iptables:添加SNAT后就不能保留源地址了(即使设置网关为iptables机器ip)

添加SNAT后就不能保留源地址了(即使设置网关为iptables机器ip):
如:
主机1:iptables服务器配置:
[root@xjjwt ~]# ip a|grep 192
inet 192.168.1.89/24 brd 192.168.1.255 scope global eth0
[root@xjjwt ~]# iptables-save
# Generated by iptables-save v1.4.7 on Wed Sep 12 16:06:08 2018
*nat
:PREROUTING ACCEPT [1503:114205]
:POSTROUTING ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A PREROUTING -d 192.168.1.89/32 -p tcp -m tcp –dport 80 -j DNAT –to-destination 192.168.1.182:80
-A POSTROUTING -d 192.168.1.182/32 -p tcp -m tcp –dport 80 -j SNAT –to-source 192.168.1.89
-A POSTROUTING -o eth0 -j MASQUERADE
-A POSTROUTING -j MASQUERADE
COMMIT
# Completed on Wed Sep 12 16:06:08 2018
# Generated by iptables-save v1.4.7 on Wed Sep 12 16:06:08 2018
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [61:4425]
:OUTPUT ACCEPT [821:113448]
-A INPUT -m state –state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state –state NEW -m tcp –dport 22 -j ACCEPT
-A INPUT -j REJECT –reject-with icmp-host-prohibited
-A FORWARD -d 192.168.0.0/24 -j ACCEPT
-A FORWARD -d 192.168.1.182/32 -p tcp -m tcp –dport 80 -j ACCEPT
COMMIT
# Completed on Wed Sep 12 16:06:08 2018
[root@xjjwt ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
[root@xjjwt ~]#

抓包:


主机二:
[root@nginx ~]# ip a|grep 192
inet 192.168.1.182/24 brd 192.168.1.255 scope global eth0
[root@nginx ~]#
[root@nginx ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
0.0.0.0 192.168.1.89 0.0.0.0 UG 0 0 0 eth0
[root@nginx ~]#

抓包:

发表评论

电子邮件地址不会被公开。 必填项已用*标注