Dual-nic Internet access in Linux

I. Network Extension Structure:
 
Server: set two NICs:
 
Eth1: 192.168.99.26 mask: 255.255.255.0 Gateway: 192.168.99.htm # connect with inte. Net to connect the vro to the Internet.
 
Eth0: 192.168.0.1 mask: 255.255.255.0 # associated with a LAN switch
 
Client subnet: 192.168.0.0/24
 
Ii. Server Settings: (you can choose either of the two methods)
 
2.1 use NAT
 
Run the following commands on the server:
 
Echo "1">/proc/sys. Net/IPv4/ip_forward # enable IP Forwarding. 1 indicates forwarding. 0 indicates no forwarding.
 
The above command can also be implemented by modifying/etc/sysctl. conf and adding a line above and below in the file:
 
Net. ipv4.ip _ forward = 1
 
Other commands are:
 
Iptables-F
 
Iptables-P input accept
 
Iptables-P forward accept
 
Iptables-T Nat-A postrouting-O eth1-J Masquerade
# Enable Nat
 
2.2 Net Bridge:
 
Echo "1">/proc/sys. Net/IPv4/ip_forward
 
Ifconfig eth0 0.0.0.0 up
 
Ifconfig eth1 0.0.0.0 up
 
Brctl addbr br0 # Add a bridge
 
Brctl addif br0 eth0
 
Brctl addif br0 eth1 # Add eth0 eth1 to the bridge
 
Ifconfig br0 192.168.0.1.netmask 255.255.255.0 broadcast 192.168.0.255 up # assign an IP address to the bridge. If you do not use NAT and do not need to remotely access the bridge, you can set an IP address but must enable the bridge (ifconfig br0 up)
 
Route add default GW 192.168.99.htm # If the bridge does not need to access other machines, you can not add a gateway.
 
Iii. Client settings:
 
Eth1: 192.168.0.10 mask: 255.255.255.0 Gateway: 192.168.0.1
 
Iv. iptables command reference:
 
Iptables Command Format
 
Iptables [-T Nat] cmd [Chain] [Rule-matcher] [-J target]
 
-T nat: indicates the operation of the NAT table.
 
CMD: Operation Command
 
Chain: The chain name.
 
Rule-matcher: Rule matcher
 
Target: The target action.
 
Iptables-T nat-F # Clear the rules in the original NAT table
 
Iptables-F # Clear the rules in the original Filter
 
Iptables-P forward accept # IP Forwarding permitted by default
 
5. Feelings about Configuration
 
According to the NAT method, the configuration is completed quickly and the network can be accessed smoothly. For users who have no special requirements on network configuration, you can use the NAT method, which is simple and practical.