No public network IP access to the public network through a springboard machine scheme

Springboard: Pre-release: 10.124.156.244

Client: Android Packaging server: 10.124.156.247-250

Configuration:

Springboard machine:

1. Turn on the forwarding function:

#vi/etc/sysctl.conf

====================

Net.ipv4.ip_forward = 1

====================

#sysctl –p

2.iptables Turn on forwarding

(iptables-t nat-a postrouting-s 10.124.156.0/24-o eth0-j Masquerade)

#vim/etc/sysconfig/iptables

====================

-T nat-a postrouting-s 10.124.156.0/24-o Eth0-j Masquerade

====================

and comment on the rule:-A forward-j REJECT--reject-with icmp-host-prohibited (closes the packet suppression rule on the FORWARD table)

#service iptables restart Restart iptables service

Client: Linux Side

Edit the NIC profile to point to the default gateway for the server 10.124.156.1 10.124.156.244

#vim/etc/sysconfig/network-scripts/ifcfg-eth0

===================

Device=eth0

Bootproto=static

gateway=10.124.156.244

Hwaddr=28:6e:d4:89:c2:36

Ipaddr=10.124.156.xxx

netmask=255.255.255.0

Onboot=yes

Type=ethernet

Userctl=no

Ipv6init=no

Peerdns=yes

==================

#service Network Reload restart the NIC service

Client: Mac Side

System Preferences >> Network configuration >> Modify the IP address routed to the proxy server 10.124.156.244>> app

Note: If the rule that requires comments in iptables is not commented, there will be a cross-network segment access to different issues

Test:

Ping www.baidu.com can be configured properly by pinging!

Note: This scenario is successfully tested on Huawei Cloud platform. (when configured in a physical machine cluster, it is only necessary to add a route to the springboard on the client)

This article is from "Dolphin Watching" blog, please be sure to keep this source http://swht1278.blog.51cto.com/7138082/1693452

No public network IP access to the public network through a springboard machine scheme