[问题求助]linux+nat怎么也调不通！ [复制链接]

根据ｐｌａｔｉｎｕｍ版.主的脚本来的，以下是我自己修改的，在网关上内外网.都是通的，就是在内网到不了外面，我觉.得是ｒｏｕｔｅ的问题，不知道该怎么解决，大伙给看看.

#! /bin/bash

# Set .default gateway教育
GATEWA.Y="11.22.33.44"--------------彩票

# Set. Interface WAN.
WAN_IP="11..22.33.45"           女人
WAN_ETH="eth0"
WAN_MASK="25.5.255..255.240"投资

# Set In.terface LAN.
LAN_IP="19.2.168.10.5"电影
LA.N_NET="192.168.10.0"           鲜花
LAN_ETH="eth1"
LAN_MASK="255..255.255.0".

# Initialize mod.ules教育
m.odprobe ip_nat_ftp学习
modprobe i.p_conntrack_ftp           女人
echo 1 >; /proc/sys/net/ip.v4/ip_fo.rward--------------彩票

# Ini.tialize Interfa.ce LAN.
ifconfig $LA.N_ETH $LAN_IP n.etmask $LAN_MASK.

# In.itialize policy.
iptables -P IN.PUT ACCEPT           建材
iptables -P FORWARD ACCE..PT(广告)
iptables -F
iptables -t na.t -F           鲜花

# Deny ACK att.ack教育
#iptables -A INP.UT -p tcp ! --syn -m state --s.tate NEW -j DROP    外汇
#ipt.ables -A FORWARD -p tcp ! --.syn -m state --state NEW -j DROP            杀毒

# In.itialize Interf.ace WAN--------------彩票
ifconfig $WAN_.ETH $WAN_IP netmas.k $WAN_MASK(广告)
iptables -t nat -A POSTROUTING -s $LAN_NET -o $.WAN_ETH -j SNAT. --to $WAN_IP虚拟主机
ip route replac.e default via. $GATEWAY.

那你先这样试一下

直接打,先不要用脚本,看看什么情况

iptables -t nat -A POSTROUTING -s $LAN_NET -o $WAN_ETH -j SNAT --to $WAN_IP
ip route replace default via $GATEWAY

最关键的就是这两句，哪位能给解释解释？

modprobe ip_nat_ftp
modprobe ip_conntrack_ftp
echo 1 >; /proc/sys/net/ipv4/ip_forward
iptables -F
iptables -t nat -F
iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o eth0 -j SNAT --to 11.22.33.45
ip route replace default via 11.22.33.44


你按这个来做做,一条条来打,试试看

no!!!不对,还是不对

不可能
把你的ifconfig route
帖上来

ifconfig
eth0      Link encap:Ethernet  HWaddr 00:50A:8F:7A:9F
          inet addr:11.22.33.45  Bcast:11.22.33.255  Mask:255.255.255.240
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1228 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1151 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:1018119 (994.2 Kb)  TX bytes:227912 (222.5 Kb)
          Interrupt:10 Base address:0xdc00

eth1      Link encap:Ethernet  HWaddr 00:01:02:8C:AE:82
          inet addr:192.168.10.5  Bcast:192.168.10.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3152 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1405 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:439416 (429.1 Kb)  TX bytes:1079193 (1.0 Mb)
          Interrupt:11 Base address:0xe000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)


route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
218.58.78.32    *               255.255.255.240 U     0      0        0 eth0
192.168.10.0    *               255.255.255.0   U     0      0        0 eth1
169.254.0.0     *               255.255.0.0     U     0      0        0 eth1
127.0.0.0       *               255.0.0.0       U     0      0        0 lo
default         11.22.33.44    0.0.0.0         UG    0      0        0 eth0

那么你本机可以上网吗?

iptables-save帖上来

# Generated by iptables-save v1.2.9 on Tue Aug  2 18:28:41 2005
*nat
REROUTING ACCEPT [619]
OSTROUTING ACCEPT [10]
:OUTPUT ACCEPT [9]
-A POSTROUTING -s 192.168.10.0 -o eth0 -j SNAT --to-source 11.22.33.45
COMMIT
# Completed on Tue Aug  2 18:28:41 2005
# Generated by iptables-save v1.2.9 on Tue Aug  2 18:28:41 2005
*filter
:INPUT ACCEPT [187]
:FORWARD ACCEPT [19]
:OUTPUT ACCEPT [495]
COMMIT
# Completed on Tue Aug  2 18:28:41 2005

QUOTE:原帖由 "jiecho"]2 发表：

COMMITA POSTROUTING -s 192.168.10.0 -o eth0 -j SNAT --to-source 11.22.33.45

# Completed on Tue Aug  2 18:28:41 2005


上面红色的?你仔细看看