环境准备:
A公司
cs1:
eth0:192.168.110.150 gw 192.168.110.47
cs2:
eth0:192.168.110.47
eth1:192.168.130.226
B公司
cs3:
eth1:192.168.130.239
eth0:192.168.120.105
cs4:
eth0:192.168.120.119 gw 192.168.120.105
服务
A公司提供了一个web服务www.sina.com
B公司提供了一个web服务www.baidu.com
操作:
cs2:
yum install -y iptables-services
iptables -F
iptables -X
iptables -Z
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
iptables -P INPUT DROP
iptables -A INPUT -s 192.168.110.0/24 -j ACCEPT
iptables -A OUTPUT -d 192.168.110.0/24 -j ACCEPT
iptables -A FORWARD -s 192.168.110.150 -p tcp --dport 80 -j ACCEPT
iptables -A FORWARD -i eth1 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.110.0/24 -p tcp --dport 80 -j SNAT --to 192.168.130.226
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.110.150
iptables-save > /etc/sysconfig/iptables
systemctl restart iptables
cs3:
yum install -y iptables-services
iptables -F
iptables -X
iptables -Z
iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A OUTPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -P FORWARD DROP
iptables -P OUTPUT DROP
iptables -P INPUT DROP
iptables -A INPUT -s 192.168.120.0/24 -j ACCEPT
iptables -A OUTPUT -d 192.168.120.0/24 -j ACCEPT
iptables -A FORWARD -s 192.168.120.119 -p tcp --dport 80 -j ACCEPT
iptables -A FORWARD -i eth1 -p tcp --dport 80 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.120.0/24 -p tcp --dport 80 -j SNAT --to 192.168.130.239
iptables -t nat -A PREROUTING -i eth1 -p tcp --dport 80 -j DNAT --to 192.168.120.119
iptables-save > /etc/sysconfig/iptables
systemctl restart iptables
cs1:
yum isntall -y httpd
echo "hello,this is A,www.sina.com" > /var/www/html/index.html
systemctl restart httpd
cs2:
yum isntall -y httpd
echo "hello,this is B,www.baidu.com" > /var/www/html/index.html
systemctl restart httpd
测试:
cs1/cs2:
curl 192.168.110.150(A公司)
curl 192.168.130.239(B公司)
cs3/cs4:
curl 192.168.120.119(B公司)
curl 192.168.130.226(A公司)