配置NAT的问题

akuma

菜鸟提问: 配置NAT

服务器(RHEL AS3):
eth0: 192.168.0.254  接内网(192.168.0.10--192.168.0.50)
eth1: 192.168.1.254  接外网(ADSL)[宽带路由器(192.168.1.1)]

执行脚步fw.sh,内容如下(网上抄的):
#!/bin/bash
echo 1 > /proc/sys/net/ipv4/ip_forward
modprobe ip_nat_ftp
modprobe iptable_nat
iptables -t nat -A POSTROUTING -s 192.168.0.0/24 -o eth1 -j MASQUERADE


运行以下测试命令得到如下结果:
# iptables -nL
Chain INPUT (policy ACCEPT)
target                        prot opt source               destination
RH-Firewall-1-INPUT  all     --     0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target                        prot opt source               destination
RH-Firewall-1-INPUT  all     --     0.0.0.0/0            0.0.0.0/0

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain RH-Firewall-1-INPUT (2 references)
target     prot     opt source               destination
ACCEPT     all      --  0.0.0.0/0            0.0.0.0/0
ACCEPT     icmp   --  0.0.0.0/0            0.0.0.0/0          icmp type 255
ACCEPT     esp    --  0.0.0.0/0            0.0.0.0/0
ACCEPT     ah      --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all      --  0.0.0.0/0            0.0.0.0/0          state RELATED,ESTABLISHED
REJECT     all       --  0.0.0.0/0            0.0.0.0/0          reject-with icmp-host-prohibited



# iptables -t nat -L -v
Chain PREROUTING (policy ACCEPT 3459 packets, 166K bytes)
pkts bytes target     prot opt in     out     source               destination

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes   target         prot  opt  in       out      source                  destination
    0     0  MASQUERADE    all    --    any    eth1    192.168.0.0/24       anywhere   

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target     prot opt in     out     source               destination



# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
169.254.0.0     0.0.0.0         255.255.0.0       U     0      0        0 eth1
0.0.0.0         192.168.1.254   0.0.0.0             UG   0      0        0 eth1


不知道为何会出现
169.254.0.0     0.0.0.0         255.255.0.0     U     0      0        0 eth1
好像是网关不对,不知该怎么改?


还有如下错误信息,好像是iptables的写法有误:
# tail /var/log/messages
May 26 13:27:39  kernel: Neighbour table overflow.
May 26 13:27:45  kernel: NET: 253 messages suppressed.
May 26 13:27:45  kernel: Neighbour table overflow.
May 26 13:27:48  kernel: NET: 120 messages suppressed.
May 26 13:27:48  kernel: Neighbour table overflow.
May 26 13:28:49  kernel: NET: 249 messages suppressed.
May 26 13:28:49  kernel: Neighbour table overflow.
May 26 13:28:49  last message repeated 9 times
May 26 13:28:55  kernel: NET: 106 messages suppressed.
May 26 13:28:55  kernel: Neighbour table overflow.


# arp -an |wc -l
1016    <-- 不确定,有时大,有时小.范围(1--1500)


就是这些了,大家帮帮我啊,我不想用WINDOWS啊







顺带敷上客户机设置

客户机(WinXP):
C:\WINDOWS\system32>ipconfig /all

Windows IP Configuration

        Host Name . . . . . . . . . . . . : cp-sh3
        Primary Dns Suffix  . . . . . . . :
        Node Type . . . . . . . . . . . . : Unknown
        IP Routing Enabled. . . . . . . . : No
        WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter 本地连接:

        Connection-specific DNS Suffix  . :
        Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Cont
roller
        Physical Address. . . . . . . . . : 00-12-3F-D4-8F-C8
        Dhcp Enabled. . . . . . . . . . . : No
        IP Address. . . . . . . . . . . . : 192.168.0.42
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 192.168.0.254
        DNS Servers . . . . . . . . . . . : 192.168.1.1
                                            202.96.209.6
                                            202.96.209.133
        NetBIOS over Tcpip. . . . . . . . : Disabled

C:\WINDOWS\system32>ping 192.168.0.254

Pinging 192.168.0.254 with 32 bytes of data:

Reply from 192.168.0.254: bytes=32 time<1ms TTL=64

Ping statistics for 192.168.0.254:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\WINDOWS\system32>ping 192.168.1.254

Pinging 192.168.1.254 with 32 bytes of data:

Reply from 192.168.1.254: bytes=32 time<1ms TTL=64

Ping statistics for 192.168.1.254:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

C:\WINDOWS\system32>ping 192.168.1.1

Pinging 192.168.1.1 with 32 bytes of data:

Reply from 192.168.1.1: bytes=32 time<1ms TTL=63

Ping statistics for 192.168.1.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

akuma

怎么从屏幕上粘贴上去的输出会挤到一起啊?  大家看起来可能会比较累,不好意思.

shitian8848

Google on APIPA 169.254.0.0.
Automatic Private IP Addressing (APIPA) address space of 169.254.0.0/16
(used by Windows 98 and Windows 2000).

It is not supposed to be routed beyond the local subnet so it can be
considered safe for most mortals. If you have a windows machine (or
other zeroconf friendly box) that grabbed such an address for itself in
the absence of DHCP you could communicate with it.

You can disable it by setting NOZEROCONF=yes in
/etc/sysconfig/network

akuma

多谢回复.

我试了一下,还是不行啊,还有Neighbour table overflow的提示信息,我觉得这个挺关键的

# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.1.0     0.0.0.0         255.255.255.0   U     0      0        0 eth1
192.168.0.0     0.0.0.0         255.255.255.0   U     0      0        0 eth0
0.0.0.0         192.168.1.254   0.0.0.0         UG    0      0        0 eth1



# cat /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=SERVER
GATEWAY=192.168.1.254
NOZEROCONF=yes

# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.0.254
NETMASK=255.255.255.0
NETWORK=192.168.0.0
BROADCAST=192.168.0.255
TYPE=Ethernet

# cat /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
BOOTPROTO=static
BROADCAST=192.168.1.255
IPADDR=192.168.1.254
NETMASK=255.255.255.0
NETWORK=192.168.1.0
ONBOOT=yes
TYPE=Ethernet

Chowroc

0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 eth1

我判断应该是路由的问题，比如我的：

1. 
   
2. # netstat -rn
   
3. Kernel IP routing table
   
4. Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
   
5. 61.187.71.252   0.0.0.0         255.255.255.255 UH       40 0          0 ppp0
   
6. 192.168.0.0     0.0.0.0         255.255.255.0   U        40 0          0 vmnet8
   
7. 192.168.0.0     0.0.0.0         255.255.255.0   U        40 0          0 vmnet1
   
8. 192.168.0.0     0.0.0.0         255.255.255.0   U        40 0          0 eth0
   
9. 127.0.0.0       0.0.0.0         255.0.0.0       U        40 0          0 lo
   
10. 0.0.0.0         61.187.71.252   0.0.0.0         UG       40 0          0 ppp0
    

复制代码

应该是 设置 /etc/sysconfig/network-script/ifcfg-ppp0 中的:
DEFROUTE=yes