VMware builds intranet and implements port forwarding via Iptables for networking

Overall flowchart

Configure Server1 new Two Nic one NIC is set to bridge mode, the other piece is set to host mode only

View two network card configurations

[email protected]:~# ifconfigens33     Link encap:Ethernet  HWaddr 00:0c:29:42:81:1c            inet addr:192.168.31.159  Bcast:192.168.31.255  Mask:255.255.255.0          inet6 addr: ffff::fff:29ff:fe42:811c/64 Scope:Link          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1          RX packets:163 errors:0 dropped:0 overruns:0 frame:0          TX packets:421 errors:0 dropped:0 overruns:0 carrier:0          collisions:0 txqueuelen:1000           RX bytes:20177 (20.1 KB)  TX bytes:35945 (35.9 KB)

Open Interfaces View Ens33 Configure DHCP mode

auto ens33iface ens33 inet dhcp

View Network card Name

[email protected]:/etc/network# ip link show[email protected]:/etc/network# ip link show2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000    link/ether ff:ff:ff:ff:81:1c brd ff:ff:ff:ff:ff:ff3: ens38: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN mode DEFAULT group default qlen 1000    link/ether 00:0c:29:42:81:26 brd ff:ff:ff:ff:ff:ff

Set intranet as static IP

auto ens38iface ens38 inet staticaddress 192.168.232.101netmask 255.255.255.0

Configure the Server3 IP as a static IP and the intranet IP configured in the previous step in a network segment

auto ens33iface ens33 inet staticaddress 192.168.232.103netmask 255.255.255.0

Test Intranet

[email protected]:/etc/network# ping 192.168.232.101PING 192.168.232.101 (192.168.232.101) 56(84) bytes of data.64 bytes from 192.168.232.101: icmp_seq=1 ttl=64 time=12.0 ms64 bytes from 192.168.232.101: icmp_seq=2 ttl=64 time=1.61 ms

Set the SERVER3 default gateway to Server1 intranet IP

route add default gw 192.168.110.134

Modify the/etc/sysctl.conf file to open IP restrictions

net.ipv4.ip_forward = 1sysctl -p /etc/sysctl.conf

Set Iptables forwarding function

iptables -P FORWARD DROPiptables -t nat -A POSTROUTING -s 192.168.232.0/24 -j SNAT --to 192.168.31.159iptables -A FORWARD -s 192.168.232.103 -j ACCEPT

具体解释 请参考这篇博客http://xstarcd.github.io/wiki/Linux/iptables_forward_internetshare.html

View forwarding iptables forwarding rules

Iptables-t nat-nvl[email protected]:/home/guolin# iptables-t NAT-NVL Chain prerouting (Policy ACCEPT 108 packets, 7306 bytes) pkts bytes Target prot opt in Out source destination Chain INPUT (Policy AC CEPT 0 packets, 0 bytes) pkts bytes Target prot opt in Out source destination Chain OUTP         UT (Policy ACCEPT 4 packets, 288 bytes) pkts bytes Target prot opt in Out source destination               Chain postrouting (Policy ACCEPT 4 packets, 288 bytes) pkts bytes Target prot opt in Out source Destination 103 7035 SNAT All--* * 192.168.232.0/24 0.0.0.0/0 to:192.1     68.31.159 0 0 SNAT All--* * 192.168.232.0/24 0.0.0.0/0 to:192.168.31.159 0       0 SNAT All--* * 192.168.232.0/24 0.0.0.0/0 to:192.168.31.159 0 0 SNAT       All--* *192.168.232.0/24 0.0.0.0/0 to:192.168.31.159 

Ping public DNS domain name resolution system

[email protected]:/etc/network# ping 114.114.114.114PING 114.114.114.114 (114.114.114.114) 56(84) bytes of data.64 bytes from 114.114.114.114: icmp_seq=1 ttl=58 time=5.07 ms64 bytes from 114.114.114.114: icmp_seq=2 ttl=58 time=47.3 ms

If there's a problem, traceroute, the company ops, teach me another command.

mtr 114.114.114.114

Set up the domain name resolution system

nameserver 114.114.114.114

Test it out.

[email protected]:/etc/network# ping qq.comPING qq.com (61.135.157.156) 56(84) bytes of data.64 bytes from 61.135.157.156: icmp_seq=1 ttl=43 time=73.7 ms64 bytes from 61.135.157.156: icmp_seq=2 ttl=43 time=63.9 ms

VMware builds intranet and implements port forwarding via Iptables for networking