centos7通过firewalld设置进行上网

1、准备俩台服务器，都要有俩块网卡，外网网卡，内网网卡

第一台服务器 内网：172.16.1.16 外网：10.0.0.16

第二台服务器 内网：172.16.1.17 外网：10.0.0.17

2、在第一台服务器上添加

[root@ localhost ~]# vim /etc/sysctl.conf 

# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.ip_forward=1     #在这里添加一行

3、进行检查

[root@ localhost ~]# sysctl -p
net.ipv4.ip_forward = 1

4、添加

[root@ localhost ~]# firewall-cmd --add-masquerade --permanent 
success
[root@ localhost ~]# firewall-cmd --permanent --direct --passthrough ipv4 -t nat -I POSTRPUTING -o ens37 -j 
MASQUERADE -s 172.16.1.0/24
success
[root@ localhost ~]# firewall-cmd --reload
success

5、在第二台服务器上进行操作，先关闭外网

[root@ localhost network-scripts]# ifdown ens33

6、在第二台服务器的内网网卡中加入第一台服务器的外网ip

GATEWAY=172.16.1.16

7、重启网卡

systemctl restart network

8、尝试连接百度

ping baidu.com