回顾一下,其实NAT模式就是通过iptables模式实现的。所以我们会配置一些规则在上面。
1.1 三台模拟服务器:
主机名 | IP 地址 | 角色 | 网关 |
---|---|---|---|
zhdy-01 | 192.168.230.128 (公网IP:192.168.138.128) | Load Balancer | |
zhdy-02 | 192.168.230.142 | Real serverA | 192.168.230.128(分发器的内网IP) |
zhdy-03 | 192.168.230.144 | Real serverB | 192.168.230.128(分发器的内网IP) |
配置完成,一定要记得重启一下网络,并且使用route -n 去查看是否已经添加成功!
[[email protected]03 ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.230.128 0.0.0.0 UG 0 0 0 ens33
1.2 三台服务器均关闭防火墙
[[email protected] ~]# systemctl stop firewalld
[[email protected]01 ~]# systemctl disable firewalld
[[email protected]01 ~]# getenforce
Enforcing
[[email protected]01 ~]# vim /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
三台服务器均安装iptables服务:
[root@zhdy-01 ~]# yum install -y iptables-services
[root@zhdy-01 ~]# systemctl start iptables
[root@zhdy-01 ~]# systemctl enable iptables
Created symlink from /etc/systemd/system/basic.target.wants/iptables.service to /usr/lib/systemd/system/iptables.service.
[root@zhdy-01 ~]# iptables -F
[root@zhdy-01 ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
1.3 测试是否可以ping通
2.1 在Load Balancer上面安装:
[root@zhdy-01 ~]# yum install -y ipvsadm
2.2 编写脚本:vim /usr/local/sbin/lvs_nat.sh
//,LVS架构几乎都是以脚本的形式内容如下
#! /bin/bash
# director 服务器上开启路由转发功能
echo 1 > /proc/sys/net/ipv4/ip_forward
# 关闭icmp的重定向
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects
# 注意区分网卡名字,两个网卡分别为ens33和ens37
echo 0 > /proc/sys/net/ipv4/conf/ens33/send_redirects
echo 0 > /proc/sys/net/ipv4/conf/ens37/send_redirects
# director 设置nat防火墙
iptables -t nat -F
iptables -t nat -X
iptables -t nat -A POSTROUTING -s 192.168.230.0/24 -j MASQUERADE
# director设置ipvsadm
IPVSADM='/usr/sbin/ipvsadm'
$IPVSADM -C
$IPVSADM -A -t 192.168.138.128:80 -s wlc -p 3
$IPVSADM -a -t 192.168.138.128:80 -r 192.168.230.142:80 -m -w 1
$IPVSADM -a -t 192.168.138.128:80 -r 192.168.230.144:80 -m -w 1
-s wlc -p 3 //这个就是之前我们说的算法,-p 超时时间,Load Balancer服务器自动分发到不同的Real Server服务器
echo 0 > /proc/sys/net/ipv4/conf/all/send_redirects echo 0 > /proc/sys/net/ipv4/conf/default/send_redirects //关闭重定向。
2.3 执行脚本
[[email protected] ~]# sh /usr/local/sbin/lvs_nat.sh
2.4 测试
先查看一下设置的规则:
[[email protected]01 ~]# ipvsadm -ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.138.128:80 wlc persistent 3
-> 192.168.230.142:80 Masq 1 0 0
-> 192.168.230.144:80 Masq 1 0 3
由于在外部浏览器测试访问公网IP缓存问题导致实验结果不理想,所以我们用curl来测试:
[[email protected]01 ~]# curl 192.168.138.128
this is zhdy-02 server.
[[email protected]01 ~]# curl 192.168.138.128
this is zhdy-03 server.
[[email protected]01 ~]# curl 192.168.138.128
this is zhdy-02 server.
[[email protected]01 ~]# curl 192.168.138.128
this is zhdy-03 server.
[[email protected]01 ~]# curl 192.168.138.128
this is zhdy-02 server.
[[email protected]01 ~]# curl 192.168.138.128
this is zhdy-03 server.
[[email protected]01 ~]# curl 192.168.138.128
this is zhdy-02 server.
[[email protected]01 ~]# curl 192.168.138.128
this is zhdy-03 server.
[[email protected]01 ~]# curl 192.168.138.128
this is zhdy-02 server.
[[email protected]01 ~]# curl 192.168.138.128
是不是很有规律的去把来访的需求分别不同的分发到各个服务器!