保存,還原規則
防火墻規則的備份和還原
導出(備份)所有表的規則
iptables-save > /opt/ipt.txt導入(還原)規則
iptables-restore < /opt/ipt.txt
將iptables規則文件保存在 /etc/sysconfig/iptables 中,iptables服務啟動時會自動還原規則
iptables-save > /etc/sysconfig/iptables
systemctl stop iptables?? ??? ??? ??? ??? ??? ?#停止iptables服務會清空掉所有表的規則
systemctl start iptables?? ??? ??? ??? ??? ?#啟動iptables服務會自動還原/etc/sysconfig/iptables 中的規則
保存規則 ?iptables-save > 文件路徑
還原規則 ?iptables-restore < 文件路徑
保存為默認規則 ?iptables-save > /etc/sysconfig/iptables
[root@l1 ~]# systemctl disable --now firewalld //永久關閉防火墻
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@l1 ~]#
[root@l1 ~]# yum install -y iptables iptables-services //安裝兩個軟件
已加載插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
軟件包 iptables-1.4.21-35.el7.x86_64 已安裝并且是最新版本
正在解決依賴關系
--> 正在檢查事務
---> 軟件包 iptables-services.x86_64.0.1.4.21-35.el7 將被 安裝
--> 解決依賴關系完成依賴關系解決=============================================================================================================================================================Package 架構 版本 源 大小
=============================================================================================================================================================
正在安裝:iptables-services x86_64 1.4.21-35.el7 local 52 k事務概要
=============================================================================================================================================================
安裝 1 軟件包總下載量:52 k
安裝大小:23 k
Downloading packages:
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction正在安裝 : iptables-services-1.4.21-35.el7.x86_64 1/1 驗證中 : iptables-services-1.4.21-35.el7.x86_64 1/1 已安裝:iptables-services.x86_64 0:1.4.21-35.el7 完畢!
[root@l1 ~]#
[root@l1 ~]# systemctl start iptables.service //啟動服務
[root@l1 ~]# iptables -nL -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination Chain INPUT (policy ACCEPT)
target prot opt source destination Chain OUTPUT (policy ACCEPT)
target prot opt source destination Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
[root@l1 ~]# iptables -nL -t filter
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibitedChain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibitedChain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@l1 ~]#
之前設置的規則沒有永久保存,當你服務器重啟? 或者是 iptables服務重啟 都會導致之前寫入的規則丟失
[root@l1 ~]# iptables -t filter -F
[root@l1 ~]# iptables -nL -t filter
Chain INPUT (policy ACCEPT)
target prot opt source destination Chain FORWARD (policy ACCEPT)
target prot opt source destination Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@l1 ~]# iptables -t filter -A INPUT -p tcp -m multiport --dport 20:23,53,80,443,111,2049 -j ACCEPT
[root@l1 ~]# iptables -t filter -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
[root@l1 ~]# iptables -t filter -A INPUT -j DROP
[root@l1 ~]# iptables -nL -t filter
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 20:23,53,80,443,111,2049
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
DROP all -- 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT)
target prot opt source destination Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@l1 ~]#
保存規則?
[root@l1 ~]# iptables-save > /opt/iptables.txt //重定向輸出到/opt/iptables.txt
[root@l1 ~]# vim /opt/iptables.txt [root@l1 ~]# iptables-restore < /opt/iptables.txt //重定向輸入規則
[root@l1 ~]# iptables -nL -t filter
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 20:23,53,80,443,111,2049
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
DROP all -- 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT)
target prot opt source destination Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@l1 ~]#
還原規則
[root@l1 ~]# iptables -t filter -F //清除規則
[root@l1 ~]# iptables -nL -t filter
Chain INPUT (policy ACCEPT)
target prot opt source destination Chain FORWARD (policy ACCEPT)
target prot opt source destination Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@l1 ~]#
如何設置默認規則?
[root@l1 ~]# systemctl restart iptables.service //重啟服務
[root@l1 ~]# iptables -nL -t filter //規則還原了
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibitedChain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibitedChain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@l1 ~]#
?
?
[root@l1 ~]# iptables-save > /etc/sysconfig/iptables //替換默認規則文件
[root@l1 ~]# vim /etc/sysconfig/iptables
[root@l1 ~]#
[root@l1 ~]# iptables -t filter -F //清空規則
[root@l1 ~]# iptables -nL -t filter //查看規則
Chain INPUT (policy ACCEPT)
target prot opt source destination Chain FORWARD (policy ACCEPT)
target prot opt source destination Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@l1 ~]# systemctl restart iptables.service //重啟服務
[root@l1 ~]# iptables -nL -t filter //查看規則(已恢復)
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 multiport dports 20:23,53,80,443,111,2049
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
DROP all -- 0.0.0.0/0 0.0.0.0/0 Chain FORWARD (policy ACCEPT)
target prot opt source destination Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@l1 ~]#
tcpdump ? ?Linux系統抓包工具
tcp 協議? ? port 端口 [src/dst]? ? ?net 網段 ? ? -i 網卡 ?-s 0 ?-w XXX.cap
tcp? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?host 主機IP
udp
icmp
tcpdump tcp -i ens33 -t -s 0 -c 100 and port ! 22 and net 192.168.1.0/24 -w ./target.cap
(1)tcp: ip icmp arp rarp 和 tcp、udp、icmp這些協議選項等都要放到第一個參數的位置,用來過濾數據包的類型
(2)-i ens33 : 只抓經過接口ens33的包
(3)-t : 不顯示時間戳
(4)-s 0 : 抓取數據包時默認抓取長度為68字節。加上-s 0 后可以抓到完整的數據包
(5)-c 100 : 只抓取100個數據包
(6)port ! 22 : 不抓取端口是22的數據包
(7)net 192.168.1.0/24 : 數據包的網絡地址為192.168.1.0/24
(8)-w ./target.cap : 保存成cap文件,方便用ethereal(即wireshark)分析?
?實驗1? ?SNAT
網關主機 ens33(左,連接內網)192.168.80.30? ? ens36(右,連接外網)12.0.0.30
客戶端1 設置ip地址為192.168.80.11? ?網關為ens33 192.168.80.30
客戶端2 設置ip地址為192.168.80.20? ?網關為ens33 192.168.80.30
外網服務器 ip 12.0.0.12? 網關為ens36 12.0.0.30
SNAT ? ?內網 --> 外網 ? 轉換源地址
iptables ?-t nat ?-A POSTROUTING ?-s 內網的源地址/網段 ?-o 出站網卡 ?-j SNAT ?--to 要轉換的公網源地址
打開ip轉發功能?
[root@l1 ~]# cat /proc/sys/net/ipv4/ip_forward
0
[root@l1 ~]# echo 1 > /proc/sys/net/ipv4/ip_forward^C
[root@l1 ~]# sysctl -w net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1
[root@l1 ~]#
?只能臨時生效,當你服務器重啟又會被打回為0
永久設置
[root@l1 ~]# vim /etc/sysctl.conf //這是我們的內核配置文件
[root@l1 ~]# 
[root@l1 ~]# sysctl -p //加載配置文件的內核配置
net.ipv4.ip_forward = 1
[root@l1 ~]#
[root@l1 ~]# cat /proc/sys/net/ipv4/ip_forward
1
[root@l1 ~]# SNAT 轉發
網關服務器?
客戶端 內網主機
客戶機2同上操作
?Web服務器? 外網服務器
網關服務器配置
[root@l1 ~]# systemctl disable --now firewalld
[root@l1 ~]# yum install -y iptables iptables-services
已加載插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
軟件包 iptables-1.4.21-35.el7.x86_64 已安裝并且是最新版本
軟件包 iptables-services-1.4.21-35.el7.x86_64 已安裝并且是最新版本
無須任何處理
[root@l1 ~]# systemctl start iptables
[root@l1 ~]# systemctl enable iptables
Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.
[root@l1 ~]# systemctl status iptables
● iptables.service - IPv4 firewall with iptablesLoaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled)Active: active (exited) since 四 2024-05-23 11:41:28 CST; 27s agoMain PID: 2582 (code=exited, status=0/SUCCESS)Tasks: 0CGroup: /system.slice/iptables.service5月 23 11:41:28 l1 systemd[1]: Starting IPv4 firewall with iptables...
5月 23 11:41:28 l1 iptables.init[2582]: iptables: Applying firewall rules: … ]
5月 23 11:41:28 l1 systemd[1]: Started IPv4 firewall with iptables.
Hint: Some lines were ellipsized, use -l to show in full.
[root@l1 ~]# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibitedChain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibitedChain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@l1 ~]# systemctl disable --now firewalld
[root@l1 ~]# yum install -y iptables iptables-services
已加載插件:faste[root@l1 network-scripts]# cd /etc/sysconfig/network-scripts/
[root@l1 network-scripts]# ls
ifcfg-ens33 ifdown-bnep ifdown-ipv6 ifdown-routes ifdown-tunnel ifup-eth ifup-isdn ifup-ppp ifup-TeamPort network-functions
ifcfg-lo ifdown-eth ifdown-isdn ifdown-sit ifup ifup-ib ifup-plip ifup-routes ifup-tunnel network-functions-ipv6
ifcfg-有線連接_1 ifdown-ib ifdown-post ifdown-Team ifup-aliases ifup-ippp ifup-plusb ifup-sit ifup-wireless route-有線連接_1
ifdown ifdown-ippp ifdown-ppp ifdown-TeamPort ifup-bnep ifup-ipv6 ifup-post ifup-Team init.ipv6-global
[root@l1 network-scripts]# vim ifcfg-ens33
[root@l1 network-scripts]#
[root@l1 network-scripts]# vim ifcfg-ens33
?內網 ens33
[root@l1 network-scripts]# vim ifcfg-ens33
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=bb54a700-e209-4a22-a2a3-d4facf68b2b4
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.80.30
NETMASK=255.255.255.0
#GATEWAY=192.168.80.2
#DNS1=114.114.114.114
外網 ens36
[root@l1 network-scripts]# vim ifcfg-ens36
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens36
DEVICE=ens36
ONBOOT=yes
IPADDR=12.0.0.30
NETMASK=255.255.255.0
~ [root@l1 network-scripts]# systemctl restart network //重啟網卡
[root@l1 ~]# sysctl -p
net.ipv4.ip_forward = 1
[root@l1 ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 192.168.80.30 netmask 255.255.255.0 broadcast 192.168.80.255inet6 fe80::523e:232a:d39b:b32f prefixlen 64 scopeid 0x20<link>ether 00:0c:29:87:fc:b2 txqueuelen 1000 (Ethernet)RX packets 397 bytes 34591 (33.7 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 413 bytes 35175 (34.3 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0ens36: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500ether 00:0c:29:87:fc:bc txqueuelen 1000 (Ethernet)RX packets 23 bytes 2871 (2.8 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 475 bytes 78490 (76.6 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536inet 127.0.0.1 netmask 255.0.0.0inet6 ::1 prefixlen 128 scopeid 0x10<host>loop txqueuelen 1000 (Local Loopback)RX packets 222 bytes 20050 (19.5 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 222 bytes 20050 (19.5 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255ether 52:54:00:cc:65:de txqueuelen 1000 (Ethernet)RX packets 0 bytes 0 (0.0 B)RX errors 0 dropped 0 overruns 0 frame 0TX packets 0 bytes 0 (0.0 B)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0[root@l1 ~]# cd /etc/sysconfig/network-scripts/
[root@l1 network-scripts]# ls
ifcfg-ens33 ifdown-ppp ifup-ib ifup-Team
ifcfg-lo ifdown-routes ifup-ippp ifup-TeamPort
ifdown ifdown-sit ifup-ipv6 ifup-tunnel
ifdown-bnep ifdown-Team ifup-isdn ifup-wireless
ifdown-eth ifdown-TeamPort ifup-plip init.ipv6-global
ifdown-ib ifdown-tunnel ifup-plusb network-functions
ifdown-ippp ifup ifup-post network-functions-ipv6
ifdown-ipv6 ifup-aliases ifup-ppp
ifdown-isdn ifup-bnep ifup-routes
ifdown-post ifup-eth ifup-sit
[root@l1 network-scripts]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 192.168.80.30 netmask 255.255.255.0 broadcast 192.168.80.255inet6 fe80::523e:232a:d39b:b32f prefixlen 64 scopeid 0x20<link>ether 00:0c:29:87:fc:b2 txqueuelen 1000 (Ethernet)RX packets 464 bytes 39748 (38.8 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 476 bytes 44868 (43.8 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0ens36: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet6 fe80::a0bd:6d4f:1a86:6806 prefixlen 64 scopeid 0x20<link>ether 00:0c:29:87:fc:bc txqueuelen 1000 (Ethernet)RX packets 24 bytes 3114 (3.0 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 504 bytes 82656 (80.7 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536inet 127.0.0.1 netmask 255.0.0.0inet6 ::1 prefixlen 128 scopeid 0x10<host>loop txqueuelen 1000 (Local Loopback)RX packets 230 bytes 20682 (20.1 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 230 bytes 20682 (20.1 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255ether 52:54:00:cc:65:de txqueuelen 1000 (Ethernet)RX packets 0 bytes 0 (0.0 B)RX errors 0 dropped 0 overruns 0 frame 0TX packets 0 bytes 0 (0.0 B)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0[root@l1 network-scripts]# vim ifcfg-ens3
[root@l1 network-scripts]# vim ifcfg-ens33
[root@l1 network-scripts]# ls
ifcfg-ens33 ifdown-ppp ifup-ib ifup-Team
ifcfg-lo ifdown-routes ifup-ippp ifup-TeamPort
ifdown ifdown-sit ifup-ipv6 ifup-tunnel
ifdown-bnep ifdown-Team ifup-isdn ifup-wireless
ifdown-eth ifdown-TeamPort ifup-plip init.ipv6-global
ifdown-ib ifdown-tunnel ifup-plusb network-functions
ifdown-ippp ifup ifup-post network-functions-ipv6
ifdown-ipv6 ifup-aliases ifup-ppp
ifdown-isdn ifup-bnep ifup-routes
ifdown-post ifup-eth ifup-sit
[root@l1 network-scripts]# ls
ifcfg-ens33 ifdown-ppp ifup-ib ifup-Team
ifcfg-lo ifdown-routes ifup-ippp ifup-TeamPort
ifdown ifdown-sit ifup-ipv6 ifup-tunnel
ifdown-bnep ifdown-Team ifup-isdn ifup-wireless
ifdown-eth ifdown-TeamPort ifup-plip init.ipv6-global
ifdown-ib ifdown-tunnel ifup-plusb network-functions
ifdown-ippp ifup ifup-post network-functions-ipv6
ifdown-ipv6 ifup-aliases ifup-ppp
ifdown-isdn ifup-bnep ifup-routes
ifdown-post ifup-eth ifup-sit
[root@l1 network-scripts]# vim ifcfg-ens33
[root@l1 network-scripts]# vim ifcfg-ens36
[root@l1 network-scripts]# vim ifcfg-ens36
[root@l1 network-scripts]# vim ifcfg-ens36
[root@l1 network-scripts]# vim ifcfg-ens33
[root@l1 network-scripts]# vim ifcfg-ens36
[root@l1 network-scripts]# vim ifcfg-ens36
[root@l1 network-scripts]# systemctl restart network
[root@l1 network-scripts]# ifc
ifcfg ifconfig
[root@l1 network-scripts]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 192.168.80.30 netmask 255.255.255.0 broadcast 192.168.80.255inet6 fe80::523e:232a:d39b:b32f prefixlen 64 scopeid 0x20<link>ether 00:0c:29:87:fc:b2 txqueuelen 1000 (Ethernet)RX packets 1527 bytes 125929 (122.9 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 1222 bytes 154371 (150.7 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0ens36: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 12.0.0.30 netmask 255.255.255.0 broadcast 12.0.0.255inet6 fe80::cfd7:6dd8:9716:71a3 prefixlen 64 scopeid 0x20<link>ether 00:0c:29:87:fc:bc txqueuelen 1000 (Ethernet)RX packets 25 bytes 3357 (3.2 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 631 bytes 103125 (100.7 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536inet 127.0.0.1 netmask 255.0.0.0inet6 ::1 prefixlen 128 scopeid 0x10<host>loop txqueuelen 1000 (Local Loopback)RX packets 382 bytes 32994 (32.2 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 382 bytes 32994 (32.2 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255ether 52:54:00:cc:65:de txqueuelen 1000 (Ethernet)RX packets 0 bytes 0 (0.0 B)RX errors 0 dropped 0 overruns 0 frame 0TX packets 0 bytes 0 (0.0 B)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0[root@l1 network-scripts]#
客戶端 1
[root@l2 ~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 192.168.18.20 netmask 255.255.255.0 broadcast 192.168.18.255inet6 fe80::ef42:44d7:112c:7393 prefixlen 64 scopeid 0x20<link>ether 00:0c:29:66:38:ff txqueuelen 1000 (Ethernet)RX packets 3908 bytes 3856097 (3.6 MiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 1554 bytes 116286 (113.5 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536inet 127.0.0.1 netmask 255.0.0.0inet6 ::1 prefixlen 128 scopeid 0x10<host>loop txqueuelen 1000 (Local Loopback)RX packets 37 bytes 3812 (3.7 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 37 bytes 3812 (3.7 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255ether 52:54:00:0f:a7:1a txqueuelen 1000 (Ethernet)RX packets 0 bytes 0 (0.0 B)RX errors 0 dropped 0 overruns 0 frame 0TX packets 0 bytes 0 (0.0 B)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0[root@l2 ~]# vim /etc/sysc vim /etc/sysc
還有 3 個文件等待編輯
[root@l2 ~]# vim /etc/sysc
[root@l2 ~]# vim /etc/sysconfig/network-scripts/ens33
[root@l2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
[root@l2 ~]# systemctl restart network
[root@l2 ~]#
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=b0bf3db5-b099-4770-96cf-0e3179f56bd1
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.80.11
NETMASK=255.255.255.0
GATEWAY=192.168.80.30[root@l2 network-scripts]# systemctl restart network
[root@l2 network-scripts]#
[root@l2 network-scripts]# systemctl stop firewalld
[root@l2 network-scripts]# setenforce 0
[root@l2 network-scripts]#
?客戶端 2
[root@l3 ~]# cd
[root@l3 ~]# cd /etc//sysconfig/network-scripts/
[root@l3 network-scripts]# vim ifcfg-ens3
[root@l3 network-scripts]# vim ifcfg-ens33
[root@l3 network-scripts]# ls
ifcfg-ens33 ifdown-ppp ifup-ib ifup-Team
ifcfg-lo ifdown-routes ifup-ippp ifup-TeamPort
ifdown ifdown-sit ifup-ipv6 ifup-tunnel
ifdown-bnep ifdown-Team ifup-isdn ifup-wireless
ifdown-eth ifdown-TeamPort ifup-plip init.ipv6-global
ifdown-ib ifdown-tunnel ifup-plusb network-functions
ifdown-ippp ifup ifup-post network-functions-ipv6
ifdown-ipv6 ifup-aliases ifup-ppp
ifdown-isdn ifup-bnep ifup-routes
ifdown-post ifup-eth ifup-sit
[root@l3 network-scripts]# [root@l3 network-scripts]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 192.168.18.30 netmask 255.255.255.0 broadcast 192.168.18.255inet6 fe80::4367:bd86:d4c9:c296 prefixlen 64 scopeid 0x20<link>ether 00:0c:29:c9:0b:e0 txqueuelen 1000 (Ethernet)RX packets 383345 bytes 562327116 (536.2 MiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 51994 bytes 3184636 (3.0 MiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536inet 127.0.0.1 netmask 255.0.0.0inet6 ::1 prefixlen 128 scopeid 0x10<host>loop txqueuelen 1000 (Local Loopback)RX packets 221 bytes 18940 (18.4 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 221 bytes 18940 (18.4 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255ether 52:54:00:1e:49:a2 txqueuelen 1000 (Ethernet)RX packets 0 bytes 0 (0.0 B)RX errors 0 dropped 0 overruns 0 frame 0TX packets 0 bytes 0 (0.0 B)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0[root@l3 network-scripts]# cd /etc//sysconfig/network-scripts/
[root@l3 network-scripts]# vim ifcfg-ens33
[root@l3 network-scripts]# systemctl restart net
netcf-transaction.service network.service
network-online.target
[root@l3 network-scripts]# systemctl restart networkw
Failed to restart networkw.service: Unit not found.
[root@l3 network-scripts]# systemctl restart network
[root@l3 network-scripts]# 
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=518f05a5-256a-45cf-bf88-e8e365e57bff
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.80.20
NETMASK=255.255.255.0
GATEWAY=192.168.80.30
[root@l3 ~]# systemctl stop firewalld
[root@l3 ~]# setenforce 0
[root@l3 ~]#
客戶機1 客戶機2ping網關服務器
網關服務器? 清空規則
[root@l1 network-scripts]# iptables -F
[root@l1 network-scripts]# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination Chain FORWARD (policy ACCEPT)
target prot opt source destination Chain OUTPUT (policy ACCEPT)
target prot opt source destination
[root@l1 network-scripts]# iptables -t nat -F
[root@l1 network-scripts]# iptables -nL -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination Chain INPUT (policy ACCEPT)
target prot opt source destination Chain OUTPUT (policy ACCEPT)
target prot opt source destination Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
[root@l1 network-scripts]# ?外網服務器
[root@localhost network-scripts]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 12.0.0.12 netmask 255.255.255.0 broadcast 12.0.0.255inet6 fe80::149b:989c:c2fc:e0e0 prefixlen 64 scopeid 0x20<link>ether 00:0c:29:3d:ca:57 txqueuelen 1000 (Ethernet)RX packets 304 bytes 72391 (70.6 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 200 bytes 25274 (24.6 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536inet 127.0.0.1 netmask 255.0.0.0inet6 ::1 prefixlen 128 scopeid 0x10<host>loop txqueuelen 1000 (Local Loopback)RX packets 1048 bytes 90856 (88.7 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 1048 bytes 90856 (88.7 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255ether 52:54:00:e5:c7:15 txqueuelen 1000 (Ethernet)RX packets 0 bytes 0 (0.0 B)RX errors 0 dropped 0 overruns 0 frame 0TX packets 0 bytes 0 (0.0 B)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0[root@localhost network-scripts]# vim ifcfg-ens33
[root@localhost network-scripts]# systemctl restart network
[root@localhost network-scripts]# vim ifcfg-ens33
[root@localhost network-scripts]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 12.0.0.12 netmask 255.255.255.0 broadcast 12.0.0.255inet6 fe80::149b:989c:c2fc:e0e0 prefixlen 64 scopeid 0x20<link>ether 00:0c:29:3d:ca:57 txqueuelen 1000 (Ethernet)RX packets 304 bytes 72391 (70.6 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 239 bytes 30819 (30.0 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536inet 127.0.0.1 netmask 255.0.0.0inet6 ::1 prefixlen 128 scopeid 0x10<host>loop txqueuelen 1000 (Local Loopback)RX packets 1184 bytes 102648 (100.2 KiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 1184 bytes 102648 (100.2 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0virbr0: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255ether 52:54:00:e5:c7:15 txqueuelen 1000 (Ethernet)RX packets 0 bytes 0 (0.0 B)RX errors 0 dropped 0 overruns 0 frame 0TX packets 0 bytes 0 (0.0 B)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=ens33
UUID=db5dc291-4aff-4027-be90-8bc167e8ffaa
DEVICE=ens33
ONBOOT=yes
IPADDR=12.0.0.12
NETMASK=255.255.255.0
GATEWAY=12.0.0.30
[root@localhost network-scripts]# systemctl restart network //重啟網卡[root@l3 network-scripts]# systemctl stop firewalld //關閉防火墻
[root@l3 network-scripts]# setenforce 0
[root@l3 network-scripts]#
[root@localhost ~]# yum install -y httpd //下載軟件httpd
已加載插件:fastestmirror, langpacks
Loading mirror speeds from cached hostfile
正在解決依賴關系
--> 正在檢查事務
---> 軟件包 httpd.x86_64.0.2.4.6-97.el7.centos.5 將被 安裝
--> 正在處理依賴關系 httpd-tools = 2.4.6-97.el7.centos.5,它被軟件包 httpd-2.4.6-97.el7.centos.5.x86_64 需要
--> 正在處理依賴關系 /etc/mime.types,它被軟件包 httpd-2.4.6-97.el7.centos.5.x86_64 需要
--> 正在檢查事務
---> 軟件包 httpd-tools.x86_64.0.2.4.6-97.el7.centos.5 將被 安裝
---> 軟件包 mailcap.noarch.0.2.1.41-2.el7 將被 安裝
--> 解決依賴關系完成依賴關系解決==================================================================Package 架構 版本 源 大小
==================================================================
正在安裝:httpd x86_64 2.4.6-97.el7.centos.5 local 2.7 M
為依賴而安裝:httpd-tools x86_64 2.4.6-97.el7.centos.5 local 94 kmailcap noarch 2.1.41-2.el7 local 31 k事務概要
==================================================================
安裝 1 軟件包 (+2 依賴軟件包)總下載量:2.8 M
安裝大小:9.6 M
Downloading packages:
------------------------------------------------------------------
總計 34 MB/s | 2.8 MB 00:00
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction正在安裝 : httpd-tools-2.4.6-97.el7.centos.5.x86_64 1/3 正在安裝 : mailcap-2.1.41-2.el7.noarch 2/3 正在安裝 : httpd-2.4.6-97.el7.centos.5.x86_64 3/3 驗證中 : mailcap-2.1.41-2.el7.noarch 1/3 驗證中 : httpd-tools-2.4.6-97.el7.centos.5.x86_64 2/3 驗證中 : httpd-2.4.6-97.el7.centos.5.x86_64 3/3 已安裝:httpd.x86_64 0:2.4.6-97.el7.centos.5 作為依賴被安裝:httpd-tools.x86_64 0:2.4.6-97.el7.centos.5 mailcap.noarch 0:2.1.41-2.el7 完畢!
[root@localhost [root@localhost ~]# systemctl start httpd
[root@localhost ~]# netstat -lntp | grep :80 //阿帕奇端口已開啟
tcp6 0 0 :::80 :::* LISTEN 61993/httpd
[root@localhost ~]#
已經全部配置好,現在開始驗證
網關服務器
[root@l1 network-scripts]# ping 192.168.80.30
PING 192.168.80.30 (192.168.80.30) 56(84) bytes of data.
64 bytes from 192.168.80.30: icmp_seq=1 ttl=64 time=0.061 ms
64 bytes from 192.168.80.30: icmp_seq=2 ttl=64 time=0.041 ms
64 bytes from 192.168.80.30: icmp_seq=3 ttl=64 time=0.042 ms
64 bytes from 192.168.80.30: icmp_seq=4 ttl=64 time=0.065 ms
64 bytes from 192.168.80.30: icmp_seq=5 ttl=64 time=0.043 ms
64 bytes from 192.168.80.30: icmp_seq=6 ttl=64 time=0.043 ms
64 bytes from 192.168.80.30: icmp_seq=7 ttl=64 time=0.052 ms
64 bytes from 192.168.80.30: icmp_seq=8 ttl=64 time=0.045 ms
64 bytes from 192.168.80.30: icmp_seq=9 ttl=64 time=0.043 ms
64 bytes from 192.168.80.30: icmp_seq=10 ttl=64 time=0.043 ms
[root@l1 network-scripts]# ping 12.0.0.30
PING 12.0.0.30 (12.0.0.30) 56(84) bytes of data.
64 bytes from 12.0.0.30: icmp_seq=1 ttl=64 time=0.025 ms
64 bytes from 12.0.0.30: icmp_seq=2 ttl=64 time=0.043 ms
64 bytes from 12.0.0.30: icmp_seq=3 ttl=64 time=0.042 ms
64 bytes from 12.0.0.30: icmp_seq=4 ttl=64 time=0.041 ms
64 bytes from 12.0.0.30: icmp_seq=5 ttl=64 time=0.039 ms
64 bytes from 12.0.0.30: icmp_seq=6 ttl=64 time=0.041 ms
64 bytes from 12.0.0.30: icmp_seq=7 ttl=64 time=0.044 ms
64 bytes from 12.0.0.30: icmp_seq=8 ttl=64 time=0.041 ms
^C
--- 12.0.0.30 ping statistics ---
8 packets transmitted, 8 received, 0% packet loss, time 6999ms
rtt min/avg/max/mdev = 0.025/0.039/0.044/0.008 ms
[root@l1 network-scripts]#
都可以ping通
網關服務器
=0 ping不通
客戶端1
[root@l2 ~]#
[root@l2 ~]# ping 192.168.80.30
PING 192.168.80.30 (192.168.80.30) 56(84) bytes of data.
64 bytes from 192.168.80.30: icmp_seq=1 ttl=64 time=0.273 ms
64 bytes from 192.168.80.30: icmp_seq=2 ttl=64 time=0.182 ms
64 bytes from 192.168.80.30: icmp_seq=3 ttl=64 time=0.293 ms
64 bytes from 192.168.80.30: icmp_seq=4 ttl=64 time=0.173 ms
^C
--- 192.168.80.30 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3000ms
rtt min/avg/max/mdev = 0.173/0.230/0.293/0.054 ms
[root@l2 ~]# ping 12.0.0.30
PING 12.0.0.30 (12.0.0.30) 56(84) bytes of data.
64 bytes from 12.0.0.30: icmp_seq=1 ttl=64 time=0.214 ms
64 bytes from 12.0.0.30: icmp_seq=2 ttl=64 time=0.177 ms
64 bytes from 12.0.0.30: icmp_seq=3 ttl=64 time=0.245 ms
64 bytes from 12.0.0.30: icmp_seq=4 ttl=64 time=0.229 ms
64 bytes from 12.0.0.30: icmp_seq=5 ttl=64 time=0.262 ms
^C
--- 12.0.0.30 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 3999ms
rtt min/avg/max/mdev = 0.177/0.225/0.262/0.031 ms
[root@l2 ~]# ping 12.0.0.12
PING 12.0.0.12 (12.0.0.12) 56(84) bytes of data.
64 bytes from 12.0.0.12: icmp_seq=1 ttl=63 time=1.06 ms
64 bytes from 12.0.0.12: icmp_seq=2 ttl=63 time=0.850 ms
64 bytes from 12.0.0.12: icmp_seq=3 ttl=63 time=0.485 ms
64 bytes from 12.0.0.12: icmp_seq=4 ttl=63 time=2.03 ms
64 bytes from 12.0.0.12: icmp_seq=5 ttl=63 time=0.392 ms
^C
--- 12.0.0.12 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4003ms
rtt min/avg/max/mdev = 0.392/0.966/2.034/0.587 ms
[root@l2 ~]#
外網服務器?
客戶端1
[root@l2 ~]# ping 12.0.0.12
PING 12.0.0.12 (12.0.0.12) 56(84) bytes of data.
64 bytes from 12.0.0.12: icmp_seq=1 ttl=63 time=0.635 ms
64 bytes from 12.0.0.12: icmp_seq=2 ttl=63 time=0.417 ms
64 bytes from 12.0.0.12: icmp_seq=3 ttl=63 time=0.471 ms
64 bytes from 12.0.0.12: icmp_seq=4 ttl=63 time=1.83 ms
64 bytes from 12.0.0.12: icmp_seq=5 ttl=63 time=0.668 ms
64 bytes from 12.0.0.12: icmp_seq=6 ttl=63 time=0.469 ms
64 bytes from 12.0.0.12: icmp_seq=7 ttl=63 time=3.92 ms
64 bytes from 12.0.0.12: icmp_seq=8 ttl=63 time=5.65 ms
64 bytes from 12.0.0.12: icmp_seq=9 ttl=63 time=0.438 ms
64 bytes from 12.0.0.12: icmp_seq=10 ttl=63 time=0.556 ms
64 bytes from 12.0.0.12: icmp_seq=11 ttl=63 time=0.437 ms
64 bytes from 12.0.0.12: icmp_seq=12 ttl=63 time=0.338 ms
64 bytes from 12.0.0.12: icmp_seq=13 ttl=63 time=0.348 ms
64 bytes from 12.0.0.12: icmp_seq=14 ttl=63 time=0.409 ms
64 bytes from 12.0.0.12: icmp_seq=15 ttl=63 time=0.583 ms
64 bytes from 12.0.0.12: icmp_seq=16 ttl=63 time=0.474 ms
^C
--- 12.0.0.12 ping statistics ---
16 packets transmitted, 16 received, 0% packet loss, time 15010ms
rtt min/avg/max/mdev = 0.338/1.103/5.652/1.465 ms
[root@l2 ~]#
外網服務器?
[root@localhost ~]# tcpdump -i ens33 -s 0 -w ./test1.cap
tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
^C196 packets captured
198 packets received by filter
0 packets dropped by kernel
[root@localhost ~]# ls
anaconda-ks.cfg test1.cap 模板 圖片 下載 桌面
initial-setup-ks.cfg 公共 視頻 文檔 音樂
[root@localhost ~]# sz test1.cap
[root@localhost ~]#
?
真實環境中 客戶端192.168.80.11? ?無法ping通? ?外網服務器12.0.0.12
網關服務器?
[root@l1 ~]# iptables -F nat
iptables: No chain/target/match by that name.
[root@l1 ~]# iptables -t nat -F
[root@l1 ~]# iptables -t nat -A POSTROUTING -s 192.168.80.0/24 -o ens36 -j SNAT --to 12.0.0.30
[root@l1 ~]# iptables -t nat -nL
Chain PREROUTING (policy ACCEPT)
target prot opt source destination Chain INPUT (policy ACCEPT)
target prot opt source destination Chain OUTPUT (policy ACCEPT)
target prot opt source destination Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 192.168.80.0/24 0.0.0.0/0 to:12.0.0.30
[root@l1 ~]# 外網服務器
[root@localhost ~]# tcpdump -i ens33 -s 0 -w ./test2.cap //抓包到test2.cap文件
tcpdump: listening on ens33, link-type EN10MB (Ethernet), capture size 262144 bytes
^C26 packets captured
客戶端1
[root@l2 ~]# ping -c 10 12.0.0.12 //ping十個包
PING 12.0.0.12 (12.0.0.12) 56(84) bytes of data.
64 bytes from 12.0.0.12: icmp_seq=1 ttl=63 time=0.440 ms
64 bytes from 12.0.0.12: icmp_seq=2 ttl=63 time=0.373 ms
64 bytes from 12.0.0.12: icmp_seq=3 ttl=63 time=0.362 ms
64 bytes from 12.0.0.12: icmp_seq=4 ttl=63 time=0.455 ms
64 bytes from 12.0.0.12: icmp_seq=5 ttl=63 time=0.468 ms
64 bytes from 12.0.0.12: icmp_seq=6 ttl=63 time=0.553 ms
64 bytes from 12.0.0.12: icmp_seq=7 ttl=63 time=0.427 ms
64 bytes from 12.0.0.12: icmp_seq=8 ttl=63 time=0.406 ms
64 bytes from 12.0.0.12: icmp_seq=9 ttl=63 time=0.648 ms
64 bytes from 12.0.0.12: icmp_seq=10 ttl=63 time=0.359 ms--- 12.0.0.12 ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 9001ms
rtt min/avg/max/mdev = 0.359/0.449/0.648/0.086 ms
[root@l2 ~]#
?外網服務器導出
[root@localhost ~]# sz test2.cap
[root@localhost ~]# 
?總結
網關主機 ens33(左,連接內網)192.168.80.30? ? ens36(右,連接外網)12.0.0.30
客戶端1 設置ip地址為192.168.80.11? ?網關為ens33 192.168.80.30
客戶端2 設置ip地址為192.168.80.20? ?網關為ens33 192.168.80.30
外網服務器 ip 12.0.0.12? 網關為ens36 12.0.0.30
SNAT ? ?內網 --> 外網 ? 轉換源地址??
iptables ?-t nat ?-A POSTROUTING ?-s 內網的源地址/網段 ?-o 出站網卡 ?-j SNAT ?--to 要轉換的公網源地址
實驗2? ?DNAT
DNAT ? 外網 --> ?內網 ? 轉換目的地址:端口
iptables ?-t nat ?-A PREROUTING ? -i 入站網卡 ?-d 原公網目的地址 ?-p 協議 --dport 原目的端口 ?-j DNAT ?--to 要轉換的內網目的地址:端口
![[深度學習]基于yolov8+bytetrack+pyqt5實現車輛進出流量統計+車輛實時測速實現](http://pic.xiahunao.cn/[深度學習]基于yolov8+bytetrack+pyqt5實現車輛進出流量統計+車輛實時測速實現)
)
)
)
