Network experiment: routing, proxy, gateway, and dual-nic

1. Network Structure

Machine 1: the operating system is RedHat liuux9.0, and access the Internet through the Intranet gateway 192.168.0.252. Two NICs, eth0 and eth1, are installed. The network settings are as follows:
Eth0: IP = 192.168.0.180/24, netgate = 192.168.0.252
Eth1: IP = 192.168.0.181/24
Machine 1 also has the squid agent software installed. Machine 1 can access the Internet normally.

Machine 2: Windows, IP = 192.168.0.182/24, a network card, connect to the network card eth1 of machine 1 through the crossover line (equivalent to connecting eth1 of machine 1 to the network card of Machine 2 to a switch ).

2. Machine 2 goes online through machine 1 proxy
Machine 2 Ping 192.168.0.181 and 192.168.180.
Machine 2 cannot ping machines 10 and 11 that are physically connected to machine 1 (IP addresses 192.168.0.10/24 and 192.168.0.11/24 respectively ), this means that the dual-nic of machine 1 can effectively isolate two sub-networks. Even if the IP address of Machine 2 is the same as that of machine 10, no IP address conflict will occur.
Because machine 1 is configured with a proxy, machine 2 can access the Internet through the proxy of machine 1, you only need to set "Internet Options"/"connection"/"LAN Settings"/"Proxy Server" in IE, and set it to 192.168.0.181 or 192.168.0.180, the port corresponds to the port set by the Squid proxy (I set it to 8080 ).

3. Machine 2 method 2
If machine 1 does not have a proxy, and machine 2 needs to access the Internet, you must configure the route in machine 1 and use machine 1 as a software router.

4. Extended
(1) Because machine 1 has a dual-nic installed, when Machine 2 accesses the Internet through the proxy of machine 1, the proxy address can be set to any of the dual-nic of machine 1.

(2) The eth1 of machine 1 and the NIC of Machine 2 can access the Internet as long as they are in the same network segment. For example, their IP addresses are 10.0.0.1/24 and 10.0.0.2/24. It is strange that when the IP address of Machine 2 is 10.0.0.2, it can still Ping 192.168.0.180! At this time, the above (1) settings are still valid.

(3) If machine 1 and machine 2 are connected through a switch, then Machine 2 accesses the Internet through the proxy of machine 1, the aforementioned (1) and (2) the settings can remain unchanged (I did not verify this, I think it is acceptable ).

(4) If machine 1 has only one network card and machine 2 needs to access the Internet through machine 1, it must be connected to machine 1 on a switch. At this time, the IP address of Machine 2 must be in the same network segment as machine 1 and cannot conflict with the IP address of other machines. For example, the IP address of Machine 2 cannot be changed to 192.168.0.10, and the proxy of Machine 2's IE browser is set to: IP = 192.168.180, the port is 8080.

(5) machine 1 is the NAT software of the machine that installs Windows server through another dual-nic. Machine 1's Internet access settings are not set in the "proxy" of the IE browser, but in the TCP/IP protocol attribute of the "network. This note: ① the network can be cascade through several level proxies or gateways; ② Nat software is more like a software ro and used as a gateway than "Internet sharing ", is a proxy software.
(6) "Internet Connection Sharing" and NAT and squid generally have both firewall functions.

Zhang Qing 2003.12.12
Zhangking@263.net QQ: 9365822