實體IP 虛擬IP
11.22.33.01 192.168.1.10
11.22.33.02 192.168.1.11
11.22.33.03 192.168.1.12
設定大概就這個樣子:(vlan1是否為WAN Bridge、public ip mask是否為29,請自行修改)
/usr/sbin/ip addr add 11.22.33.01/29 dev vlan1
/usr/sbin/ip addr add 11.22.33.02/29 dev vlan1
/usr/sbin/ip addr add 11.22.33.03/29 dev vlan1
/usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s 192.168.1.10 -j SNAT --to 11.22.33.01
/usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s 192.168.1.11 -j SNAT --to 11.22.33.02
/usr/sbin/iptables -t nat -I POSTROUTING 1 -p all -s 192.168.1.12 -j SNAT --to 11.22.33.03
/usr/sbin/iptables -t nat -I PREROUTING -d 11.22.33.01 -j DNAT --to-destination 192.168.1.10
/usr/sbin/iptables -t nat -I PREROUTING -d 11.22.33.02 -j DNAT --to-destination 192.168.1.11
/usr/sbin/iptables -t nat -I PREROUTING -d 11.22.33.03 -j DNAT --to-destination 192.168.1.12
然後貼在firewall script,再設定一下 port forwarding,完成。
沒有留言:
張貼留言