CentOS 7 Network settings in VMware

• • A description of the environment
  • Installation of the two CentOS in VMware
  • Three NAT network settings
  • Four Set fixed IP
    • 1 Modifying NIC configuration instructions
    • 2 modifying etcresolvconf to implement domain name resolution
  • Five set firewall iptables
    • 1 CentOS Installation Telnet
    • 2 Firewall iptables settings
  • Vi. Summary

due to the need to use Linux in the work, in the virtual machine loaded with CentOS7, for experimental use, after the installation of a lot of problems, mainly network problems, after installation, the following several conditions:
(1) The host network is normal and cannot access the extranet in the CentOS of the virtual machine.
(2) The host can ping and can connect using SSH, but cannot telnet to the port of the virtual machine CentOS.
(3) CentOS fixed IP problem
(4) Firewall setup issues
After consulting the relevant information and practice, to solve the network problem, in this record.

I. Environmental description

• VMware Workstation 10
• Linunx system: CentOS7, official website

Second, the installation of CentOS in VMware

CentOS7 in VMware Virtual machine installation process is not complex, there are many tutorials online (can refer to one of them (Baidu Experience)), this article does not repeat, briefly make the following notes and attention to the place.

• Install a CD image file using a typical installation
• According to the actual situation of the machine to select the CPU, disk size, the machine is i7,8g memory, assigned the 2g,2 core to CentOS7.
• Focus: There are three types of network can refer to this article, because do not want to occupy the current existing IP, select NAT, host for routing.
• Install the software type to choose a minimum installation, or select a file server, a basic Web server, and so on. Recommended minimum installation, clean.

Third, NAT network settings

Use NAT network settings, do not occupy the IP resources, the setting method can refer to this article, here are the main points of the important set point description:
(1) Set the virtual machine as a NAT network and right-click on the virtual machine, such as:

(2) View VMnet8 's network settings
Control Panel, network and internet-> network connection, visible Vmnet1 and vmnet8 two virtual network cards, view Vmnet8, right-click Properties, view IPv4 address, visible VMware has automatically assigned an address. As follows:

(3) shared network
Real network card, right-click Sharing, as follows

(3) Set up virtual network editor, edit-and-virtual network editor, as follows:
The subnet IP here is consistent with the VMNET8 segment and Vmnet8 is 192.168.31.1, which is set to 192.168.31.0. The mask is consistent with Vmnet8.
In addition, "Assigning IP addresses to virtual machines using the local DHCP service" can be checked first and then canceled when the IP is fixed on the back.

(4) NAT settings

After setting, enter the virtual machine, if no accident, can connect the network normally.
(5) View IP and test
Test with Ifconfig, where you can see the virtual IP, whose IP is automatically assigned by DHCP.
[[email protected] sysconfig]# ifconfig

On the virtual machine ping host IP, test connectivity:
[[email protected] sysconfig]# ping 192.168.31.1 `` 
在宿主机ping虚拟机IP，测试是否连通： 
[[email protected] sysconfig]# ping 192.168.31.128 "
If you can connect, it proves that the network setup is complete, you can use SSH connection to the virtual machine CentOS.

Four, set the fixed IP

As described above, although it is possible to connect, but because it is dynamically allocated using DHCP, it may change after each reboot, so it is best to set it to a fixed IP. You can refer to this article
The following points need to be noted:

• In the VMware Virtual Network editor, uncheck the "Use local DHCP service to assign IP addresses to virtual machines" check box.
• Modify the corresponding NIC configuration at the beginning of ifcfg in/etc/sysconfig/network-scripts/.
• Modify/etc/resolv.conf to add domain name resolution.

(1) Modify the NIC configuration instructions

Note the name of the current network card, using Ifconfig can be seen, this machine installed after the NIC name is: ifcfg-eno16777736;
Open this file with the following key configuration (none added):

ONBOOT=yes 设置为开机后启动 
IPADDR=192.168.31.128 #此处设置固定的IP 
NETMASK=255.255.255.0 #此处设置掩码 
GATEWAY=192.168.31.2 #此处设置网关IP 
BOOTPROTO=static#设置为静态
Such as:

(2) Modify/etc/resolv.conf to realize domain name resolution

Ping the extranet domain name in the virtual machine before this setting is reported unknown host error, such as Ping www.baidu.com, is reported Ping:unknown host www.baidu.com.
Add the following settings in/etc/resolv.conf:
nameserver 192.168.31.2
Such as:

In this way, the virtual machine can use ping to test the extranet domain name, normal.

V. Setting up a firewall iptables

CentOS7 default firewall is not iptables, but firewall, to use iptables, you need to install first. The complete installation process has a lot of tutorials online, refer to this article, after the installation is complete, you can use Iptables.
Due to the installation of MySQL on the virtual machine, and the normal start of MySQL, but found that the host can not connect to MySQL, but the ping virtual machine is connected, it is conceivable that the port problem must be. Try to use Telnet on the host to this port, also cannot connect, can ping can, port but cannot telnet, two kinds of possible:
(1) CentOS does not turn on Telnet;
(2) The firewall does not have port 3306 open. (Mainly this problem)
Solve each of the following.

5.1 CentOS Installation Telnet

(1) First check whether the following two installation packages have been installed: Telnet-server, xinetd. The command is as follows:
rpm -qa |grep telnet-server 
rpm -qa |grep xinetd
If it is not installed, install it first.
(2) View installable packages and installation
yum list |grep telnet 
yum install telnet-server.x86_64 
yum install telnet.x86_64 
yum list |grep xinetd 
yum install xinetd.x86_64
(3) Join the boot start
systemctl enable xinetd.service 
systemctl enable telnet.socket
(4) Boot up
systemctl start telnet.socket 
systemctl start xinetd（或service xinetd start）
After Telnet is started, continue with the Iptables setting, either telnet to the host or not connected.

5.2 Firewall iptables settings

The iptables file path opens only port 22 on/etc/sysconfig/iptables,centos By default, so you need to add the ports you need to access in the file, such as Telnet port 23, database Port 3306, and so on.
If you do not add, you will get an error "can ' t connect to MySQL Server (10060)" When connecting to the database.
(1) Add a port rule.
As follows:

-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT-A INPUT -p tcp -m state --state NEW -m tcp --dport 23 -j ACCEPT

• 1
• 2

Description:  
[-ai chain] 
"Insert" or "accumulate"   of rules for a chain;
-A: Add a new rule to add the rule to the last side of the original rule.  
-I: Inserts a rule. If you do not specify the order of this rule, the default is insert into the first rule.  
For example, there are four rules, using-I then the rule becomes the first, and the original four becomes 2~5 chain: INPUT, OUTPUT, FORWARD and so on  
[-io network interface] 
set interface Specification for packet ingress and egress nbsp
-I: The network interface that the packet enters, such as Eth0, Lo, and so on. Need to coordinate with INPUT chain;  
-o: The network interface to which the packet is sent, to be mated with the OUTPUT chain;  
[-P tcp,udp] 
-P contract: Sets the type of packet format that this rule applies to  
The main packet formats are: TCP, UDP, ICMP, and all.  
[-M]: some iptables plug-in modules, the main common is:  
State: Status module  
Mac: Network card hardware address (hardware addr)  
[– State]: The status of some packets, mainly:  
INVALID: Invalid packet, such as packet status   for data breakage;
Established: Online status that has been successfully online;  
NEW : Want to create a new online packet status;  
Related: This is most commonly used! Indicates that this packet is a packet sent out by our host about  
[-s source ip/domain] 
[–sport port range] 
–sport Port range: The port number that restricts the source, the port number can be sequential, for example 1024:65535 
[–dport port range] 
–dport port range: Limit the port number of the destination. &NBSP
[-j]: followed by action, the main action is accept, discard (drop), Reject (REJECT) and record (log)

As shown in the following:

Special Reminder: The added port rule statement must precede the reject rule, otherwise it will not work. Even if the two port rules added above in-a forward-j reect .... After the rule, the port is not open, and Telnet does not come in outside.

(2) Restart Iptables
service iptables restart
After rebooting, use Telnet 192.168.31.128 3306 again, normal.
Use Navicat to connect to the database, normal.

Vi. Summary

(1) The host network is normal and cannot access the extranet in the CentOS of the virtual machine.
workaround : Use NAT connection mode, set the network card configuration correctly, and configure the domain name resolution.
(2) The host can ping and can connect using SSH, but cannot telnet to the port of the virtual machine CentOS.
workaround : Install telnet and add a firewall port rule.
(3) CentOS fixed IP problem
workaround : Set the IFCFG network card file, domain name resolution configuration.
(4) Firewall setup issues
workaround : Install iptables, add port rules, and note before the reject rule.

CentOS 7 Network settings in VMware