- 论坛徽章:
- 0
|
本帖最后由 aaa1111sss 于 2013-03-22 02:28 编辑
先要说明的是,下面的做法是为了实验,要是只是为了共享上网,就不必这么复杂了
组网拓扑是这样:
tp-link无线路由器(该无线路由器连上公网)------笔记本安装了win7和虚拟机,虚拟机中安装了CentOS几台(其中,用来测试的有两台,一台做共享上网的服务器,一台做客户端)
tp-link的地址是192.168.2.1
作为共享上网服务器的虚拟机的IP地址是这样的,配置了双网卡,两张网卡都是从虚拟机中加载的,模式都是bridged
这两个网卡分别是 eth0 eth1,地址分别是192.168.2.21 和 172.16.1.18
另外一台用来模拟局域网内需要通过服务器来共享才能上网的机器的网卡也是用虚拟机的bridged模式,是eth0,地址是172.16.1.19
其中 eth0的地址是 192.168.2.21,分配方式:静态分配,eth0的网关指向无线路由器,以达到使该主机(即用来给其他机器上网服务的主机)能够自己上公网,从而共享给其他机器上网的目的
eth1的地址是172.16.1.18
配置文件如下:
[root@ahello ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29 2:39:E9
inet addr:192.168.2.21 Bcast:192.168.2.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fed2:39e9/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:15050 errors:0 dropped:0 overruns:0 frame:0
TX packets:9747 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1493485 (1.4 MiB) TX bytes:1229535 (1.1 MiB)
Interrupt:67 Base address:0x2024
eth1 Link encap:Ethernet HWaddr 00:0C:292:39:FD
inet addr:172.16.1.18 Bcast:172.16.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fed2:39fd/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7049 errors:0 dropped:0 overruns:0 frame:0
TX packets:3194 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:789215 (770.7 KiB) TX bytes:310270 (302.9 KiB)
Interrupt:75 Base address:0x20a4
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:156 errors:0 dropped:0 overruns:0 frame:0
TX packets:156 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:17955 (17.5 KiB) TX bytes:17955 (17.5 KiB)
[root@ahello ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
# Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]
DEVICE=eth0
BOOTPROTO=none
HWADDR=00:0C:292:39:E9
IPADDR=192.168.2.21
GATEWAY=192.168.2.1
NETMASK=255.255.255.0
ONBOOT=yes
DHCP_HOSTNAME=ahello.linux.net
[root@ahello ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
BOOTPROTO=none
ONBOOT=YES
HWADDR=00:0C:292:39:FD
IPADDR=172.16.1.18
NETMASK=255.255.255.0
TYPE=Ethernet
在这台机器上做了基于iptables的SNAT
[root@ahello ~]# iptables -t nat -nvxL
Chain PREROUTING (policy ACCEPT 787 packets, 93312 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 162 packets, 12614 bytes)
pkts bytes target prot opt in out source destination
39 3180 SNAT all -- * eth0 172.16.1.0/24 0.0.0.0/0 to:192.168.2.21
Chain OUTPUT (policy ACCEPT 162 packets, 12614 bytes)
pkts bytes target prot opt in out source destination
[root@ahello ~]# iptables -nvxL
Chain INPUT (policy ACCEPT 4229 packets, 367764 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 19 packets, 1596 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 3960 packets, 440801 bytes)
pkts bytes target prot opt in out source destination
Chain RH-Firewall-1-INPUT (0 references)
pkts bytes target prot opt in out source destination
这台机器的resolv.conf配置如下:
[root@ahello ~]# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
search localdomain
nameserver 192.168.2.1
具体的在该主机上做的SNAT配置是
[root@ahello ~]# iptables -t nat -I POSTROUTING -s 172.16.1.0/255.255.255.0 -o eth0 -j SNAT --to 192.168.2.21
该主机的路由表如下:
[root@ahello ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
172.16.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eht1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eht1
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth0
并打开这台机器的转发功能:
[root@ahello ~]# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 4294967295
kernel.shmall = 268435456
这台主机上网和解析域名都是正常的:
[root@ahello ~]# ping www.baidu.com
PING www.a.shifen.com (61.135.169.105) 56(84) bytes of data.
64 bytes from 61.135.169.105: icmp_seq=1 ttl=46 time=104 ms
64 bytes from 61.135.169.105: icmp_seq=2 ttl=46 time=104 ms
64 bytes from 61.135.169.105: icmp_seq=3 ttl=46 time=105 ms
64 bytes from 61.135.169.105: icmp_seq=4 ttl=46 time=104 ms
--- www.a.shifen.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3001ms
rtt min/avg/max/mdev = 104.023/104.472/105.085/0.586 ms
另外一台虚拟机,网络地址也是静态的,是172.16.1.19,网关指向上面所说的主机,即指向172.16.18
具体配置如下:
[root@bhello ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
# Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]
DEVICE=eth0
BOOTPROTO=none
HWADDR=00:0C:29:84:155
ONBOOT=yes
IPADDR=172.16.1.19
GATEWAY=172.16.1.18
NETMASK=255.255.255.0
DHCP_HOSTNAME=bhello.linux.net
在这台机器上ping共享服务器的两个网卡的地址,ping无线路由器的地址都是正常的,ping本地区的运营商DNS地址也是正常的
[root@bhello ~]# ping 172.16.1.8 #ping 另外一台虚拟机,即ping共享上网服务器的地址,正常
PING 172.16.1.8 (172.16.1.3) 56(84) bytes of data.
64 bytes from 172.16.1.8: icmp_seq=1 ttl=64 time=1.67 ms
64 bytes from 172.16.1.8: icmp_seq=2 ttl=64 time=0.201 ms
64 bytes from 172.16.1.8: icmp_seq=3 ttl=64 time=0.449 ms
64 bytes from 172.16.1.8: icmp_seq=4 ttl=64 time=0.512 ms
--- 172.16.1.8 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3000ms
rtt min/avg/max/mdev = 0.201/0.708/1.673/0.569 ms
[root@bhello ~]# ping 192.168.2.21
PING 192.168.2.21 (192.168.2.21) 56(84) bytes of data.
64 bytes from 192.168.2.21: icmp_seq=1 ttl=64 time=0.506 ms
64 bytes from 192.168.2.21: icmp_seq=2 ttl=64 time=0.223 ms
64 bytes from 192.168.2.21: icmp_seq=3 ttl=64 time=0.152 ms
64 bytes from 192.168.2.21: icmp_seq=4 ttl=64 time=0.574 ms
--- 192.168.2.21 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2998ms
rtt min/avg/max/mdev = 0.152/0.363/0.574/0.181 ms
[root@bhello ~]# ping 192.168.2.1 #ping无线路由器地址,正常
PING 192.168.2.1 (192.168.2.1) 56(84) bytes of data.
64 bytes from 192.168.2.1: icmp_seq=1 ttl=63 time=5.25 ms
64 bytes from 192.168.2.1: icmp_seq=2 ttl=63 time=7.82 ms
64 bytes from 192.168.2.1: icmp_seq=3 ttl=63 time=7.31 ms
64 bytes from 192.168.2.1: icmp_seq=4 ttl=63 time=3.86 ms
--- 192.168.2.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3000ms
rtt min/avg/max/mdev = 3.865/6.066/7.825/1.592 ms
[root@bhello ~]# ping 202.106.196.115 #ping本地区运营商DNS地址,正常
PING 202.106.196.115 (202.106.196.115) 56(84) bytes of data.
64 bytes from 202.106.196.115: icmp_seq=1 ttl=58 time=10.4 ms
64 bytes from 202.106.196.115: icmp_seq=2 ttl=58 time=8.87 ms
64 bytes from 202.106.196.115: icmp_seq=3 ttl=58 time=8.44 ms
64 bytes from 202.106.196.115: icmp_seq=4 ttl=58 time=7.51 ms
--- 202.106.196.115 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3002ms
rtt min/avg/max/mdev = 7.516/8.812/10.413/1.050 ms
配置好后,目的是要让172.16.1.19的机器能够通过172.16.18来上网,发现,访问IP地址是可以的,但是,访问域名不行
[root@bhello ~]# ping 8.8.8.8 #ping google的DNS正常
PING 8.8.8.8 (8.8.8. 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=58 time=12.1 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=58 time=7.88 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=58 time=9.19 ms
64 bytes from 8.8.8.8: icmp_seq=4 ttl=58 time=7.95 ms
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 7.880/9.296/12.156/1.735 ms
[root@bhello ~]# ping www.baidu.com #ping 域名,不能解析
ping: unknown host www.baidu.com
[root@bhello ~]# cat /etc/resolv.conf #DNS服务器指向共享上网的服务器
; generated by /sbin/dhclient-script
search localdomain
nameserver 172.16.1.18 #尝试过将该DNS服务器地址改为无线路由器的地址,即改为192.168.2.1,结果仍然是不能解析
[root@bhello ~]#
该机器的路由表如下:
[root@bhello ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
172.16.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 172.16.1.18 0.0.0.0 UG 0 0 0 eth0
该机器的防火墙是关闭的:
[root@bhello ~]# service iptables status
Firewall is stopped.
请大家给出建议解决办法,解决:在172.16.1.19机器上不能解析域名的问题,是什么愿意导致的?如何解决?谢谢 |
|
免费注册
发表于 2013-03-22 01:46
发表于 2013-03-22 07:58