1.修改服务器内核参数,服务器配置文件/etc/sysctl.conf修改或者添加内容如下, F; m( z8 ~! I$ \8 F K
- net.ipv4.ip_forward = 17 A6 T- f$ M& I6 V* R& p/ d& J- z
- net.ipv4.conf.default.rp_filter = 09 A2 [3 X: J3 }+ m6 ?
- net.ipv4.conf.all.rp_filter = 0
; ]! P. _4 F3 S* ^( N( U - net.ipv4.conf.all.send_redirects = 0
& N/ q$ Q3 ` W5 ~- s5 d' Q - net.ipv4.conf.default.send_redirects = 05 z Q2 X1 Z8 f% ~; X
- net.ipv4.conf.all.accept_redirects = 0
U9 L- ^# p ]* i. b' E# h - net.ipv4.conf.default.accept_redirects = 0
2 c* A1 x' s' a% f8 h - net.core.xfrm_larval_drop = 1
, s% H& n( P5 l4 v& N6 m8 g2.防火墙添加规则
k. x- `3 p2 a1 v2 |, e' K' N/ E- iptables -t nat -A POSTROUTING ! -s 127.0.0.1/8 -j MASQUERADE* G2 P, L3 H" X9 ] m# o4 r' t
- iptables -I FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
|
发表于 2019-3-29 00:20:11