linux下双网卡双网关配置

时间:2024-02-18 08:44:55

要求:

eth0:192.168.100.203 连接内网,网关为192.168.100.1。需要和192.168.10.0、192.168.12.0、192.168.100.0、10.2.2.0、10.2.1.0网段通信。

eth1:172.16.0.203 连接外网,网关为172.16.0.254。需要访问外网。

配置思路:

eth1设置默认网关,生成0.0.0.0的默认路由,eth0不设置网关,手动添加静态路由。

[root@dcServer003 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 
# Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet
DEVICE=eth0
BOOTPROTO=none
HWADDR=D8:D3:85:FA:91:46
ONBOOT=yes
IPADDR=192.168.100.203
NETMASK=255.255.255.0
#GATEWAY=192.168.100.1
TYPE=Ethernet
eth0 配置
[root@dcServer003 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1 
# Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet
DEVICE=eth1
BOOTPROTO=static
HWADDR=d8:d3:85:fa:91:48
ONBOOT=yes
NETMASK=255.255.255.0
IPADDR=172.16.0.203
GATEWAY=172.16.0.254
TYPE=Ethernet
eth1配置
[root@dcServer003 ~]# cat /etc/rc.local 
#!/bin/sh
#
# This script will be executed *after* all the other init scripts.
# You can put your own initialization stuff in here if you don\'t
# want to do the full Sys V style init stuff.

touch /var/lock/subsys/local
route add -net 192.168.10.0/24 gw 192.168.100.1 eth0
route add -net 192.168.12.0/24 gw 192.168.100.1 eth0
route add -net 192.168.100.0/24 gw 192.168.100.1 eth0
route add -net 10.2.1.0/24 gw 192.168.100.1 eth0
route add -net 10.2.2.0/24 gw 192.168.100.1 eth0
[root@dcServer003 ~]# route 
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
192.168.100.0   192.168.100.1   255.255.255.0   UG    0      0        0 eth0
192.168.100.0   *               255.255.255.0   U     0      0        0 eth0
10.2.1.0        192.168.100.1   255.255.255.0   UG    0      0        0 eth0
10.2.2.0        192.168.100.1   255.255.255.0   UG    0      0        0 eth0
172.16.0.0      *               255.255.255.0   U     0      0        0 eth1
192.168.12.0    192.168.100.1   255.255.255.0   UG    0      0        0 eth0
192.168.10.0    192.168.100.1   255.255.255.0   UG    0      0        0 eth0
169.254.0.0     *               255.255.0.0     U     0      0        0 eth1
default         172.16.0.254    0.0.0.0         UG    0      0        0 eth1

[root@dcServer003 ~]# tracert www.baidu.com
traceroute to www.baidu.com (61.135.169.121), 30 hops max, 40 byte packets
 1  172.16.0.254 (172.16.0.254)  0.521 ms  0.518 ms  0.517 ms
 2  100.64.0.1 (100.64.0.1)  3.451 ms  3.524 ms  3.558 ms
 3  111.175.224.53 (111.175.224.53)  3.672 ms  3.686 ms  3.774 ms
 4  111.175.208.229 (111.175.208.229)  8.447 ms  8.430 ms  8.434 ms
 5   (202.97.67.29)  32.737 ms  32.593 ms  32.817 ms
 6  202.97.88.254 (202.97.88.254)  27.398 ms * *
 7  219.158.44.133 (219.158.44.133)  26.144 ms * *
 8  * * *
 9  61.49.214.6 (61.49.214.6)  27.650 ms  27.653 ms  27.715 ms
10  123.126.6.118 (123.126.6.118)  25.847 ms  25.937 ms  26.910 ms
11  * 61.49.168.78 (61.49.168.78)  24.593 ms *
12  61.135.169.121 (61.135.169.121)  26.060 ms  26.112 ms  25.905 ms    
[root@dcServer003 ~]# tracert 192.168.10.61
traceroute to 192.168.10.61 (192.168.10.61), 30 hops max, 40 byte packets
 1  192.168.100.2 (192.168.100.2)  3.135 ms  3.112 ms  3.201 ms
 2  192.168.10.61 (192.168.10.61)  0.345 ms  0.351 ms  0.349 ms

 实际工作中192.168.100.203上开启了一个squid代理,所以需要开启路由转发:echo 1 > /proc/sys/net/ipv4/ip_forward

设置本地两个网卡能互ping:

iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -d 172.16.0.0/24 -o eth1 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 172.16.0.0/24 -d 192.168.100.0/24 -o eth0 -j MASQUERADE