CentOS 7 Network settings in VMware
because of the need to use Linux in the work, in the virtual machine loaded with CentOS7 for the experiment, the installation after the use of a lot of problems, mainly network problems, after the installation of the following kinds of conditions:
(1) Host network Normal, in the virtual machine CentOS can not access the extranet.
(2) host can ping, and can use SSH connection, but not telnet virtual machine CentOS port.
(3) CentOS fixed IP problem
(4) Firewall setup problem
After consulting the relevant information and practice, the network problem is resolved, in this record.
I. Environmental description
VMware Workstation 10
Linunx system: CentOS7, website download address
Ii. installation of CentOS in VMware
CentOS7 in the VMware Virtual machine installation process is not complicated, there are many tutorials online (can refer to one of the (Baidu Experience), this article does not repeat, briefly make the following notes and attention to the place.
Using a typical installation, Setup CD image files
According to the actual situation of the machine to choose the CPU, disk size, this machine is i7,8g memory, allocated 2g,2 nuclear to CentOS7.
emphasis: There are three types of network can refer to this article, because do not want to occupy the current existing IP, select NAT, to host for the route.
Installation software type can choose the smallest installation, also can choose File Server, basic Web server, etc. Recommended minimum installation, clean.
Iii. NAT Network Settings
Use NAT network settings, do not occupy IP resources, set the method can refer to this article, here make a few important set point description:
(1) Set the virtual machine as Nat network, right-click the virtual machine-> settings, as shown below:
(2) View the VMNET8 network settings
Control Panel-> Network and internet-> network connection, visible Vmnet1 and vmnet8 two virtual network adapters, view Vmnet8, right-click-> properties, view the IPv4 address, visible VMware has automatically assigned an address. As follows:
(3) shared network
The actual NIC-> right-click-> share, as follows
(3) Set up virtual network editor, edit-> Virtual network editor, as follows:
The subnet IP here is consistent with the VMNET8 network segment, Vmnet8 is 192.168.31.1, then set to 192.168.31.0. The mask is consistent with the vmnet8.
In addition, "Use the local DHCP service to assign IP addresses to virtual machines" can be checked first, and then canceled after fixed IP.
(4) NAT settings
After setting, enter the virtual machine, if no accident, is able to connect the network properly.
(5) View IP and test
Use Ifconfig for testing, here you can see the virtual IP, its IP is DHCP automatically allocated.
[root@localhost sysconfig]# ifconfig
Ping host IP on virtual machine, test connectivity:
[root@localhost sysconfig]# ping 192.168.31.1 ``
在宿主机ping虚拟机IP,测试是否连通:
[root@localhost sysconfig]# ping 192.168.31.128 "
If you can connect, that is to prove that the network setup is complete, you can use the SSH connection virtual machine CentOS.
Four, set fixed IP
In this way, although it can be connected, but because it is dynamically allocated using DHCP, it may change after each reboot, so it is best to set it to fixed IP. can refer to this article
The following points need to be noted:
- Uncheck "Assign IP addresses to virtual machines using local DHCP service" in the VMware Virtual Network editor.
- Modify the corresponding network adapter configuration at the beginning of the ifcfg in/etc/sysconfig/network-scripts/.
- Modify/etc/resolv.conf to add a domain name resolution.
(1) Modify the network card configuration instructions
Note the current network card name, using Ifconfig can be found, the installation of the network card after the name is: ifcfg-eno16777736;
Open this file, mainly configure the following (no add up):
ONBOOT=yes 设置为开机后启动
IPADDR=192.168.31.128 #此处设置固定的IP
NETMASK=255.255.255.0 #此处设置掩码
GATEWAY=192.168.31.2 #此处设置网关IP
BOOTPROTO=static
#设置为静态
The following figure:
(2) Modify/etc/resolv.conf to implement domain name resolution
If you ping the extranet domain name in the virtual machine before you do this setting, you will report the unknown host error, such as Ping www.baidu.com, and then report Ping:unknown host www.baidu.com.
Add the following settings to the/etc/resolv.conf:
nameserver 192.168.31.2
The following figure:
In this way, the virtual machine can use ping to test the extranet domain name, normal.
V. Setting up a firewall iptables
CentOS7 The default firewall is not iptables, but firewall, to use iptables, you need to install first. Complete installation process There are many tutorials online, refer to this article, after the installation is completed, you can use Iptables.
Because the MySQL installed on the virtual machine, and the normal start of MySQL, but found in the host can not connect to MySQL, but ping virtual machine is connected, it is conceivable that the port problem must be. Try to use Telnet to this port on the host, you cannot connect, You can ping, the port is not Telnet, two possibilities:
(1) CentOS did not open telnet;
(2) The firewall does not have 3306 ports open. (Mainly this problem)
Solve each of the following.
5.1 CentOS Install Telnet
(1) First check whether the following two installation packages have been installed: Telnet-server, xinetd. The order is as follows:
rpm -qa |grep telnet-server
rpm -qa |grep xinetd
If it is not installed, install it first.
(2) To view the installation of the package and installation
yum list |grep telnet
yum install telnet-server.x86_64
yum install telnet.x86_64
yum list |grep xinetd
yum install xinetd.x86_64
(3) Join boot
systemctl enable xinetd.service
systemctl enable telnet.socket
(4) Boot up
systemctl start telnet.socket
systemctl start xinetd(或service xinetd start)
After Telnet is started, telnet to the host, or not connected, continue with the iptables setting.
5.2 Firewall iptables settings
The iptables file path only turns on port 22 on/etc/sysconfig/iptables,centos By default, so you need to add ports that need to be accessed in the file, such as Telnet port 23, database Port 3306, and so on.
If you do not add, the database will be connected to the error "can" T connect to MySQL Server (10060).
(1) Add port rules.
As follows:
-A INPUT -m state --state NEW -m tcp -p tcp --dport 3306 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 23 -j ACCEPT
Description:
[-ai chain]
"Insert" or "accumulate" rules for a chain
-A: Add a new rule, which is added to the last side of the original rule.
-I: Inserts a rule. If you do not specify the order of this rule, the default is to insert into the first rule.
For example, there are four rules, using-i the rule becomes the first, and the original four into the 2~5 chain: There is INPUT, OUTPUT, FORWARD, etc.
[-io Network Interface]
Set the interface specification for packet entry and exit
-I: The network interface that the packet enters, such as Eth0, Lo, and so on. Need to coordinate with INPUT chain;
-O: The network interface that is outgoing from the packet needs to be matched with the OUTPUT chain;
[-P TCP,UDP]
-P Contract: sets which package format this rule applies To
The main packaging formats are: TCP, UDP, ICMP and all.
[m]: some iptables plug-in modules, the main common are:
State: Status Module
Mac: Network card hardware addresses (hardware address)
[–state]: Some of the packaging status, mainly:
INVALID: Invalid packet, such as broken packet status
Established: The online status has been successfully online;
NEW: Want to create the online package status;
RELATED: This is the most commonly used! Indicates that the packet is related to the packet sent out by our host.
[-s source ip/domain]
[–sport Port Range]
–sport Port range: limits the port number of the source, the port number can be continuous, for example 1024:65,535
[–dport Port Range]
–dport Port range: The port number that restricts the destination.
[-j]: The following action, the main action is accepted (ACCEPT), Discard (drop), Reject (REJECT) and record (log)
As shown in the following illustration:
Special Reminder: The added port rule statement must be placed before the reject rule, otherwise it will not work. Where put the two-port rule added above in the-a forward-j reect ... rules, then the port is not open, the outside Telnet does not come in.
(2) Restart Iptables
service iptables restart
After restarting, use Telnet 192.168.31.128 3306 again, normal.
Using Navicat to connect to the database is normal.
Vi. Summary
(1) Host network Normal, in the virtual machine CentOS can not access the extranet.
workaround : Use NAT connection mode, set up the network card configuration correctly, domain name resolution configuration.
(2) host can ping, and can use SSH connection, but not telnet virtual machine CentOS port.
workaround : Install telnet and add firewall port rules.
(3) CentOS fixed IP problem
workaround : Set up ifcfg network card file, domain name resolution configuration.
(4) Firewall setup problem
workaround : Install iptables, add port rules, and pay attention to the reject rule.
Thank you for reading, I hope to help you, thank you for your support for this site!