iptables -P INPUT ACCEPT\niptables -P FORWARD ACCEPT\niptables -t nat -A POSTROUTING -o br-lan -j MASQUERADE<\/p>\n

\u4e00\u822c\u63d2\u4e0a\u7f51\u5361\u540e\u7528ubuntu\u81ea\u5e26\u7684\u7f51\u7edc\u5de5\u5177\u5c31\u53ef\u4ee5\u914d\u7f6eIP\uff0c\u6bd4\u5982static\u6216\u8005DHCP\u4e4b\u7c7b\uff0c\u4e0d\u9700\u8981\u624b\u5de5\u4fee\u6539interfaces\u6587\u4ef6\u7684\u3002<\/p>\n

\u63d2\u4e0a\u7f51\u7ebf\u540e\u8bbe\u7f6e\u597d\u5bf9\u5e94\u7f51\u5361\u7684IP\uff0c\u5c31\u80fd\u628a\u5ba2\u6237\u673a\u548c\u53cc\u7f51\u5361\u4e3b\u673a\u4e92\u76f8ping\u901a\uff0c\u5982\u679cping\u4e0d\u901a\uff0c\u9996\u5148\u68c0\u67e5\u662f\u5426\u5b89\u88c5\u9632\u706b\u5899\uff0c\u7136\u540e\u68c0\u6d4b\u7f51\u7ebf\u4ee5\u53ca\u63a5\u53e3\u3002<\/p>\n

\u73b0\u5728\u4e3b\u8981\u95ee\u9898\u662f\u5982\u4f55\u5171\u4eab\u4e0a\u7f51\uff0c\u65b9\u6cd5\u5982\u4e0b\uff1a<\/p>\n

1\u3001\u4fee\u6539\/etc\/rc.local\u6587\u4ef6\uff0c\u5728\u5176\u4e2d\u6dfb\u52a0<\/p>\n

iptables -F\niptables -P INPUT ACCEPT\niptables -P FORWARD ACCEPT\niptables -t nat -I POSTROUTING -s 192.168.0.0\/24 -o eth0 -j MASQUERADE<\/p>\n

\u7b2c\u4e00\u53e5\u662f\u6e05\u9664\u6389\u4e4b\u524d\u6240\u6709\u7684iptables\u89c4\u5219,\u6839\u636e\u81ea\u5df1\u7684\u9700\u8981\u5427,\u5982\u679c\u6709\u91cd\u8981\u7684\u8def\u7531\u89c4\u5219\u6700\u597d\u4e0d\u8981\u6e05\u9664<\/p>\n

\u7b2c\u4e8c\u7b2c\u4e09\u53e5\u662f\u5141\u8bb8\u63a5\u6536\u548c\u53d1\u9001\u6570\u636e\u5305\uff0c<\/p>\n

\u7b2c\u56db\u53e5\u662f\u5728eth0\u7f51\u53e3\u4e0aNAT\u3002\u6ce8\u610f\uff0c\u8981\u5728\u6709\u5916\u90e8IP\u7684\u7f51\u53e3\u4e0a\u505aNAT\u3002<\/p>\n

2\u3001\u4fee\u6539\/etc\/sysctl.conf\uff0c\u5728\u6587\u4ef6\u4e2d\u52a0\u4e0a\u4e0b\u9762\u4e00\u884c\uff1a net.ipv4.ip_forward= 1\uff0c\u8fd9\u91cc\u5c31\u662f\u5f00\u542fNAT\u30021\u8868\u793a\u8f6c\u53d1\uff0c\u5982\u679c\u8bbe\u7f6e\u4e3a0\u7684\u8bdd\u5c31\u662f\u4e0d\u8f6c\u53d1\u3002<\/p>\n

reboot\u540e\u5148\u8fde\u901a\u5916\u7f51\uff0c\u7136\u540e\u8bd5\u4e00\u4e0b\u5ba2\u6237\u673a\u4e0a\u5916\u7f51\uff0c\u5e94\u8be5\u5c31\u53ef\u4ee5\u4e86\u3002<\/p>\n

\u7981\u7528IPV6, \u5728 \/etc\/sysctl.conf \u589e\u52a0\u4e0b\u9762\u51e0\u884c\uff0c\u5e76\u91cd\u542f\u3002<\/p>\n

<\/div>\n

#disable IPv6<\/div>\n

net.ipv6.conf.all.disable_ipv6 = 1<\/div>\n

<\/div>\n

net.ipv6.conf.default.disable_ipv6 = 1<\/div>\n

net.ipv6.conf.lo.disable_ipv6 = 1<\/div>\n

<\/div>\n

<\/div>\n\n

other way.<\/span><\/div>\n

\/etc\/network\/interfaces<\/h3>\nFirst you need to configure eth0 and eth1 for Skyray. Edit the file and make sure it has at least the following settings (or whatever settings are appropriate for your environment).\n\n

sudo vim \/etc\/network\/interfaces<\/code>\nauto lo\niface lo inet loopback\n\nauto eth0\niface eth0 inet static\n    address 10.20.30.77\n    netmask 255.255.255.0\n    gateway 10.20.30.1\n    network 10.20.30.0\n    broadcast 10.20.30.255\n    dns-nameservers 10.20.30.15 10.20.30.16\n    dns-search codeghar.com<\/span>\n\nauto eth1\niface eth1 inet static\n    address 172.22.22.1\n    netmask 255.255.255.0\n    network 172.22.22.0\n    broadcast 172.22.22.255\n<\/pre>\n\/etc\/sysctl.conf<\/h3>\nYou need to enable IPv4 forwarding. To do so, edit this file.\n\nsudo vim \/etc\/sysctl.conf<\/code>\n\nAnd uncomment the line\n# net.ipv4.ip_forward=1<\/span><\/pre>\nso that it now appears as\nnet.ipv4.ip_forward=1<\/span><\/pre>\nSave the file and run the following command to make the change effective without a reboot.\n\nsudo sysctl -w net.ipv4.ip_forward=1<\/code>\n\/etc\/rc.local<\/h3>\nYou\u2019ll need to allow iptables rules for NAT to work. Edit the file and save it.\n\nsudo vim \/etc\/rc.local<\/code>\n\nMake sure the following two lines appear before the exit 0<\/code> line in the file.\n\/sbin\/iptables -P FORWARD ACCEPT\n\/sbin\/iptables --table nat -A POSTROUTING -o eth0 -j MASQUERADE<\/pre>\nTo make these iptables rules active without rebooting, run the following commands:\n\nsudo iptables -P FORWARD ACCEPT<\/code>\n\nsudo iptables –-table nat -A POSTROUTING -o eth0 -j MASQUERADE<\/code>\nInstall DHCP server<\/h3>\nsudo aptitude install isc-dhcp-server<\/code>\n\/etc\/dhcp\/dhcpd.conf<\/h3>\nConfigure your newly installed DHCP server. Edit the file and save.\n\nsudo vim \/etc\/dhcp\/dhcpd.conf<\/code>\n\nThe file is very well commented and you can learn a lot reading it. Just make sure it has at least the following configuration.\nddns-update-style none;\n\n# option definitions common to all supported networks...\noption domain-name \"codeghar.com<\/span>\";\noption domain-name-servers 10.20.30.15, 10.20.30.16;\n\ndefault-lease-time 3600;\nmax-lease-time 7200;\n\n# If this DHCP server is the official DHCP server for the local\n# network, the authoritative directive should be uncommented.\nauthoritative;\n\n# Use this to send dhcp log messages to a different log file (you also\n# have to hack syslog.conf<\/span> to complete the redirection).\nlog-facility local7;\n\n# This is a very basic subnet declaration.\n\nsubnet 172.22.22.0 netmask 255.255.255.0 {\n  range 172.22.22.21 172.22.22.250;\n  option subnet-mask 255.255.255.0;\n  option broadcast-address 172.22.22.255;\n  option routers 172.22.22.1;\n}\n<\/pre>\n\/etc\/default\/isc-dhcp-server<\/h3>\nWe want to serve DHCP only on eth1 interface to we need to configure it that way. Edit the file and save it.\n\nsudo vim \/etc\/default\/isc-dhcp-server<\/code>\n\nThe line will look like this before you change it\nINTERFACES=\"\"<\/pre>\nAnd after you change it, it will look like this:\nINTERFACES=\"eth1\"<\/pre>\nNow you should stop and start the DHCP server.\n\nsudo service isc-dhcp-server stop<\/code> (if the service is already running; skip if it\u2019s not running)\n\nsudo service isc-dhcp-server start<\/code>\nConclusion<\/h3>\nNow any machines you have on the 172.22.22.0\/24 network will get their IP address from Skyray if they are set to DHCP. And Skyray will also serve as their gateway.\n\n<\/div>","protected":false},"excerpt":{"rendered":"iptables -P INPUT ACCEPT iptables -P FORWARD ACCEPT iptables -t nat -A POSTROUTING -o br-lan -j MASQ...<\/p>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[332,7,333,334],"class_list":["post-950","post","type-post","status-publish","format-standard","hentry","category-linux","tag-route","tag-ubuntu","tag-333","tag-334"],"_links":{"self":[{"href":"https:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/posts\/950","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/comments?post=950"}],"version-history":[{"count":8,"href":"https:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/posts\/950\/revisions"}],"predecessor-version":[{"id":2597,"href":"https:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/posts\/950\/revisions\/2597"}],"wp:attachment":[{"href":"https:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/media?parent=950"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/categories?post=950"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/tags?post=950"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}