開啟ip forward
vi /etc/sysctl.conf
sysctl -p
增加firewall policy
firewall-cmd --direct --add-rule ipv4 nat POSTROUTING 0 -o eth_ext -j MASQUERADE
firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i eth_int -o eth_ext -j ACCEPT
firewall-cmd --direct --add-rule ipv4 filter FORWARD 0 -i eth_ext -o eth_int -m state --state RELATED,ESTABLISHED -j ACCEPT
firewall-cmd --runtime-to-permanent
net.ipv4.ip_forward = 1增加firewall policy