Common network topology is structured as follows:
But the network server occasionally with the Internet, such as yum utility, wget file. And we do not make important business directly exposed to the public Internet.
Easy to use security policy are: three switches, routers do nat mapping, firewall security policies do.
For various reasons the upper reach of the network equipment, the use of temporary agency iptables program:
One, including network gateway server set up a web server ip address
Second, the web server setup iptables forwarding
iptables -t nat -A POSTROUTING -s 172.16.0.0/24 -o ens161 -j MASQUERADE
or
iptables -t nat -A POSTROUTING -i ens192 -o ens161 -j MASQUERADE