTING ! -s 127.0.0.1/8 -j MASQUERADE
+ d# A; p' ~. S' g& J% ]/ [" P - iptables -I FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
复制代码 |