================================
#开启系统路由模式功能
echo net.ipv4.ip_forward=1>>/etc/sysctl.conf
sysctl -p

#开启firewalld
systemctl start firewalld

打开防火墙伪装IP

# 检查是否允许伪装IP,返回no表示没开启,反之开启伪装IP

firewall-cmd –query-masquerade
#设置IP地址伪装
firewall-cmd –add-masquerade –permanent

firewall-cmd –zone=public –add-port=443-444/tcp –permanent

firewall-cmd –add-forward-port=port=443:proto=tcp:toaddr=192.168.1.100:toport=443 –permanent
firewall-cmd –add-forward-port=port=444:proto=tcp:toaddr=192.168.1.100:toport=444 –permanent

firewall-cmd –reload

(PS:添加或删除端口后不会立即生效,配置完 –reload后才能生效;–permanent代表永久生效)

firewall-cmd –list-all

#查询所有配置