CentOS Router和Iptables实现

Linux Route :eth0 172.16.0.1

                         eth1 60.59.58.1

 

Intranet windows 172.16.0.100 ,172.16.0.101 netmask 255.255.255.0  gateway 172.16.0.1

Extranet windows 60.59.58.100 ,60.59.58.200 netmask 255.255.255.0 gateway 60.59.58.1

 

Intranet 机器可以访问所有Externet机器，Extranet 只有60.59.58.100能访问Intranet 172.16.0.100 的80和8080端口。

 

Linux配置如下：

 

双网卡 eth0 ：172.16.0.1、eth1：60.59.58.1

 

#echo “1” > /proc/sys/net/ipv4/ip_forward

#iptables –F 

#iptables –X

#iptables –P FORWARD DROP

#iptables –A FORWARD –m state –state ESTABLISHED,RELATED –j ACCEPT

#iptables –A FORWARD –s 172.16.0.0/24 –j ACCEPT

#iptables –A FORWARD –s 60.59.58.100 –d 172.16.0.100 –p tcp –dport 80 –j ACCEPT

#iptables –A FORWARD –s 60.59.58.100 –d 172.16.0.100 –p tcp –dport 8080 –j ACCEPT

#iptables-save >/etc/sysconfig/iptables