6.5. IP 伪装多个内部网络

6.5.1. iptables 对多个内部 LAN 的支持

• # 2.6.x and 2.4.x kernels with IPTABLES # # The following rules build upon the rc.firewall-iptables-stronger ruleset. # Please see that ruleset in Section 6 for how all variables get set, etc. #Enable internal interfaces to communication between each other # $IPTABLES -A FORWARD -i $EXTIF -o $INTIF2 -m state --state ESTABLISHED,RELATED \ -j ACCEPT $IPTABLES -A FORWARD -i $INTIF -o $INTIF2 -m state --state ESTABLISHED,RELATED \ -j ACCEPT $IPTABLES -A FORWARD -i $INTIF2 -o $INTIF -m state --state ESTABLISHED,RELATED \ -j ACCEPT $IPTABLES -t nat -A POSTROUTING -o $EXTIF -j SNAT --to $EXTIP

6.5.2. ipchains 对多个内部 LAN 的支持

• # 2.2.x kernels with IPCHAINS # # The following rules build upon the rc.firewall-ipchains-stronger ruleset. # Please see that ruleset in Section 6 for how all variables get set, etc. #Enable internal interfaces to communication between each other $IPCHAINS -A forward -i eth1 -d 192.168.0.0/24 -j ACCEPT $IPCHAINS -A forward -i eth2 -d 192.168.1.0/24 -j ACCEPT #Enable internal interfaces to MASQ out to the Internet $IPCHAINS -A forward -j MASQ -i eth0 -s 192.168.0.0/24 -d 0.0.0.0/0 $IPCHAINS -A forward -j MASQ -i eth0 -s 192.168.1.0/24 -d 0.0.0.0/0

6.5.3. ipfwadm 对多个内部 LAN 的支持

• # 2.0.x kernels with IPFWADM # # The following rules build upon the rc.firewall-ipfwadm-stronger ruleset. # Please see that ruleset in Section 6 for how all variables get set, etc. #Enable internal interfaces to communication between each other /sbin/ipfwadm -F -a accept -V 192.168.0.1 -D 192.168.1.0/24 /sbin/ipfwadm -F -a accept -V 192.168.1.1 -D 192.168.0.0/24 #Enable internal interfaces to MASQ out to the Internet /sbin/ipfwadm -F -a masq -W eth0 -S 192.168.0.0/24 -D 0.0.0.0/0 /sbin/ipfwadm -F -a masq -W eth0 -S 192.168.1.0/24 -D 0.0.0.0/0

请注意，在上面显示的示例中多次指定 "eth0" 是正确的。原因是 Linux 内核需要知道哪个接口用于传出流量。由于在上面的示例中 eth0 是互联网连接，因此为每个内部接口都列出了它。