Linux A/B/C 节点配置路由与NAT，A能够访问C

2026-04-27 22:16:51 | Linux 葵花宝典网络

B 节点的br-lan 192.168.16.789 承接了 192网
B 节点的br-wan 172.20.xx.xx 承接了 172网

C 节点在192网，C节点无需任何配置

B节点配置

root@localhost:~# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf; sysctl -p
net.ipv4.ip_forward = 1
root@localhost:~#

root@localhost:~# apk add kmod-ipt-nat
root@localhost:~#

root@localhost:~# iptables -t nat -A POSTROUTING -o br-lan -j MASQUERADE
root@localhost:~#

持久化配置

root@localhost:~# cat /etc/rc.local
# 开启转发
sysctl -w net.ipv4.ip_forward=1

# 添加 NAT 伪装
iptables -t nat -A POSTROUTING -o br-lan -j MASQUERADE

# 放行转发(默认策略是方形的话可以忽略这句)
#iptables -A FORWARD -s 172.20.6.0/24 -d 192.168.0.0/16 -j ACCEPT
root@localhost:~#

A节点配置

[root@localhost ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.20.6.254    0.0.0.0         UG    100    0        0 enp4s0f2
172.20.6.0      0.0.0.0         255.255.255.0   U     100    0        0 enp4s0f2
[root@localhost ~]#

[root@localhost ~]# ip route add 192.168.0.0/16 via 172.20.6.217
[root@localhost ~]#

[root@localhost ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         172.20.6.254    0.0.0.0         UG    100    0        0 enp4s0f2
172.20.6.0      0.0.0.0         255.255.255.0   U     100    0        0 enp4s0f2
192.168.0.0     172.20.6.217    255.255.0.0     UG    0      0        0 enp4s0f2
[root@localhost ~]#

[root@localhost ~]# ping 192.168.16.789 #B 节点
PING 192.168.16.789 (192.168.16.789) 56(84) bytes of data.
64 bytes from 192.168.16.789: icmp_seq=1 ttl=64 time=1.07 ms
64 bytes from 192.168.16.789: icmp_seq=2 ttl=64 time=0.579 ms
^C
--- 192.168.16.789 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.579/0.825/1.072/0.246 ms
[root@localhost ~]#

[root@localhost ~]# ping 192.168.666.999 #C节点
PING 192.168.666.999 (192.168.666.999) 56(84) bytes of data.
64 bytes from 192.168.666.999: icmp_seq=1 ttl=63 time=1.39 ms
64 bytes from 192.168.666.999: icmp_seq=2 ttl=63 time=0.677 ms
64 bytes from 192.168.666.999: icmp_seq=3 ttl=63 time=0.813 ms
64 bytes from 192.168.666.999: icmp_seq=4 ttl=63 time=0.804 ms
64 bytes from 192.168.666.999: icmp_seq=5 ttl=63 time=0.808 ms
^C
--- 192.168.666.999 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4009ms
rtt min/avg/max/mdev = 0.677/0.898/1.392/0.251 ms
[root@localhost ~]#

持久化配置

新版欧拉
nmcli connection modify enp4s0f2 +ipv4.routes "192.168.0.0/16 172.20.6.217"
nmcli connection up enp4s0f2

旧版 CentoS 6
[root@localhost source]# cat /etc/sysconfig/network-scripts/route-enp4s0f2
192.168.0.0/16 via  172.20.6.217
[root@localhost source]#