欢迎您访问程序员文章站本站旨在为大家提供分享程序员计算机编程知识!
您现在的位置是: 首页

Linux:如何让内网的服务器能上网

程序员文章站 2022-03-03 20:13:13
...

如何让内网的服务器能上网

内网的服务器一般是无法连接外网的,但是有时候希望内网的服务器能够连接外网,应该怎么做呢?这样以两台CentOS7的机器为对象,分享一下我的思路。

机器
node-1 192.168.186.31
tomcat-1 192.168.186.81
实验设计思路
node-1作为可以上外网的服务器,tomcat-1是无法直接连接外网的服务器。由于这两台都是我电脑上的虚拟机,所以装出来的时候看到都是可以上网的,实验中,我要先把tomcat-1的路由去掉,这样它就无法通过默认的192.168.186.2上网了,然后我再想办法让它能上网。
断tomcat-1的网

[[email protected] ~]# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
0.0.0.0         192.168.186.2   0.0.0.0         UG    0      0        0 ens33
169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 ens33
192.168.186.0   0.0.0.0         255.255.255.0   U     0      0        0 ens33
[[email protected] ~]# ping www.baidu.com
PING www.a.shifen.com (183.232.231.174) 56(84) bytes of data.
64 bytes from 183.232.231.174 (183.232.231.174): icmp_seq=1 ttl=128 time=49.5 ms
64 bytes from 183.232.231.174 (183.232.231.174): icmp_seq=2 ttl=128 time=58.4 ms
64 bytes from 183.232.231.174 (183.232.231.174): icmp_seq=3 ttl=128 time=80.0 ms
64 bytes from 183.232.231.174 (183.232.231.174): icmp_seq=4 ttl=128 time=57.6 ms
64 bytes from 183.232.231.174 (183.232.231.174): icmp_seq=5 ttl=128 time=41.9 ms
^C
--- www.a.shifen.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 41.919/57.533/80.070/12.775 ms
#没删除之前,是可以ping通百度的
[[email protected] ~]# route del -net 0.0.0.0
[[email protected] ~]# ping www.baidu.com
ping: www.baidu.com: Name or service not known
[[email protected] ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search localdomain
nameserver 223.6.6.6
[[email protected] ~]# ping 114.114.114.114
connect: Network is unreachable
#删除路由之后,无法访问外网了
[[email protected] ~]# ping 192.168.186.31
PING 192.168.186.31 (192.168.186.31) 56(84) bytes of data.
64 bytes from 192.168.186.31: icmp_seq=1 ttl=64 time=0.644 ms
64 bytes from 192.168.186.31: icmp_seq=2 ttl=64 time=0.305 ms
64 bytes from 192.168.186.31: icmp_seq=3 ttl=64 time=0.259 ms
64 bytes from 192.168.186.31: icmp_seq=4 ttl=64 time=0.300 ms
^C
--- 192.168.186.31 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3001ms
rtt min/avg/max/mdev = 0.259/0.377/0.644/0.155 ms
#确认可以ping通node-1

方法:使用route为tomcat添加路由,通过node-1上网

[[email protected] ~]# route add -net 0.0.0.0 netmask 0.0.0.0 gw 192.168.186.31
#要打开node-1的路由转发功能
[[email protected] ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
[[email protected] ~]# ping www.baidu.com
PING www.a.shifen.com (183.232.231.172) 56(84) bytes of data.
64 bytes from 183.232.231.172 (183.232.231.172): icmp_seq=1 ttl=128 time=43.3 ms
64 bytes from 183.232.231.172 (183.232.231.172): icmp_seq=2 ttl=128 time=73.7 ms
64 bytes from 183.232.231.172 (183.232.231.172): icmp_seq=3 ttl=128 time=68.4 ms
64 bytes from 183.232.231.172 (183.232.231.172): icmp_seq=4 ttl=128 time=55.6 ms
64 bytes from 183.232.231.172 (183.232.231.172): icmp_seq=5 ttl=128 time=55.7 ms
^C
--- www.a.shifen.com ping statistics ---
6 packets transmitted, 5 received, 16% packet loss, time 5010ms
rtt min/avg/max/mdev = 43.301/59.389/73.749/10.725 ms
#再次ping百度,可以通,说明tomcat-1通过node-1进行访问外网,node-1相当于一个代理
#如果node-1上有防火墙规则,记得要添加防火墙规则
[[email protected] ~]# iptables -t nat -A POSTROUTING -s 192.168.186.81 -j SNAT --to 192.168.186.31