1.IP规划设置
| 主机名 | ip地址 | ip地址(第二个网卡配置的地址) | 地址类别 |
| web01 | 172.16.1.8 | 空 | 仅可访问内网主机 |
| proxy | 172.16.1.2 | 10.0.0.2 | 可访问内外网主机 |
2.修改网卡配置及iptables配置
########################### 开始修改web主机01配置 ###########################
[root@web01 ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=none
IPADDR=172.16.1.8 #设置网卡ip
NETMASK=255.255.255.0 # 设置掩码
GATEWAY=172.16.1.2 #修改网关配置
DNS1=223.5.5.5 #设置DNS,如果不设置DNS,则无法ping通域名
USERCTL=no
PEERDNS=yes
IPV6INIT=no [root@web01 ~]# route -n #显示web01主机的路由
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.16.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 eth0
0.0.0.0 172.16.1.2 0.0.0.0 UG 0 0 0 eth0 #这里设置了web01主机的路由为proxy主机内网网卡ip########################### 完成修改web主机01配置 ###########################
########################### 开始修改proxy主机配置 ###########################
[root@proxy ~]# echo "1"> /proc/sys/net/ipv4/ip_forward #修改当前系统内存中ip_forward的值,这是开启ip转发
[root@proxy ~]# cat /proc/sys/net/ipv4/ip_forward
1
[root@proxy ~]# sysctl -p
[root@proxy ~]# echo -e "# Controls IP packet forwarding\nnet.ipv4.ip_forward = 1 " >>/etc/sysctl.conf #将ip转 发参数,写入内容到配置文件,每次启动机器时都会开启ip转发功能
[root@proxy ~]# tail -3 /etc/sysctl.conf
# Controls IP packet forwarding
net.ipv4.ip_forward = 1 [root@proxy /]# iptables -t nat -A POSTROUTING -o eth0 -s 172.16.1.0/24 -j SNAT --to 10.0.0.2 #将内网出口规则写入到iptables内存中
[root@proxy /]# service iptables save #将上面写入的内容保存到文件中
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ] #上面规则写入的配置文件/etc/sysconfig/iptables
[root@proxy /]# /etc/init.d/iptables restart #重启iptables
iptables: Setting chains to policy ACCEPT: nat filter [ OK ]
iptables: Flushing firewall rules: [ OK ]
iptables: Unloading modules: [ OK ]
iptables: Applying firewall rules: [ OK ]
[root@proxy /]# iptables-save #显示iptables规则(iptables-save可以显示iptables配置文件及内存中新添加的规则)
# Generated by iptables-save v1.4.7 on Thu Nov 2 14:24:33 2017
*filter
:INPUT ACCEPT [10:720]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [7:1032]
-A OUTPUT -p tcp -m tcp --dport 80 -j ACCEPT
COMMIT
# Completed on Thu Nov 2 14:24:33 2017
# Generated by iptables-save v1.4.7 on Thu Nov 2 14:24:33 2017
*nat
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [1:120]
:OUTPUT ACCEPT [1:120]
-A POSTROUTING -s 172.16.1.0/24 -o eth0 -j SNAT --to-source 10.0.0.2 #之前追加的iptables规则
COMMIT
# Completed on Thu Nov 2 14:24:33 2017
########################### 完成修改proxy主机配置 ###########################
3.测试同步
[root@web01 ~]# ping www.baidu.com #测试连接外网
PING www.a.shifen.com (111.13.100.92) 56(84) bytes of data.
64 bytes from 111.13.100.92: icmp_seq=1 ttl=127 time=4.97 ms
64 bytes from 111.13.100.92: icmp_seq=2 ttl=127 time=8.74 ms
^C
--- www.a.shifen.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1343ms
rtt min/avg/max/mdev = 4.976/6.860/8.745/1.886 ms显示成功,没有问题。
[root@web01 ~]# uname -a
Linux web01 2.6.32-696.el6.x86_64 #1 SMP Tue Mar 21 19:29:05 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
[root@proxy /]# uname -a
Linux proxy 2.6.32-696.el6.x86_64 #1 SMP Tue Mar 21 19:29:05 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
#当前两台主机配置为一致,如有问题,请在下面留言,看到后尽快回复.