Chemmy's Blog

chengming0916@gmail.com

0%

发表于 Valine:

要求:

eth0:192.168.100.203 连接内网,网关为192.168.100.1。需要和192.168.10.0、192.168.12.0、192.168.100.0、10.2.2.0、10.2.1.0网段通信。

eth1:172.16.0.203 连接外网,网关为172.16.0.254。需要访问外网。

配置思路:

eth1设置默认网关,生成0.0.0.0的默认路由,eth0不设置网关,手动添加静态路由。

复制代码

[root@dcServer003 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0

Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet

DEVICE=eth0
BOOTPROTO=none
HWADDR=D8:D3:85:FA:91:46 ONBOOT=yes
IPADDR=192.168.100.203 NETMASK=255.255.255.0 #GATEWAY=192.168.100.1 TYPE=Ethernet

复制代码

复制代码

[root@dcServer003 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1

Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet

DEVICE=eth1
BOOTPROTO=static
HWADDR=d8:d3:85:fa:91:48 ONBOOT=yes
NETMASK=255.255.255.0 IPADDR=172.16.0.203 GATEWAY=172.16.0.254 TYPE=Ethernet

复制代码

复制代码

[root@dcServer003 ~]# cat /etc/rc.local
#!/bin/sh #

This script will be executed *after* all the other init scripts.

You can put your own initialization stuff in here if you don’t

want to do the full Sys V style init stuff. touch /var/lock/subsys/local

route add -net 192.168.10.0/24 gw 192.168.100.1 eth0
route add -net 192.168.12.0/24 gw 192.168.100.1 eth0
route add -net 192.168.100.0/24 gw 192.168.100.1 eth0
route add -net 10.2.1.0/24 gw 192.168.100.1 eth0
route add -net 10.2.2.0/24 gw 192.168.100.1 eth0
[root@dcServer003 ~]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.100.0 192.168.100.1 255.255.255.0 UG 0 0 0 eth0 192.168.100.0 * 255.255.255.0 U 0 0 0 eth0 10.2.1.0 192.168.100.1 255.255.255.0 UG 0 0 0 eth0 10.2.2.0 192.168.100.1 255.255.255.0 UG 0 0 0 eth0 172.16.0.0 * 255.255.255.0 U 0 0 0 eth1 192.168.12.0 192.168.100.1 255.255.255.0 UG 0 0 0 eth0 192.168.10.0 192.168.100.1 255.255.255.0 UG 0 0 0 eth0 169.254.0.0 * 255.255.0.0 U 0 0 0 eth1
default 172.16.0.254 0.0.0.0 UG 0 0 0 eth1

[root@dcServer003 ~]# tracert www.baidu.com
traceroute to www.baidu.com (61.135.169.121), 30 hops max, 40 byte packets 1 172.16.0.254 (172.16.0.254) 0.521 ms 0.518 ms 0.517 ms 2 100.64.0.1 (100.64.0.1) 3.451 ms 3.524 ms 3.558 ms 3 111.175.224.53 (111.175.224.53) 3.672 ms 3.686 ms 3.774 ms 4 111.175.208.229 (111.175.208.229) 8.447 ms 8.430 ms 8.434 ms 5 (202.97.67.29) 32.737 ms 32.593 ms 32.817 ms 6 202.97.88.254 (202.97.88.254) 27.398 ms * *
7 219.158.44.133 (219.158.44.133) 26.144 ms * *
8 * * *
9 61.49.214.6 (61.49.214.6) 27.650 ms 27.653 ms 27.715 ms 10 123.126.6.118 (123.126.6.118) 25.847 ms 25.937 ms 26.910 ms 11 * 61.49.168.78 (61.49.168.78) 24.593 ms *
12 61.135.169.121 (61.135.169.121) 26.060 ms 26.112 ms 25.905 ms
[root@dcServer003 ~]# tracert 192.168.10.61 traceroute to 192.168.10.61 (192.168.10.61), 30 hops max, 40 byte packets 1 192.168.100.2 (192.168.100.2) 3.135 ms 3.112 ms 3.201 ms 2 192.168.10.61 (192.168.10.61) 0.345 ms 0.351 ms 0.349 ms

复制代码

 实际工作中192.168.100.203上开启了一个squid代理,所以需要开启路由转发:echo 1 > /proc/sys/net/ipv4/ip_forward

设置本地两个网卡能互ping:

iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -d 172.16.0.0/24 -o eth1 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 172.16.0.0/24 -d 192.168.100.0/24 -o eth0 -j MASQUERADE