From d51bc63419c41618bff4dfac2307db497be8503d Mon Sep 17 00:00:00 2001 From: bjdgyc Date: Mon, 28 Nov 2022 15:22:07 +0800 Subject: [PATCH] =?UTF-8?q?=E9=BB=98=E8=AE=A4=E5=BC=80=E5=90=AF=20?= =?UTF-8?q?=E8=AE=BE=E7=BD=AEnat=E8=BD=AC=E5=8F=91?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- README.md | 14 ++++++++------ docker/docker_entrypoint.sh | 4 ++-- server/base/config.go | 2 +- server/conf/server-sample.toml | 2 +- server/conf/server.toml | 3 +-- 5 files changed, 13 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index c57a7e1..a91dbaf 100644 --- a/README.md +++ b/README.md @@ -158,12 +158,14 @@ cat /proc/sys/net/ipv4/ip_forward systemctl stop firewalld.service systemctl disable firewalld.service +# 新版本支持自动设置nat转发,如有其他需求可以参考下面的命令配置 + # 请根据服务器内网网卡替换 eth0 -iptables -t nat -A POSTROUTING -s 192.168.90.0/24 -o eth0 -j MASQUERADE +# iptables -t nat -A POSTROUTING -s 192.168.90.0/24 -o eth0 -j MASQUERADE # 如果执行第一个命令不生效,可以继续执行下面的命令 # iptables -A FORWARD -i eth0 -s 192.168.90.0/24 -j ACCEPT # 查看设置是否生效 -iptables -nL -t nat +# iptables -nL -t nat ``` 2.2 使用全局路由转发(二选一) @@ -171,6 +173,9 @@ iptables -nL -t nat ```shell # 假设anylink所在服务器的内网ip: 10.1.2.10 +# 首先关闭nat转发功能 +iptables_nat = false + # 传统网络架构,在华三交换机添加以下静态路由规则 ip route-static 192.168.90.0 255.255.255.0 10.1.2.10 # 其他品牌的交换机命令,请参考以下地址 @@ -255,9 +260,7 @@ ipv4_end = "10.1.2.200" 5. 启动容器 ```bash - # -e IPV4_CIDR=192.168.10.0/24 这个参数要与配置文件内的网段一致 docker run -itd --name anylink --privileged \ - -e IPV4_CIDR=192.168.10.0/24 -p 443:443 -p 8800:8800 \ --restart=always \ bjdgyc/anylink @@ -267,7 +270,6 @@ ipv4_end = "10.1.2.200" ```bash # 参数可以参考 -h 命令 docker run -itd --name anylink --privileged \ - -e IPV4_CIDR=192.168.10.0/24 \ -p 443:443 -p 8800:8800 \ --restart=always \ bjdgyc/anylink \ @@ -280,7 +282,7 @@ ipv4_end = "10.1.2.200" #获取仓库源码 git clone https://github.com/bjdgyc/anylink.git # 构建镜像 - docker build -t anylink . + docker build -t anylink -f docker/Dockerfile . ``` diff --git a/docker/docker_entrypoint.sh b/docker/docker_entrypoint.sh index ea23118..3a7c5b3 100644 --- a/docker/docker_entrypoint.sh +++ b/docker/docker_entrypoint.sh @@ -15,8 +15,8 @@ case $var1 in *) sysctl -w net.ipv4.ip_forward=1 - iptables -t nat -A POSTROUTING -s "${IPV4_CIDR}" -o eth0+ -j MASQUERADE - iptables -nL -t nat + #iptables -t nat -A POSTROUTING -s "${IPV4_CIDR}" -o eth0+ -j MASQUERADE + #iptables -nL -t nat exec /app/anylink "$@" ;; diff --git a/server/base/config.go b/server/base/config.go index fef5f85..b28a698 100644 --- a/server/base/config.go +++ b/server/base/config.go @@ -61,7 +61,7 @@ var configs = []config{ {Typ: cfgInt, Name: "audit_interval", Usage: "审计去重间隔(秒),-1关闭", ValInt: -1}, {Typ: cfgBool, Name: "show_sql", Usage: "显示sql语句,用于调试", ValBool: false}, - {Typ: cfgBool, Name: "iptables_nat", Usage: "是否自动添加NAT", ValBool: false}, + {Typ: cfgBool, Name: "iptables_nat", Usage: "是否自动添加NAT", ValBool: true}, } var envs = map[string]string{} diff --git a/server/conf/server-sample.toml b/server/conf/server-sample.toml index d852541..da4c988 100644 --- a/server/conf/server-sample.toml +++ b/server/conf/server-sample.toml @@ -76,6 +76,6 @@ audit_interval = -1 show_sql = false #是否自动添加nat -iptables_nat = false +iptables_nat = true diff --git a/server/conf/server.toml b/server/conf/server.toml index 5bc31c2..3a093e2 100644 --- a/server/conf/server.toml +++ b/server/conf/server.toml @@ -33,5 +33,4 @@ ipv4_gateway = "192.168.90.1" ipv4_start = "192.168.90.100" ipv4_end = "192.168.90.200" -#是否自动添加nat -iptables_nat = false +