I. Network Extension Structure:
Server: set two NICs:
Eth1: 192.168.99.26 mask: 255.255.255.0 Gateway: 192.168.99.htm # connect with inte. Net to connect the vro to the Internet.
Eth0: 192.168.0.1 mask: 255.255.255.0 # associated with a LAN switch
Client subnet: 192.168.0.0/24
Ii. Server Settings: (you can choose either of the two methods)
2.1 use NAT
Run the following commands on the server:
Echo "1">/proc/sys. Net/IPv4/ip_forward # enable IP Forwarding. 1 indicates forwarding. 0 indicates no forwarding.
The above command can also be implemented by modifying/etc/sysctl. conf and adding a line above and below in the file:
Net. ipv4.ip _ forward = 1
Other commands are:
Iptables-F
Iptables-P input accept
Iptables-P forward accept
Iptables-T Nat-A postrouting-O eth1-J Masquerade
# Enable Nat
2.2 Net Bridge:
Echo "1">/proc/sys. Net/IPv4/ip_forward
Ifconfig eth0 0.0.0.0 up
Ifconfig eth1 0.0.0.0 up
Brctl addbr br0 # Add a bridge
Brctl addif br0 eth0
Brctl addif br0 eth1 # Add eth0 eth1 to the bridge
Ifconfig br0 192.168.0.1.netmask 255.255.255.0 broadcast 192.168.0.255 up # assign an IP address to the bridge. If you do not use NAT and do not need to remotely access the bridge, you can set an IP address but must enable the bridge (ifconfig br0 up)
Route add default GW 192.168.99.htm # If the bridge does not need to access other machines, you can not add a gateway.
Iii. Client settings:
Eth1: 192.168.0.10 mask: 255.255.255.0 Gateway: 192.168.0.1
Iv. iptables command reference:
Iptables Command Format
Iptables [-T Nat] cmd [Chain] [Rule-matcher] [-J target]
-T nat: indicates the operation of the NAT table.
CMD: Operation Command
Chain: The chain name.
Rule-matcher: Rule matcher
Target: The target action.
Iptables-T nat-F # Clear the rules in the original NAT table
Iptables-F # Clear the rules in the original Filter
Iptables-P forward accept # IP Forwarding permitted by default
5. Feelings about Configuration
According to the NAT method, the configuration is completed quickly and the network can be accessed smoothly. For users who have no special requirements on network configuration, you can use the NAT method, which is simple and practical.