Centos网络管理-路由转发与静态路由
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Centos网络管理-路由转发与静态路由相关的知识,希望对你有一定的参考价值。
实验环境:VMware Workstation Pro 14(试用版)
系统平台:
CentOS release 6.9 (Final) 内核 2.6.32-696.el6.x86_64
CentOS Linux release 7.4.1708 (Core) 内核 3.10.0-693.el7.x86_64
网络拓扑图
虚拟机网络设置
配置A的ip地址
#cat > /etc/sysconfig/network-scripts/ifcfg-eth1 <<EOF
DEVICE=eth1
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.27.210
PREFIX=24
EOF
生成配置网卡配置文件后,需要重新启动网络服务。
#service network restart
验证IP
配置R1的ip地址
ens33
#nmcli connection add con-name ens33 ifname ens33 type ethernet ipv6.method ignore ipv4.never-default yes ipv4.ignore-auto-dns yes ipv4.method manual ipv4.addresses 192.168.27.200/24
ens36
#nmcli connection add con-name ens36 ifname ens36 type ethernet ipv6.method ignore ipv4.never-default yes ipv4.ignore-auto-dns yes ipv4.method manual ipv4.addresses 10.0.0.200/8
验证IP
测试
由于A的eth1接口与R1的ens33接口是同一个网络,因此直接可以测试了
R1 > A
#ping 192.168.27.210 -c 2 -s 192.168.27.200
PING 192.168.27.210 (192.168.27.210) 56(84) bytes of data.
64 bytes from 192.168.27.210: icmp_seq=1 ttl=64 time=0.408 ms
64 bytes from 192.168.27.210: icmp_seq=2 ttl=64 time=0.308 ms
A > R1
#ping 192.168.27.200 -c 2
PING 192.168.27.200 (192.168.27.200) 56(84) bytes of data.
64 bytes from 192.168.27.200: icmp_seq=1 ttl=64 time=0.927 ms
64 bytes from 192.168.27.200: icmp_seq=2 ttl=64 time=0.323 ms
配置R2的ip地址
eth0
#cat > /etc/sysconfig/network-scripts/ifcfg-eth0 <<EOF
DEVICE=eth0
BOOTPROTO=static
ONBOOT=yes
IPADDR=10.0.0.201
PREFIX=8
EOF
#ifup eth0
eth1
#cat > /etc/sysconfig/network-scripts/ifcfg-eth1 <<EOF
DEVICE=eth1
BOOTPROTO=statice
ONBOOT=yes
IPADDR=172.18.0.200
PREFIX=16
EOF
#ifup eth1
验证IP
测试
由于R2的eth0接口与R1的ens36接口是同一个网络,因此直接可以测试了
R1 > R2
#ping 10.0.0.201 -c 2 -s 10.0.0.200
PING 10.0.0.201 (10.0.0.201) 10(38) bytes of data.
18 bytes from 10.0.0.201: icmp_seq=1 ttl=64
18 bytes from 10.0.0.201: icmp_seq=2 ttl=64
R2 > R1
#ping 10.0.0.200 -c 2 -s 10.0.0.201
PING 10.0.0.200 (10.0.0.200) 10(38) bytes of data.
18 bytes from 10.0.0.200: icmp_seq=1 ttl=64
18 bytes from 10.0.0.200: icmp_seq=2 ttl=64
配置R3的ip地址
ens33
#nmcli connection add con-name ens33 ifname ens33 type ethernet ipv6.method ignore ipv4.never-default yes ipv4.ignore-auto-dns yes ipv4.method manual ipv4.addresses 172.18.0.201/16
ens36
#nmcli connection add con-name ens36 ifname ens36 type ethernet ipv6.method ignore ipv4.never-default yes ipv4.ignore-auto-dns yes ipv4.method manual ipv4.addresses 188.168.0.200/16
测试
由于R3的ens33接口与R2的eth1接口是同一个网络,因此直接可以测试了
R3 > R2
#ping 172.18.0.200 -c 2 -s 172.18.0.201
PING 172.18.0.200 (172.18.0.200) 172(200) bytes of data.
180 bytes from 172.18.0.200: icmp_seq=1 ttl=64 time=0.892 ms
180 bytes from 172.18.0.200: icmp_seq=2 ttl=64 time=0.415 ms
R2 > R3
#ping 172.18.0.201 -c 2 -s 172.18.0.200
PING 172.18.0.201 (172.18.0.201) 172(200) bytes of data.
180 bytes from 172.18.0.201: icmp_seq=1 ttl=64 time=0.915 ms
180 bytes from 172.18.0.201: icmp_seq=2 ttl=64 time=0.360 ms
验证IP
配置B的ip地址
ens36
#nmcli connection add con-name ens36 ifname ens36 type ethernet ipv6.method ignore ipv4.never-default yes ipv4.ignore-auto-dns yes ipv4.method manual ipv4.addresses 188.168.0.210/16
验证IP
测试
由于B的ens36接口与R3的ens36接口是同一个网络,因此直接可以测试了
B > R3
#ping 188.168.0.200 -c 2
PING 188.168.0.200 (188.168.0.200) 56(84) bytes of data.
64 bytes from 188.168.0.200: icmp_seq=1 ttl=64 time=1.08 ms
64 bytes from 188.168.0.200: icmp_seq=2 ttl=64 time=0.335 ms
实验目标
A 与 B 可以相互通讯
经过上面对5台Centos 主机的IP设置后,还需要做以下设置:
1. 所有的主机关闭selinux
#sed -i.bak '[email protected][email protected][email protected]' /etc/selinux/config;setenforce 0;getenforce
显示如下为成功
Permissive 或 Disabled
2. 所有的主机的iptables
Centos 6
#service iptables stop;chkconfig iptables off;service iptables status
显示如下为成功
iptables: Firewall is not running.
Centos 7
#systemctl stop firewalld.service ;systemctl disable firewalld.service |systemctl status firewalld.service|grep Active
显示如下为成功
Active: inactive (dead)
3. R1,R2,R3开启路由转发功能
#sysctl -w net.ipv4.ip_forward=1;echo 'net.ipv4.ip_forward = 1' > /etc/sysctl.d/ipv4.conf
显示1为成功
此时从A ping B
#ping 188.168.0.201
connect: Network is unreachable
此时从B ping A
#ping 192.168.27.210
connect: Network is unreachable
配置A静态路由
#route -n
Kernel IP routing table 这是原来的路由
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.27.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
先临时指定测试,正常了再写入文件,以便重启后生效
#ip route add default via 192.168.27.200
#cat > /etc/sysconfig/network-scripts/route-eth1 <<EOF
ADDRESS0=0.0.0.0
NETMASK0=0.0.0.0
GATEWAY0=192.168.27.200
EOF
#route -n
Kernel IP routing table 添加了一条默认路由
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.27.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
0.0.0.0 192.168.27.200 0.0.0.0 UG 0 0 0 eth1
配置R1静态路由
由于R1属于边缘路由器,因此,设置一条默认路由,从ens36出,到R2的eth0的10.0.0.201
#route -n
Kernel IP routing table 这是原来的路由
Destination Gateway Genmask Flags Metric Ref Use Iface
10.0.0.0 0.0.0.0 255.0.0.0 U 100 0 0 ens36
192.168.27.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
先临时指定测试,正常了再写入文件,以便重启后生效
#ip route add default via 10.0.0.201
#cat > /etc/sysconfig/network-scripts/route-ens36 <<EOF
ADDRESS0=0.0.0.0
NETMASK0=0.0.0.0
GATEWAY0=10.0.0.201
EOF
#route -n
Kernel IP routing table 添加了一条默认路由
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.0.201 0.0.0.0 UG 0 0 0 ens36
10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 ens36
192.168.27.0 0.0.0.0 255.255.255.0 U 100 0 0 ens33
配置R2静态路由
要配置2条路由
一条路由去往VMnet2的网络192.168.27.0/24,从R2的eth0去往R1的ens36的10.0.0.200
一条路由去往VMnet5的网络188.168.0.0/16,从R2的eth1去往R3的ens33的172.18.0.201
#route -n
Kernel IP routing table 这是原来的路由
Destination Gateway Genmask Flags Metric Ref Use Iface
172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0
先临时指定测试,正常了再写入文件,以便重启后生效
#ip route add 192.168.27.0/24 via 10.0.0.200
#cat > /etc/sysconfig/network-scripts/route-eth0 <<EOF
ADDRESS0=192.168.27.0
NETMASK0=255.255.255.0
GATEWAY0=10.0.0.200
EOF
#ip route add 188.168.0.0/16 via 172.18.0.201
#cat > /etc/sysconfig/network-scripts/route-eth1 <<EOF
ADDRESS0=188.168.0.0
NETMASK0=255.255.0.0
GATEWAY0=172.18.0.201
EOF
#route -n
Kernel IP routing table 添加了2条路由
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.27.0 10.0.0.200 255.255.255.0 UG 0 0 0 eth0
188.168.0.0 172.18.0.201 255.255.0.0 UG 0 0 0 eth1
172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
10.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 eth0
配置R3静态路由
由于R3属于边缘路由器,因此,设置一条默认路由,从ens33出,到R2的eth1的172.18.0.200
#route -n
Kernel IP routing table 这是原来的路由
Destination Gateway Genmask Flags Metric Ref Use Iface
172.18.0.0 0.0.0.0 255.255.0.0 U 100 0 0 ens33
188.168.0.0 0.0.0.0 255.255.0.0 U 100 0 0 ens36
先临时指定测试,正常了再写入文件,以便重启后生效
#ip route add default via 172.18.0.200
#cat > /etc/sysconfig/network-scripts/route-ens33 <<EOF
ADDRESS0=0.0.0.0
NETMASK0=0.0.0.0
GATEWAY0=172.18.0.200
EOF
#route -n
Kernel IP routing table 添加了一条默认路由
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.18.0.200 0.0.0.0 UG 0 0 0 ens33
172.18.0.0 0.0.0.0 255.255.0.0 U 0 0 0 ens33
188.168.0.0 0.0.0.0 255.255.0.0 U 100 0 0 ens36
配置B静态路由
#route -n
Kernel IP routing table 这是现在的路由
Destination Gateway Genmask Flags Metric Ref Use Iface
188.168.0.0 0.0.0.0 255.255.0.0 U 100 0 0 ens36
先临时指定测试,正常了再写入文件,以便重启后生效
#ip route add default via 188.168.0.200
#cat > /etc/sysconfig/network-scripts/route-ens36 <<EOF
ADDRESS0=0.0.0.0
NETMASK0=0.0.0.0
GATEWAY0=188.168.0.200
EOF
测试
B > A
#ping 192.168.27.210 -c 2
PING 192.168.27.210 (192.168.27.210) 56(84) bytes of data.
64 bytes from 192.168.27.210: icmp_seq=1 ttl=61 time=2.26 ms
64 bytes from 192.168.27.210: icmp_seq=2 ttl=61 time=1.08 ms
A > B
[[email protected] ~]#ping 188.168.0.210 -c 2
PING 188.168.0.210 (188.168.0.210) 56(84) bytes of data.
64 bytes from 188.168.0.210: icmp_seq=1 ttl=61 time=2.06 ms
64 bytes from 188.168.0.210: icmp_seq=2 ttl=61 time=1.23 ms
每经过一路由器,ttl值-1,64-3=61
路由跟踪
A > B
#traceroute -n 188.168.0.210
traceroute to 188.168.0.210 (188.168.0.210), 30 hops max, 60 byte packets
1 192.168.27.200 1.937 ms 1.194 ms 0.981 ms
2 10.0.0.201 8.910 ms 8.417 ms 8.276 ms
3 172.18.0.201 8.216 ms 8.211 ms 8.159 ms
4 188.168.0.210 8.082 ms 8.027 ms 7.988 ms
B > A
#mtr -rnc 2 192.168.27.210
Start: Wed Dec 20 13:29:12 2017
HOST: centos7.hunk.teh Loss% Snt Last Avg Best Wrst StDev
1.|-- 188.168.0.200 0.0% 2 0.3 0.3 0.3 0.3 0.0
2.|-- 172.18.0.200 0.0% 2 0.5 0.5 0.5 0.6 0.0
3.|-- 10.0.0.200 0.0% 2 0.7 0.7 0.7 0.8 0.0
4.|-- 192.168.27.210 0.0% 2 1.6 1.3 1.0 1.6 0.0
实验完成,总结下:
保存路由信息需要写入到磁盘文件,注意文件格式。文件内容参考我的另一个贴子(Centos网络管理(三)-网络配置相关),以免不生效。
还有一点就是,假如你用nmcli connection down 和 up 网卡,就不要同时混用fdown 和 ifup。貌似会
让网卡配置失效。
多网卡配置时,配置文件中的DEFROUTE=no,不是此值的时候,配置默认路由时不会生效,同时,
ip route add default via 188.168.0.200 命令也不会报错。
以上是关于Centos网络管理-路由转发与静态路由的主要内容,如果未能解决你的问题,请参考以下文章