代码拉取完成,页面将自动刷新
#!/bin/bash
# setup NAT gate service
# Run this on master node,
# Point the default gateway to master IP address on all slave nodes
# All slave nodes can access internet.
# You are happy to run yum -y update, etc.
## LAN, private interface
## LANNET, private network
## WAN, public interface
## set interface name first.
LAN="enp4s0"
WAN="enp3s0"
LANNET="192.168.110.0/24"
### Do not edit the following contents.
export LAN WAN LANNET
### Flush the original rules
/sbin/iptables -F
/sbin/iptables -X
/sbin/iptables -Z
/sbin/iptables -F -t nat
/sbin/iptables -X -t nat
/sbin/iptables -Z -t nat
### load modules
modprobe ip_tables > /dev/null 2>&1
modprobe iptable_nat > /dev/null 2>&1
modprobe ip_nat_ftp > /dev/null 2>&1
modprobe ip_nat_irc > /dev/null 2>&1
modprobe ipt_mark > /dev/null 2>&1
modprobe ip_conntrack > /dev/null 2>&1
modprobe ip_conntrack_ftp > /dev/null 2>&1
modprobe ip_conntrack_irc > /dev/null 2>&1
modprobe ipt_MASQUERADE > /dev/null 2>&1
### enable the client to use VPN service
modprobe ip_nat_pptp > /dev/null 2>&1
modprobe ip_nat_proto_gre > /dev/null 2>&1
modprobe ip_conntrack_pptp > /dev/null 2>&1
modprobe ip_nat_ftp > /dev/null 2>&1
# Set Default Rules
/sbin/iptables -P INPUT ACCEPT
/sbin/iptables -P OUTPUT ACCEPT
/sbin/iptables -P FORWARD ACCEPT
/sbin/iptables -t nat -P PREROUTING ACCEPT
/sbin/iptables -t nat -P POSTROUTING ACCEPT
/sbin/iptables -t nat -P OUTPUT ACCEPT
### Accept ping test
iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type echo-reply -j ACCEPT
### For NAT Gateway
# Starting NAT Server
echo "1" > /proc/sys/net/ipv4/ip_forward
# Stop NAT immediately
#echo "0" > /proc/sys/net/ipv4/ip_forward
# POSTROUTE NAT Client
/sbin/iptables -t nat -A POSTROUTING -s $LANNET -o $WAN -j MASQUERADE
# the following two lines Enable iptables work in High Efficiency
/sbin/iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
# 5 may be useful for some sites,
# configure the MTU value.
iptables -A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -m tcpmss \
--mss 1400:1536 -j TCPMSS --clamp-mss-to-pmtu
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手