要求:
eth0:192.168.100.203 连接内网,网关为192.168.100.1。需要和192.168.10.0、192.168.12.0、192.168.100.0、10.2.2.0、10.2.1.0网段通信。
eth1:172.16.0.203 连接外网,网关为172.16.0.254。需要访问外网。
配置思路:
eth1设置默认网关,生成0.0.0.0的默认路由,eth0不设置网关,手动添加静态路由。
[root@dcServer003 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 # Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet DEVICE=eth0 BOOTPROTO=none HWADDR=D8:D3:85:FA:91:46 ONBOOT=yes IPADDR=192.168.100.203 NETMASK=255.255.255.0 #GATEWAY=192.168.100.1 TYPE=Ethernet
[root@dcServer003 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1 # Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet DEVICE=eth1 BOOTPROTO=static HWADDR=d8:d3:85:fa:91:48 ONBOOT=yes NETMASK=255.255.255.0 IPADDR=172.16.0.203 GATEWAY=172.16.0.254 TYPE=Ethernet
[root@dcServer003 ~]# cat /etc/rc.local #!/bin/sh # # This script will be executed *after* all the other init scripts. # You can put your own initialization stuff in here if you don\'t # want to do the full Sys V style init stuff. touch /var/lock/subsys/local route add -net 192.168.10.0/24 gw 192.168.100.1 eth0 route add -net 192.168.12.0/24 gw 192.168.100.1 eth0 route add -net 192.168.100.0/24 gw 192.168.100.1 eth0 route add -net 10.2.1.0/24 gw 192.168.100.1 eth0 route add -net 10.2.2.0/24 gw 192.168.100.1 eth0 [root@dcServer003 ~]# route Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.100.0 192.168.100.1 255.255.255.0 UG 0 0 0 eth0 192.168.100.0 * 255.255.255.0 U 0 0 0 eth0 10.2.1.0 192.168.100.1 255.255.255.0 UG 0 0 0 eth0 10.2.2.0 192.168.100.1 255.255.255.0 UG 0 0 0 eth0 172.16.0.0 * 255.255.255.0 U 0 0 0 eth1 192.168.12.0 192.168.100.1 255.255.255.0 UG 0 0 0 eth0 192.168.10.0 192.168.100.1 255.255.255.0 UG 0 0 0 eth0 169.254.0.0 * 255.255.0.0 U 0 0 0 eth1 default 172.16.0.254 0.0.0.0 UG 0 0 0 eth1 [root@dcServer003 ~]# tracert www.baidu.com traceroute to www.baidu.com (61.135.169.121), 30 hops max, 40 byte packets 1 172.16.0.254 (172.16.0.254) 0.521 ms 0.518 ms 0.517 ms 2 100.64.0.1 (100.64.0.1) 3.451 ms 3.524 ms 3.558 ms 3 111.175.224.53 (111.175.224.53) 3.672 ms 3.686 ms 3.774 ms 4 111.175.208.229 (111.175.208.229) 8.447 ms 8.430 ms 8.434 ms 5 (202.97.67.29) 32.737 ms 32.593 ms 32.817 ms 6 202.97.88.254 (202.97.88.254) 27.398 ms * * 7 219.158.44.133 (219.158.44.133) 26.144 ms * * 8 * * * 9 61.49.214.6 (61.49.214.6) 27.650 ms 27.653 ms 27.715 ms 10 123.126.6.118 (123.126.6.118) 25.847 ms 25.937 ms 26.910 ms 11 * 61.49.168.78 (61.49.168.78) 24.593 ms * 12 61.135.169.121 (61.135.169.121) 26.060 ms 26.112 ms 25.905 ms [root@dcServer003 ~]# tracert 192.168.10.61 traceroute to 192.168.10.61 (192.168.10.61), 30 hops max, 40 byte packets 1 192.168.100.2 (192.168.100.2) 3.135 ms 3.112 ms 3.201 ms 2 192.168.10.61 (192.168.10.61) 0.345 ms 0.351 ms 0.349 ms
实际工作中192.168.100.203上开启了一个squid代理,所以需要开启路由转发:echo 1 > /proc/sys/net/ipv4/ip_forward
设置本地两个网卡能互ping:
iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -d 172.16.0.0/24 -o eth1 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 172.16.0.0/24 -d 192.168.100.0/24 -o eth0 -j MASQUERADE