1、通过firewall-cmd
中的masquerade进行伪装
1)前提:真机的防火墙要开启
[root@foundation8 kiosk]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: active (running) since Sat 2018-01-27 15:48:51 CST; 20s ago
Docs: man:firewalld(1)
Main PID: 4677 (firewalld)
CGroup: /system.slice/firewalld.service
└─4677 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
Jan 27 15:48:50 foundation8.ilt.example.com systemd[1]: Starting firewalld - ...
Jan 27 15:48:51 foundation8.ilt.example.com systemd[1]: Started firewalld - d...
Hint: Some lines were ellipsized, use -l to show in full.
2)用firewall-cmd --list-all
查看火墙服务状态
[root@foundation8 kiosk]# firewall-cmd --list-all
trusted (active)
target: ACCEPT
icmp-block-inversion: no
interfaces: br0 enp1s0 wlp2s0
sources:
services: ftp
ports:
protocols:
masquerade: yes //此处为yes才okay!!!
forward-ports:
sourceports:
icmp-blocks:
rich rules:
rule family="ipv4" source address="192.168.1.100" masquerade
如果显示的是masquerade: no
,那么需要执行下面的命令,显示success
则表示添加成功~
firewall-cmd --permanent --add-masquerade
目前只是开启了masquerade模式,需要更加详细的指定其工作方式:
firewall-cmd --permanent --add-rich-rule='rule family=ipv4 source address=x.x.x.x masquerade'
//此处添加的IP(x.x.x.x)是可上网的IP,比如某个热点
重新启动火墙,便会出现最上面,我们看到的yes
状态
3)配置需要上网的虚拟机
虚拟机只需要注意三个地方:
- 与真机在同一网段
-