ip_tunnel.txt

基于RHEL的IP隧道

+--------------+-tun0-----------------------tun0---+--------------+
|``````````````|`10.30.0.208```````````10.30.0.103`|``````````````|
|`````fame`````| - - - - - ( ip tunnel ) - - - - - |`````cash`````|
|``````````````|```````````````````````````````````|``````````````|
+--------------+-----------------------------------+--------------+
eth0 216.239.57.99 ===........( WAN )........=== 166.111.8.238 eth0

WHAT I WANT
mm -> fame:80 -> cash:88

WHAT I NEED
iproute2, iptables

HOW I DO
fame # iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to
10.30.0.103:88

cash # iptables -t mangle -A OUTPUT -p tcp -s 10.30.0.103 --sport 88 -j MARK --set-mark 7
cash # ip rule add fwmark 7 table 208
cash # ip route add default dev tun0 table 208

//以上eth0和tun0看成一个设备就是两台服务器在同一个子网内的配置方法
以上方法适用于与ppp设备相连

如果是以太网设备,要将61.188.179.177的8080端口透明转发到179.125上面去,
而177的eth0 ip为10.0.0.1 125的eth0 ip为10.0.0.2

那么步骤如下：
1、在125的iptables中nat链中
-A PREROUTING -p tcp --dport 8080 -j DNAT --to 10.0.0.1:8080
2、在177的iptables中mangle链中
-A OUTPUT -p tcp -s 10.0.0.1 --sport 8080 -j MARK --set-mark 7
3、在177命令行下
ip rule add fwmark 7 table 208
ip route add default via 10.0.0.2 dev eth0 table 208

这样就完成了透明转发

http://bbs.linuxsun.cn/thread-635-1-1.html