1.修改服务器内核参数,服务器配置文件/etc/sysctl.conf修改或者添加内容如下
, B; R" m7 _. N- i2 H- net.ipv4.ip_forward = 1
3 B; x8 E% d- s) Y( o) h# _ - net.ipv4.conf.default.rp_filter = 0 B' H8 E" N$ Q9 \1 o! @) j# ^6 R
- net.ipv4.conf.all.rp_filter = 0
$ \8 H' C' ^. _) N) ^! u - net.ipv4.conf.all.send_redirects = 0# X1 n7 h. ?8 J8 Q" M: o
- net.ipv4.conf.default.send_redirects = 0/ b# o3 y6 |: U1 `9 l$ K$ t
- net.ipv4.conf.all.accept_redirects = 0
5 U3 @7 ?- W( e/ R1 V4 ~/ E - net.ipv4.conf.default.accept_redirects = 0
, [, X5 @) z [' ?) p/ o - net.core.xfrm_larval_drop = 1
复制代码 ( K3 S, L1 @! k4 O G7 V+ t
2.防火墙添加规则' I) K8 B2 C. s, `9 U/ L
- iptables -t nat -A POSTROUTING ! -s 127.0.0.1/8 -j MASQUERADE
* J$ j6 K" E; W1 `) {8 B5 w - iptables -I FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
复制代码 |