Configure the routing environment first:
a machine: only need to bridge the network card, as an external network. ip:172.17.252.227
Add route record route add default GW 172.17.123.224
B Machine: router, two network cards have, as a firewall. ip:172.17.123.224 192.168.199.138
To turn on the forwarding function:
Echo 1 >/proc/sys/net/ipv4/ip_forward
or vim/etc/sysctl.conf.
Net.ipv4.ip_forward=1
Sysctl-p
C machine: only need to host network card, as the intranet. ip:192.168.199.142
adding Route records route add default GW 192.168.199.138
Add rules to the firewall (c machine):
Iptables-a forward-s 192.168.199.142-d 172.17.0.0/16-m State--state New-j accept a new connection to the extranet allows forwarding
Iptables-a forward-m State--state Established-j Accept allows established connections
Iptables-a forward-j REJECT reject all other
The effect: The extranet cannot access the intranet, but the intranet can access the extranet
A machine:
650) this.width=650; "src=" https://s5.51cto.com/oss/201710/31/f32b3760f267e2c2b49cf29a5cadc296.jpg "style=" float: none; "title=" image 1.jpg "alt=" F32b3760f267e2c2b49cf29a5cadc296.jpg "/>
C Machine :
650) this.width=650; "src=" Https://s5.51cto.com/oss/201710/31/44b1d1cce15c9661a0fbf33604e83bdf.jpg "title=" Picture 2.jpg "style=" Float:none; "alt=" 44b1d1cce15c9661a0fbf33604e83bdf.jpg "/>
Experiment----prohibit Internet access to intranet