直到今天我使用了一个便宜的路由器,所以我可以分享我的互联网连接并保持网络服务器在线,同时使用NAT.用户IP($_SERVER [‘REMOTE_ADDR’])很好,我看到用户的A类IP.
但随着流量每天都在增长,我不得不安装Linux服务器(Debian)来共享我的Internet连接,因为我的旧路由器无法再保持流量.
我通过IPTABLES使用NAT共享互联网,但是现在,在将端口80转发到我的网络服务器之后,现在我没有看到真正的用户IP,而是将我的网关IP(Linux内部IP)视为任何用户IP地址.
如何解决这个问题?
我编辑了我的帖子,所以我可以粘贴我目前正在使用的规则.
#!/bin/sh
#I made a script to set the rules
#I flush everything here.
iptables –flush
iptables –table nat –flush
iptables –delete-chain
iptables –table nat –delete-chain
iptables -F
iptables -X
# I drop everything as a general rule,but this is disabled under testing
# iptables -P INPUT DROP
# iptables -P OUTPUT DROP
# these are the loopback rules
iptables -A INPUT -i lo -j ACCEPT
iptables -A OUTPUT -o lo -j ACCEPT
# here I set the SSH port rules,so I can connect to my server
iptables -A INPUT -p tcp –sport 513:65535 –dport 22 -m state –state NEW,ESTABLISHED -j ACCEPT
iptables -A OUTPUT -p tcp –sport 22 –dport 513:65535 -m state –state ESTABLISHED -j ACCEPT
# These are the forwards for 80 port
iptables -t nat -A PREROUTING -p tcp -s 0/0 -d xx.xx.xx.xx –dport 80 -j DNAT –to 192.168.42.3:80
iptables -t nat -A POSTROUTING -o eth0 -d xx.xx.xx.xx -j SNAT –to-source 192.168.42.3
iptables -A FORWARD -p tcp -s 192.168.42.3 –sport 80 -j ACCEPT
# These are the forwards for bind/dns
iptables -t nat -A PREROUTING -p udp -s 0/0 -d xx.xx.xx.xx –dport 53 -j DNAT –to 192.168.42.3:53
iptables -t nat -A POSTROUTING -o eth0 -d xx.xx.xx.xx -j SNAT –to-source 192.168.42.3
iptables -A FORWARD -p udp -s 192.168.42.3 –sport 53 -j ACCEPT
# And these are the rules so I can share my internet connection
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0:1 -j ACCEPT
如果我删除MASQUERADE部分,我会看到我的真实IP,同时用PHP回应它,但我没有互联网.怎么做,有网络,看到我的真实IP,而端口也被转发?
** xx.xx.xx.xx – 是我的公共IP.我出于安全原因隐藏了它.