diff --git a/Forward-Tools/firewall_tools.sh b/Forward-Tools/firewall_tools.sh
index 14a0b05..4e99d3d 100644
--- a/Forward-Tools/firewall_tools.sh
+++ b/Forward-Tools/firewall_tools.sh
@@ -7,7 +7,7 @@ if [ "$EUID" -ne 0 ]; then
 fi
 
 if ! command -v firewall-cmd >/dev/null 2>&1; then
-  echo "❌ 未检测到 firewall-cmd（仅支持 RHEL 系）"
+  echo "❌ 未检测到 firewall-cmd"
   exit 1
 fi
 
@@ -16,6 +16,8 @@ if ! systemctl is-active firewalld >/dev/null 2>&1; then
   exit 1
 fi
 
+firewall-cmd --permanent --add-masquerade
+
 ZONE=$(firewall-cmd --get-default-zone)
 
 get_forward_ports() {
@@ -82,7 +84,6 @@ delete_rule() {
   echo "$RULE"
   read -rp "确认删除？(y/N): " CONFIRM
   [[ "$CONFIRM" =~ ^[Yy]$ ]] || return
-
   firewall-cmd --permanent --zone="$ZONE" --remove-forward-port="$RULE"
   firewall-cmd --reload
 
diff --git a/System-Init/mysql-salve-config.sh b/System-Init/mysql-salve-config.sh
new file mode 100644
index 0000000..2be8ee5
--- /dev/null
+++ b/System-Init/mysql-salve-config.sh
@@ -0,0 +1,24 @@
+#!/bin/bash
+set -e
+#检查操作系统类型
+if grep -Ei "red hat|rocky|alma|centos" /etc/os-release > /dev/null 2>&1; then
+    dnf -y install mysql8.4-server
+elif grep -Ei "debian|ubuntu" /etc/os-release > /dev/null 2>&1; then
+    echo 非红帽系操作系统,脚本不支持当前操作系统
+    exit 1
+fi
+#为防火墙放行3306端口
+firewall-cmd --add-port=3306/tcp --permanent
+firewall-cmd --reload
+
+#交互式输入MySQL从库IP
+read -p "请输入MySQL从库IP: " slave_ip
+read -p "请输入MySQL从库SSH密码: " slave_password
+#生成密钥并配置从库SSH免密登录
+if [ ! -f ~/.ssh/id_rsa ]; then
+    ssh-keygen -t rsa -N "" -f ~/.ssh/id_rsa
+fi
+sshpass -p "${slave_password}" ssh-copy-id -o StrictHostKeyChecking=no root@${slave_ip}
+
+#通过交互式输入的IP和密码复制复制MySQL数据库证书到从库
+sshpass -p "${slave_password}" scp -o StrictHostKeyChecking=no /var/lib/mysql/*.pem root@${slave_ip}:/var/lib/mysql/
diff --git a/System-Init/system-init-shells-Lite.sh b/System-Init/system-init-shells-Lite.sh
index bd69cf7..71405c6 100644
--- a/System-Init/system-init-shells-Lite.sh
+++ b/System-Init/system-init-shells-Lite.sh
@@ -13,9 +13,11 @@ if grep -Ei "red hat|rocky|alma|centos" /etc/os-release > /dev/null 2>&1; then
         sudo firewall-cmd --permanent --add-port=${port}/tcp
         sudo firewall-cmd --permanent --add-port=${port}/udp
     done
-
+    #启用Firewall NAT转发
+    sudo firewall-cmd --permanent --add-masquerade --zone=public
+    
+    #重启Firewall
     sudo firewall-cmd --reload
-
     sudo firewall-cmd --list-ports
 
 sudo dnf install -y wget curl tar 
diff --git a/System-Init/system-init-shells.sh b/System-Init/system-init-shells.sh
index bc3130f..607fedd 100644
--- a/System-Init/system-init-shells.sh
+++ b/System-Init/system-init-shells.sh
@@ -14,9 +14,10 @@ if grep -Ei "red hat|rocky|alma|centos" /etc/os-release > /dev/null 2>&1; then
         sudo firewall-cmd --permanent --add-port=${port}/tcp
         sudo firewall-cmd --permanent --add-port=${port}/udp
     done
-
+    #启用Firewall NAT转发
+    sudo firewall-cmd --permanent --add-masquerade --zone=public
+    #重启Firewall
     sudo firewall-cmd --reload
-
     sudo firewall-cmd --list-ports
 
 sudo dnf install -y wget curl tar