网关问题，按部就班都不行？

gushiqun · 发表于 2006-4-7 12:29:59

实验室服务器为DELL，双网卡
设置如下：
1）eth0 IP222.28.55.80，子网掩码255.255.255.0网关222.28.55.1
2）eth1 IP192.168.0.1，子网掩码255.255.255.0
3）修改安全级别，信任网卡
4）echo 1> /proc/sys/net/ipv4/ip_forward来启动系统的IP
转发功能
5）iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j MASQUERADE

下面的机子能PING通192.068.0.1和222.28.55.80，但PING不通222.28.55.1，不能上网

服务器可PING通222.28.55.1
高手请指点谜经，感激不尽！

shuanglinux · 发表于 2006-4-7 12:33:07

DNS设置了吗？

hew · 发表于 2006-4-7 12:34:37

看看route

btw 固定IP 的话还是用snat 比较好。

dannycat · 发表于 2006-4-7 12:48:14

检查有没有现存的其他 iptables 规则

gushiqun · 发表于 2006-4-7 12:48:56

DNS设过了
请指点SNAT 是什么，怎么设？谢谢

hew · 发表于 2006-4-7 12:51:01

iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j SNAT --to 222.28.55.80

iptabes -L 什么结果？

gushiqun · 发表于 2006-4-7 12:53:15

网关真的这么难吗，我以前用上述方法成功过，重装系统后就不行了，急

Bluedata · 发表于 2006-4-7 12:55:17

iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth0 -j SNAT --to 222.28.55.80

iptabes -L 什么结果？

gushiqun · 发表于 2006-4-7 12:58:50

target    prot opt source             destination
RH-Firewall-1-INPUT  all  --  anywhere          anywhere

Chain FORWARD (policy ACCEPT)
target    prot opt source             destination
RH-Firewall-1-INPUT  all  --  anywhere          anywhere

Chain OUTPUT (policy ACCEPT)
target    prot opt source             destination

Chain RH-Firewall-1-INPUT (2 references)
target    prot opt source             destination
ACCEPT    all  --  anywhere          anywhere
ACCEPT    all  --  anywhere          anywhere
ACCEPT    all  --  anywhere          anywhere
ACCEPT    all  --  anywhere          anywhere
ACCEPT    icmp --  anywhere          anywhere          icmp any
ACCEPT    ipv6-crypt--  anywhere          anywhere
ACCEPT    ipv6-auth--  anywhere          anywhere
ACCEPT    udp  --  anywhere          224.0.0.251       udp dpt:5353
ACCEPT    udp  --  anywhere          anywhere          udp dpt:ipp
ACCEPT    all  --  anywhere          anywhere          state RELATED,ESTAB
LISHED
ACCEPT    tcp  --  anywhere          anywhere          state NEW tcp dpt:h
ttp
ACCEPT    tcp  --  anywhere          anywhere          state NEW tcp dpt:h
ttps
ACCEPT    tcp  --  anywhere          anywhere          state NEW tcp dpt:f
tp
ACCEPT    tcp  --  anywhere          anywhere          state NEW tcp dpt:s
sh
ACCEPT    tcp  --  anywhere          anywhere          state NEW tcp dpt:s
mtp
REJECT    all  --  anywhere          anywhere          reject-with icmp-ho
st-prohibited

gushiqun · 发表于 2006-4-7 13:06:33

[root@localhost ~]# iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target    prot opt source             destination

Chain POSTROUTING (policy ACCEPT)
target    prot opt source             destination
MASQUERADE  all  --  192.168.0.0/24    0.0.0.0/0
SNAT    all  --  192.168.0.0/24    0.0.0.0/0          to:222.28.55.80

Chain OUTPUT (policy ACCEPT)
target    prot opt source             destination

gushiqun · 发表于 2006-4-7 13:08:42

[quote:6cab5e98c8="gushiqun"][root@localhost ~]# iptables -t nat -L -n
Chain PREROUTING (policy ACCEPT)
target    prot opt source             destination

Chain POSTROUTING (policy ACCEPT)
target    prot opt source             destination
MASQUERADE  all  --  192.168.0.0/24    0.0.0.0/0
SNAT    all  --  192.168.0.0/24    0.0.0.0/0          to:222.28.55.80

Chain OUTPUT (policy ACCEPT)
target    prot opt source             destination[/quote]
这是iptables -t nat -L -n的结果

sccdyuebo · 发表于 2006-4-7 14:19:57

用netstat -r 看看你的route呢

gushiqun · 发表于 2006-4-7 15:13:23

[root@localhost ~]# netstat -r
Kernel IP routing table
Destination    Gateway       Genmask       Flags MSS Window  irtt Iface
222.28.55.0    *             255.255.255.0 U       0 0       0 eth0
192.168.0.0    *             255.255.255.0 U       0 0       0 eth1
169.254.0.0    *             255.255.0.0    U       0 0       0 eth1
default       222.28.55.1    0.0.0.0       UG       0 0       0 eth0
[root@localhost ~]#

shuanglinux · 发表于 2006-4-7 18:34:39

晕哟，没看出什么问题呀！希望高手帮他解决。我也好学习一下。

		自动登录	找回密码
密码			注册