Last update at :2024-07-05,Edit by888u
SSH, preferably root user. I use another company's NAT plug-in.
The following is the setting of KVM NAT. If it is OVZ, additional steps are required. 1. Create a NAT bridge
brctl addbr natbr02. Configure the network bridge
cat natbr0: flags=4163 mtu 1500 inet 10.111.111.1 netmask 255.255.255.0 broadcast 10.111.111.255 inet6 fe80::1c5a:eff:fe8c:a9ca prefixlen 64 scopeid 0x20 ether here:display:is:MAC address txqueuelen 1000 (Ethernet) RX packets 0 bytes 0 (0.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 14 bytes 900 (900.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 05. Enable packet forwarding function
sysctl net.ipv4.ip_forwardShow if already started
net.ipv4.ip_forward = 1
Displayed if not enabled (please follow the steps below to enable it, necessary function)
net.ipv4.ip_forward = 0
CentOS7 startup method
echo "net.ipv4.ip_forward = 1" >> /usr/lib/sysctl.d/50-default.conf sysctl -pCentOS6 startup method
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf sysctl -p6. Enable NAT forwarding so that the virtual machine can access the public network
iptables -t nat -A POSTROUTING -s '10.111.111.0/24' -o Network card with public IP -j MASQUERADESave permanently
service iptables saveCentOS 7 needs to install iptables-serivces to execute this command
yum install iptables-serivces -y7. To modify the SolusVM node bridge, please log in to SolusVM and modify the node settings. [KVM Bridge] must be modified to [natbr0], otherwise the virtual machine will not be able to access the Internet and perform port forwarding
8. In addition to the above operations, the setting of OVZ NAT also requires the following operations. Modify the file contents of the host /etc/modprobe.d/openvz.conf
#Original file content options nf_conntrack ip_conntrack_disable_ve0=1 #Modified content (change 1 to 0) options nf_conntrack ip_conntrack_disable_ve0=0After the modification is completed, please restart the host. If it does not appear when executing iptables -t nat -L, can’t initialize iptables table `nat’: Table does not exist (do you need to insmod?), it means the startup is successful
9. Refresh ports regularly
crontab -eAdd
*/5 * * * * sudo php -q /root/nat/client.php */5 * * * * sudo php -q /root/natdomain/client.phpThis is refreshed every 5 minutes.
Reprinted from: https://docs.weloveidc.com/knowledge-base/%E8%AE%BE%E7%BD%AEkvm-nat%E8%8A%82%E7%82%B9, https:/ /docs.weloveidc.com/knowledge-base/%E8%AE%BE%E7%BD%AEnat%E8%8A%82%E7%82%B9%E7%BD%91%E7%BB%9C-openvz< /p>
Recommended site searches: virtual space host, free personal website server, mainland China virtual host, Korean server recommendation, Hong Kong server defense, Ministry of Industry and Information Technology filing, Chinese domain name query, Hong Kong server rental 99idc, same IP website query, instant IP server replacement ,
发表评论