1.修改服务器内核参数,服务器配置文件/etc/sysctl.conf修改或者添加内容如下
+ A5 W7 _; N v% u2 v- net.ipv4.ip_forward = 1( z/ W7 s4 c# Q; }
- net.ipv4.conf.default.rp_filter = 0
) j- M9 @: J6 c9 y2 a - net.ipv4.conf.all.rp_filter = 07 C3 p5 A! S; x2 I1 W" b7 X
- net.ipv4.conf.all.send_redirects = 0$ Z( Q$ Z& S+ l& P9 U
- net.ipv4.conf.default.send_redirects = 0- |( p, ^* G2 \& b! C
- net.ipv4.conf.all.accept_redirects = 0
0 O- v: X; r! q% j D6 e - net.ipv4.conf.default.accept_redirects = 0
" A4 g0 p) f. {, E - net.core.xfrm_larval_drop = 1
复制代码 8 x0 M4 o( J/ t j8 l1 ]8 G4 {
2.防火墙添加规则, L+ r$ W; f6 M: N6 Q" R* Z) s3 j
- iptables -t nat -A POSTROUTING ! -s 127.0.0.1/8 -j MASQUERADE
. W* V5 E. P- v8 Z6 k5 j; {0 d - iptables -I FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
复制代码 |