Linux:如何让内网的服务器能上网
程序员文章站
2022-03-03 20:13:13
...
如何让内网的服务器能上网
内网的服务器一般是无法连接外网的,但是有时候希望内网的服务器能够连接外网,应该怎么做呢?这样以两台CentOS7的机器为对象,分享一下我的思路。
机器
node-1 192.168.186.31
tomcat-1 192.168.186.81
实验设计思路
node-1作为可以上外网的服务器,tomcat-1是无法直接连接外网的服务器。由于这两台都是我电脑上的虚拟机,所以装出来的时候看到都是可以上网的,实验中,我要先把tomcat-1的路由去掉,这样它就无法通过默认的192.168.186.2上网了,然后我再想办法让它能上网。
断tomcat-1的网
[[email protected] ~]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.186.2 0.0.0.0 UG 0 0 0 ens33
169.254.0.0 0.0.0.0 255.255.0.0 U 1002 0 0 ens33
192.168.186.0 0.0.0.0 255.255.255.0 U 0 0 0 ens33
[[email protected] ~]# ping www.baidu.com
PING www.a.shifen.com (183.232.231.174) 56(84) bytes of data.
64 bytes from 183.232.231.174 (183.232.231.174): icmp_seq=1 ttl=128 time=49.5 ms
64 bytes from 183.232.231.174 (183.232.231.174): icmp_seq=2 ttl=128 time=58.4 ms
64 bytes from 183.232.231.174 (183.232.231.174): icmp_seq=3 ttl=128 time=80.0 ms
64 bytes from 183.232.231.174 (183.232.231.174): icmp_seq=4 ttl=128 time=57.6 ms
64 bytes from 183.232.231.174 (183.232.231.174): icmp_seq=5 ttl=128 time=41.9 ms
^C
--- www.a.shifen.com ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 41.919/57.533/80.070/12.775 ms
#没删除之前,是可以ping通百度的
[[email protected] ~]# route del -net 0.0.0.0
[[email protected] ~]# ping www.baidu.com
ping: www.baidu.com: Name or service not known
[[email protected] ~]# cat /etc/resolv.conf
# Generated by NetworkManager
search localdomain
nameserver 223.6.6.6
[[email protected] ~]# ping 114.114.114.114
connect: Network is unreachable
#删除路由之后,无法访问外网了
[[email protected] ~]# ping 192.168.186.31
PING 192.168.186.31 (192.168.186.31) 56(84) bytes of data.
64 bytes from 192.168.186.31: icmp_seq=1 ttl=64 time=0.644 ms
64 bytes from 192.168.186.31: icmp_seq=2 ttl=64 time=0.305 ms
64 bytes from 192.168.186.31: icmp_seq=3 ttl=64 time=0.259 ms
64 bytes from 192.168.186.31: icmp_seq=4 ttl=64 time=0.300 ms
^C
--- 192.168.186.31 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3001ms
rtt min/avg/max/mdev = 0.259/0.377/0.644/0.155 ms
#确认可以ping通node-1
方法:使用route为tomcat添加路由,通过node-1上网
[[email protected] ~]# route add -net 0.0.0.0 netmask 0.0.0.0 gw 192.168.186.31
#要打开node-1的路由转发功能
[[email protected] ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
[[email protected] ~]# ping www.baidu.com
PING www.a.shifen.com (183.232.231.172) 56(84) bytes of data.
64 bytes from 183.232.231.172 (183.232.231.172): icmp_seq=1 ttl=128 time=43.3 ms
64 bytes from 183.232.231.172 (183.232.231.172): icmp_seq=2 ttl=128 time=73.7 ms
64 bytes from 183.232.231.172 (183.232.231.172): icmp_seq=3 ttl=128 time=68.4 ms
64 bytes from 183.232.231.172 (183.232.231.172): icmp_seq=4 ttl=128 time=55.6 ms
64 bytes from 183.232.231.172 (183.232.231.172): icmp_seq=5 ttl=128 time=55.7 ms
^C
--- www.a.shifen.com ping statistics ---
6 packets transmitted, 5 received, 16% packet loss, time 5010ms
rtt min/avg/max/mdev = 43.301/59.389/73.749/10.725 ms
#再次ping百度,可以通,说明tomcat-1通过node-1进行访问外网,node-1相当于一个代理
#如果node-1上有防火墙规则,记得要添加防火墙规则
[[email protected] ~]# iptables -t nat -A POSTROUTING -s 192.168.186.81 -j SNAT --to 192.168.186.31
上一篇: 路由嵌套
下一篇: 两种方法对经典最小二乘法的改进