Overall flowchart
Configure Server1 new Two Nic one NIC is set to bridge mode, the other piece is set to host mode only
View two network card configurations
[email protected]:~# ifconfigens33 Link encap:Ethernet HWaddr 00:0c:29:42:81:1c inet addr:192.168.31.159 Bcast:192.168.31.255 Mask:255.255.255.0 inet6 addr: ffff::fff:29ff:fe42:811c/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:163 errors:0 dropped:0 overruns:0 frame:0 TX packets:421 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:20177 (20.1 KB) TX bytes:35945 (35.9 KB)
Open Interfaces View Ens33 Configure DHCP mode
auto ens33iface ens33 inet dhcp
View Network card Name
[email protected]:/etc/network# ip link show[email protected]:/etc/network# ip link show2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether ff:ff:ff:ff:81:1c brd ff:ff:ff:ff:ff:ff3: ens38: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000 link/ether 00:0c:29:42:81:26 brd ff:ff:ff:ff:ff:ff
Set intranet as static IP
auto ens38iface ens38 inet staticaddress 192.168.232.101netmask 255.255.255.0
Configure the Server3 IP as a static IP and the intranet IP configured in the previous step in a network segment
auto ens33iface ens33 inet staticaddress 192.168.232.103netmask 255.255.255.0
Test Intranet
[email protected]:/etc/network# ping 192.168.232.101PING 192.168.232.101 (192.168.232.101) 56(84) bytes of data.64 bytes from 192.168.232.101: icmp_seq=1 ttl=64 time=12.0 ms64 bytes from 192.168.232.101: icmp_seq=2 ttl=64 time=1.61 ms
Set the SERVER3 default gateway to Server1 intranet IP
route add default gw 192.168.110.134
Modify the/etc/sysctl.conf file to open IP restrictions
net.ipv4.ip_forward = 1sysctl -p /etc/sysctl.conf
Set Iptables forwarding function
iptables -P FORWARD DROPiptables -t nat -A POSTROUTING -s 192.168.232.0/24 -j SNAT --to 192.168.31.159iptables -A FORWARD -s 192.168.232.103 -j ACCEPT
具体解释 请参考这篇博客http://xstarcd.github.io/wiki/Linux/iptables_forward_internetshare.html
View forwarding iptables forwarding rules
Iptables-t nat-nvl[email protected]:/home/guolin# iptables-t NAT-NVL Chain prerouting (Policy ACCEPT 108 packets, 7306 bytes) pkts bytes Target prot opt in Out source destination Chain INPUT (Policy AC CEPT 0 packets, 0 bytes) pkts bytes Target prot opt in Out source destination Chain OUTP UT (Policy ACCEPT 4 packets, 288 bytes) pkts bytes Target prot opt in Out source destination Chain postrouting (Policy ACCEPT 4 packets, 288 bytes) pkts bytes Target prot opt in Out source Destination 103 7035 SNAT All--* * 192.168.232.0/24 0.0.0.0/0 to:192.1 68.31.159 0 0 SNAT All--* * 192.168.232.0/24 0.0.0.0/0 to:192.168.31.159 0 0 SNAT All--* * 192.168.232.0/24 0.0.0.0/0 to:192.168.31.159 0 0 SNAT All--* *192.168.232.0/24 0.0.0.0/0 to:192.168.31.159
Ping public DNS domain name resolution system
[email protected]:/etc/network# ping 114.114.114.114PING 114.114.114.114 (114.114.114.114) 56(84) bytes of data.64 bytes from 114.114.114.114: icmp_seq=1 ttl=58 time=5.07 ms64 bytes from 114.114.114.114: icmp_seq=2 ttl=58 time=47.3 ms
If there's a problem, traceroute, the company ops, teach me another command.
mtr 114.114.114.114
Set up the domain name resolution system
nameserver 114.114.114.114
Test it out.
[email protected]:/etc/network# ping qq.comPING qq.com (61.135.157.156) 56(84) bytes of data.64 bytes from 61.135.157.156: icmp_seq=1 ttl=43 time=73.7 ms64 bytes from 61.135.157.156: icmp_seq=2 ttl=43 time=63.9 ms
VMware builds intranet and implements port forwarding via Iptables for networking