安装ifconfig命令
yum install -y net-tools
- A机器增加一块网卡,并启动查看网段为192.168.204(根据自己机器来设置),设置新的网卡IP为192.168.204.1,并在物理机访问这个IP地址,看是否正常通信
- 增加新的网卡需要更改IP,然后重启网卡,并重启网络服务。[增加网卡注意点](https://my.oschina.net/u/3707314/blog/1615467)
- 这时B、C机器就无法上网了
网卡配置文件中更改(即本机器)
vi /etc/sysconfig/network-scripts/ifcfg-eno16777736
更改完之后重启网络服务
systemctl restart network
[root@hf-02 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.74.129 0.0.0.0 UG 1024 0 0 eno16777736
192.168.74.0 0.0.0.0 255.255.255.0 U 0 0 0 eno16777736
[root@hf-02 ~]#
关闭firewalld服务
systemctl stop firewalld
使firewalld服务不再开机启动
systemctl disable firewalld
yum install -y iptables-services
[root@hf-01 ~]# cd /etc/yum.repos.d/
[root@hf-01 yum.repos.d]# ls
CentOS7-Base-163.repo CentOS-Sources.repo epel.repo
CentOS-Debuginfo.repo CentOS-Vault.repo epel-testing.repo
[root@hf-01 yum.repos.d]# mv epel.repo epel.repo.1
[root@hf-01 yum.repos.d]#
机器B
[root@hf-02 ~]# systemctl start iptables
[root@hf-02 ~]#
机器C
[root@hf-03 ~]# systemctl start iptables
[root@hf-03 ~]#
机器B
[root@hf-02 ~]# systemctl start iptables
[root@hf-02 ~]# systemctl enable iptables
ln -s '/usr/lib/systemd/system/iptables.service' '/etc/systemd/system/basic.target.wants/iptables.service'
[root@hf-02 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
71 5076 ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
0 0 ACCEPT icmp -- * * 0.0.0.0/0 0.0.0.0/0
0 0 ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0
1 124 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT 48 packets, 4680 bytes)
pkts bytes target prot opt in out source destination
[root@hf-02 ~]# iptables -F //清空表的规则,以便后续实验
[root@hf-02 ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ 确定 ]
[root@hf-02 ~]#
机器C同上
[root@hf-01 ~]# iptables -nvL
Chain INPUT (policy ACCEPT 19 packets, 1296 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 11 packets, 1108 bytes)
pkts bytes target prot opt in out source destination
[root@hf-01 ~]#
setenforce 0 //临时关闭selinux
getenforce //查看selinux是否关闭
为了保险起见,在配置文件中永久关闭selinux
vi /etc/selinux/config
SELINUX=enforcing更改为SELINUX=disabled
NAT模式搭建
[root@hf-01 ~]# yum install -y ipvsadm
[root@hf-01 ~]# vim /usr/local/sbin/lvs_nat.sh
#! /bin/bash
# director 服务器上开启路由转发功能
echo 1 > /proc/sys/net/ipv4/ip_forward //对内核参数修改,打开路由转发
# 关闭icmp的重定向
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects //伪装操作,不然不能转发rs的数据
echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects //伪装操作,不然不能转发rs的数据
# 注意区分网卡名字,dir机器的两块网卡分别为ens33和ens37
echo 0 > /proc/sys/net/ipv4/conf/eno16777736/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/ens36/send_redirects
# director 设置nat防火墙
iptables -t nat -F
iptables -t nat -X
iptables -t nat -A POSTROUTING -s 192.168.133.0/24 -j MASQUERADE //MASQUERADE实现同网段的机器去上网,路由器使用的就是这个功能
# director设置ipvsadm
IPVSADM='/usr/sbin/ipvsadm' //设置一个变量,方便下面命令引用
$IPVSADM -C //清空规则
$IPVSADM -A -t 192.168.204.1:80 -s lc -p 3 //用来定义lvs 的模式;wlc,为算法,可以按需求选择 lvs 里面适合的算法
$IPVSADM -a -t 192.168.204.1:80 -r 192.168.74.131:80 -m -w 1 //小规则,-r 指定dir机器IP,-m 指定nat模式,-w指定rs权重
$IPVSADM -a -t 192.168.204.1:80 -r 192.168.74.133:80 -m -w 1 //小规则,-r 指定dir机器IP,-m 指定nat模式,-w指定rs权重
[root@hf-01 ~]# sh /usr/local/sbin/lvs_nat.sh
[root@hf-01 ~]#
B机器
[root@hf-02 ~]# ps aux |grep nginx
root 1102 0.0 0.0 20996 624 ? Ss 05:29 0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nobody 1107 0.0 0.3 23440 3208 ? S 05:29 0:00 nginx: worker process
nobody 1108 0.0 0.3 23440 3208 ? S 05:29 0:00 nginx: worker process
root 3580 0.0 0.0 112676 984 pts/1 R+ 08:30 0:00 grep --color=auto nginx
[root@hf-02 ~]#
C机器
[root@hf-03 ~]# ps aux |grep nginx
root 821 0.0 0.0 20996 628 ? Ss 08:00 0:00 nginx: master process /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.conf
nobody 825 0.0 0.3 23440 3212 ? S 08:00 0:00 nginx: worker process
nobody 826 0.0 0.3 23440 3212 ? S 08:00 0:00 nginx: worker process
root 1851 0.0 0.0 112676 984 pts/0 R+ 08:30 0:00 grep --color=auto nginx
[root@hf-03 ~]#
[root@hf-02 ~]# vim /usr/share/nginx/html/index.html
[root@hf-02 ~]# curl localhost
hanfeng-02
[root@hf-03 ~]# vim /usr/share/nginx/html/index.html
[root@hf-03 ~]# curl localhost
hanfeng-03
[root@hf-01 ~]# curl 192.168.204.1
hanfeng-02
[root@hf-01 ~]# curl 192.168.204.1
hanfeng-03
[root@hf-01 ~]# iptables -t nat -nvL
Chain PREROUTING (policy ACCEPT 108 packets, 5472 bytes)
pkts bytes target prot opt in out source destination
Chain INPUT (policy ACCEPT 108 packets, 5472 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE all -- * * 192.168.74.0/24 0.0.0.0/0
[root@hf-01 ~]#
[root@hf-01 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.204.1:80 wlc persistent 3
-> 192.168.74.131:80 Masq 1 0 0
-> 192.168.74.133:80 Masq 1 0 0
[root@hf-01 ~]#