1.修改服务器内核参数,服务器配置文件/etc/sysctl.conf修改或者添加内容如下 d- y9 A) Y* T2 T" _4 {; [4 S
- net.ipv4.ip_forward = 1; Q1 P2 B% A+ `; X, D7 L& R
- net.ipv4.conf.default.rp_filter = 0% Z \5 t8 M- V) {% O1 m6 b0 j
- net.ipv4.conf.all.rp_filter = 0% z" S! O0 ~, y$ i4 _. l* R6 \! g
- net.ipv4.conf.all.send_redirects = 0
8 k( h! ], r, `4 y5 w8 R8 N( W& S - net.ipv4.conf.default.send_redirects = 0
K/ ~3 {3 _# N+ a% Z - net.ipv4.conf.all.accept_redirects = 0& {$ `1 Z) R5 Q t5 h9 ]* D
- net.ipv4.conf.default.accept_redirects = 01 j! ?' a* l; y. m x6 w1 i
- net.core.xfrm_larval_drop = 1
复制代码 & u$ B) `0 {0 {& O" Z
2.防火墙添加规则+ s5 w; T& j# @( Z/ w4 ?7 z; _" Z
- iptables -t nat -A POSTROUTING ! -s 127.0.0.1/8 -j MASQUERADE5 o' E6 ?5 Q6 d' j8 z
- iptables -I FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
复制代码 |