多个ip dnat与防火墙

我有一个虚拟机安装运行多个虚拟机，我想他们中的一个作为路由器/防火墙，所有的外部IP连接到并运行其他虚拟机，如Apache的FTP后缀不同的服务…我有点失去了惠普这个iptable东西，你可以看到，这两个接口与外部IP有相同的MAC我可以改变，不知道是否有所不同，供应商称他们为“故障转移ip”我可以订购尽可能多

路由-n显示以下不知道为什么没有进入ens35？

Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 163.172.64.1 0.0.0.0 UG 0 0 0 ens33 100.200.30.1 0.0.0.0 255.255.255.255 UH 0 0 0 ens33 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 ens34 

我可以达到路由器惠普ssh从ips（1.2.3.240 / 11.22.33.50）后foloving命令不再（其他IP仍然工作）我也不能达到其他机器惠特ssh这是锻炼的目标

 # iptables -t nat -A PREROUTING -d 11.22.33.50 -j DNAT --to 192.168.0.250 # iptables -t nat -A POSTROUTING -s 192.168.0.250 -j SNAT --to 11.22.33.50 

做一个人看到我的错误？ 只要我明白上面应该是在11.22.33.50应该通过路由到另一个虚拟机和其他虚拟机发送的所有应该转发，如果它将来自11.22.33.50

• 如何防止路由器广告更新我的IPv6路由？
• 入站阻塞的端口DD-WRT路由器
• 如何使用MikroTik路由器在不同子网上设置路由到网关？
• 无法从无线设备ping有线设备
• 如何在一个局域网之间共享networking防火墙设置？

/ ETC / NETWORK / INTERFACE /的路由器

 auto lo iface lo inet loopback auto ens33 iface ens33 inet static address 1.2.3.240 netmask 255.255.255.255 broadcast 1.2.3.240 dns-nameservers 62.210.16.6 62.210.16.7 post-up route add 100.200.300.1 dev ens33 post-up route add default gw 100.200.30.1 post-down route del 100.200.300.1 dev ens33 post-down route del default gw 100.200.30.1 auto ens34 iface ens34 inet static address 192.168.0.1 netmask 255.255.255.0 broadcast 192.168.0.255 auto ens35 iface ens35 inet static address 11.22.33.50 netmask 255.255.255.255 broadcast 11.22.33.50 dns-nameservers 62.210.16.6 62.210.16.7 post-up route add 100.200.300..1 dev ens33 post-up route add default gw 100.200.30.1 post-down route del 100.200.300.1 dev ens33 post-down route del default gw 100.200.30.1 

IFCONFIG：路由器

 ens33 Link encap:Ethernet HWaddr 00:50:56:00:ed:e4 inet addr:1.2.3.240 Bcast:1.2.3.240 Mask:255.255.255.255 inet6 addr: xxx Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:17467 errors:0 dropped:0 overruns:0 frame:0 TX packets:1154 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1124709 (1.1 MB) TX bytes:236195 (236.1 KB) ens34 Link encap:Ethernet HWaddr 00:0c:29:8b:73:4c inet addr:192.168.0.1 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: xxx Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:8 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 B) TX bytes:648 (648.0 B) ens35 Link encap:Ethernet HWaddr 00:50:56:00:ed:e4 inet addr:11.22.33.50 Bcast:11.22.33.50 Mask:255.255.255.255 inet6 addr: xxx Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:17461 errors:0 dropped:0 overruns:0 frame:0 TX packets:12 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:1124367 (1.1 MB) TX bytes:1040 (1.0 KB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:160 errors:0 dropped:0 overruns:0 frame:0 TX packets:160 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:11840 (11.8 KB) TX bytes:11840 (11.8 KB) 

/ ETC / NETWORK / INTERFACE / /第二台机器

 auto lo iface lo inet loopback auto ens34 iface ens34 inet static address 192.168.0.250 netmask 255.255.255.0 broadcast 192.168.0.255 geteway 192.168.0.1 network 192.168.0.0 dns-nameservers 62.210.16.6 62.210.16.7 

IFCONFIG：第二台机器

 ens34 Link encap:Ethernet HWaddr 00:0c:29:60:4a:1a inet addr:192.168.0.250 Bcast:192.168.0.255 Mask:255.255.255.0 inet6 addr: xxx Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:5 errors:0 dropped:0 overruns:0 frame:0 TX packets:13 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:414 (414.0 B) TX bytes:1062 (1.0 KB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:160 errors:0 dropped:0 overruns:0 frame:0 TX packets:160 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1 RX bytes:11840 (11.8 KB) TX bytes:11840 (11.8 KB)