jackyzm

导航

Centos7搭建软路由

Xenserver环境:

一:环境准备

  内网:192.168.2.100

  外网:x.x.x.x

  1.1:登陆XenCenter

  1.2:进入Xenserver中的Networking选项

  1.3:点选下边的Configure...按钮,进入Configure IP Addresses对话框

  1.4:点选Add IP address新建虚拟交换机

 

   1.5:Network 1 网卡连接外网

      Network 2 网卡连接内网虚拟交换机

二:建立Centos7虚拟机并配置网卡

  2.1:vim /etc/sysconfig/network-scripts/ifcfg-eth1

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
#BOOTPROTO=dhcp
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eth1
#UUID=dd48994a-7f5c-44c1-a8d3-107f4e4b579f
DEVICE=eth1
#ONBOOT=no
ONBOOT=yes
IPADDR=x.x.x.x(固定IP或可联通外网的IP)
NETMASK=255.255.255.x
GATEWAY=x.x.x.x
DNS1=8.8.8.8
DNS2=x.x.x.x

   2.2:vim /etc/sysconfig/network-scripts/ifcfg-eth2

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
#BOOTPROTO=dhcp
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eth3
#UUID=34b419e0-ca01-4ca4-964b-45d2a9973002
DEVICE=eth3
#ONBOOT=no
ONBOOT=yes
IPADDR=192.168.2.100
NETMASK=255.255.255.0

   2.3:ping baidu.com

 

三:配置ipv4转发

  3.1:查看IPv4转发状态,默认为0即关闭状态

      cat /proc/sys/net/ipv4/ip_forward

  3.2:开启转发

      echo 1 >  /proc/sys/net/ipv4/ip_forward

 

四:借助iptables做地址转发:

  4.1:配置iptables做SNAT,基于源的数据包转发

      iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -j SNAT --to-source x.x.x.x

  4.2:192.168.2.0网段的虚拟机,需要上外网,只要把网关配置成192.168.2.100即可

 

五:加开机运行:

  5.1:为了防止重启后这些配置失效,将这两条命令加入到rc.local中,使其开机自动运行,

     vim /etc/rc.d/rc.local

#!/bin/bash
# THIS FILE IS ADDED FOR COMPATIBILITY PURPOSES
#
# It is highly advisable to create own systemd services or udev rules
# to run scripts during boot instead of using this file.
#
# In contrast to previous versions due to parallel execution during boot
# this script will NOT be run after all other services.
#
# Please note that you must run 'chmod +x /etc/rc.d/rc.local' to ensure
# that this script will be executed during boot.

touch /var/lock/subsys/local
echo 1 >  /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -j SNAT --to-source x.x.x.x

  5.2:因为CentOS7开始,rc.local默认没有执行权限,还要加一条命令

      chmod +x /etc/rc.d/rc.local

      重启测试:reboot

 

六:iptables配置:

  vim iptables.sh

#!/bin/sh
iptables -F
iptables -X
iptables -Z
iptables -P INPUT ACCEPT
iptables -A INPUT -i lo -j ACCEPT
iptables -A INPUT -s x.x.x.x -j ACCEPT
iptables -A INPUT -s 192.168.2.0/24 -j ACCEPT
iptables -A INPUT -p icmp --icmp-type any -j ACCEPT
#iptables -A INPUT -p udp -m udp --dport 67 --in-interface xenapi -j ACCEPT
iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -j SNAT --to-source x.x.x.x
iptables -t nat -A PREROUTING -i eth1 -p tcp -d x.x.x.x --dport 30022 -j DNAT --to-destination 192.168.2.100:22
iptables -A FORWARD -j ACCEPT
iptables -P INPUT DROP
iptables -P OUTPUT ACCEPT
iptables -P FORWARD DROP
service iptables save
systemctl restart iptables.service

 注意:
iptables -P INPUT ACCEPT这条规则必须先运行,否则会连接不上
iptables -A FORWARD -j ACCEPT这条规则与POSTROUTING配套使用
开启ip转发:
echo 1 >  /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 192.168.2.0/24 -j SNAT --to-source x.x.x.x
写入开机启动:
chmod +x /etc/rc.d/rc.local
echo 1 >  /proc/sys/net/ipv4/ip_forward
端口转发:
iptables -t nat -A PREROUTING -i eth1 -p tcp -d x.x.x.x --dport 30022 -j DNAT --to-destination 192.168.2.100:22

 

posted on 2019-02-10 11:44  jackyzm  阅读(6516)  评论(0编辑  收藏  举报