linux下双网卡双网关配置

2021-07-06 04:45:41

要求：

eth0：192.168.100.203 连接内网，网关为192.168.100.1。需要和192.168.10.0、192.168.12.0、192.168.100.0、10.2.2.0、10.2.1.0网段通信。

eth1:172.16.0.203 连接外网，网关为172.16.0.254。需要访问外网。

配置思路：

eth1设置默认网关，生成0.0.0.0的默认路由，eth0不设置网关，手动添加静态路由。

[root@dcServer003 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0

# Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet

DEVICE=eth0

BOOTPROTO=none

HWADDR=D8:D3::FA::

ONBOOT=yes

IPADDR=192.168.100.203

NETMASK=255.255.255.0

#GATEWAY=192.168.100.1

TYPE=Ethernet

eth0 配置

[root@dcServer003 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1

# Broadcom Corporation NetXtreme II BCM5709 Gigabit Ethernet

DEVICE=eth1

BOOTPROTO=static

HWADDR=d8:d3::fa::

ONBOOT=yes

NETMASK=255.255.255.0

IPADDR=172.16.0.203

GATEWAY=172.16.0.254

TYPE=Ethernet

eth1配置

[root@dcServer003 ~]# cat /etc/rc.local

#!/bin/sh

#

# This script will be executed *after* all the other init scripts.

# You can put your own initialization stuff in here if you don't

# want to do the full Sys V style init stuff.

touch /var/lock/subsys/local

route add -net 192.168.10.0/ gw 192.168.100.1 eth0

route add -net 192.168.12.0/ gw 192.168.100.1 eth0

route add -net 192.168.100.0/ gw 192.168.100.1 eth0

route add -net 10.2.1.0/ gw 192.168.100.1 eth0

route add -net 10.2.2.0/ gw 192.168.100.1 eth0

[root@dcServer003 ~]# route

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

192.168.100.0   192.168.100.1   255.255.255.0   UG                   eth0

192.168.100.0   *               255.255.255.0   U                    eth0

10.2.1.0        192.168.100.1   255.255.255.0   UG                   eth0

10.2.2.0        192.168.100.1   255.255.255.0   UG                   eth0

172.16.0.0      *               255.255.255.0   U                    eth1

192.168.12.0    192.168.100.1   255.255.255.0   UG                   eth0

192.168.10.0    192.168.100.1   255.255.255.0   UG                   eth0

169.254.0.0     *               255.255.0.0     U                    eth1

default         172.16.0.254    0.0.0.0         UG                   eth1

[root@dcServer003 ~]# tracert www.baidu.com

traceroute to www.baidu.com (61.135.169.121),  hops max,  byte packets

   172.16.0.254 (172.16.0.254)  0.521 ms  0.518 ms  0.517 ms

   100.64.0.1 (100.64.0.1)  3.451 ms  3.524 ms  3.558 ms

   111.175.224.53 (111.175.224.53)  3.672 ms  3.686 ms  3.774 ms

   111.175.208.229 (111.175.208.229)  8.447 ms  8.430 ms  8.434 ms

    (202.97.67.29)  32.737 ms  32.593 ms  32.817 ms

   202.97.88.254 (202.97.88.254)  27.398 ms * *

   219.158.44.133 (219.158.44.133)  26.144 ms * *

   * * *

   61.49.214.6 (61.49.214.6)  27.650 ms  27.653 ms  27.715 ms

  123.126.6.118 (123.126.6.118)  25.847 ms  25.937 ms  26.910 ms

  * 61.49.168.78 (61.49.168.78)  24.593 ms *

  61.135.169.121 (61.135.169.121)  26.060 ms  26.112 ms  25.905 ms

[root@dcServer003 ~]# tracert 192.168.10.61

traceroute to 192.168.10.61 (192.168.10.61),  hops max,  byte packets

   192.168.100.2 (192.168.100.2)  3.135 ms  3.112 ms  3.201 ms

   192.168.10.61 (192.168.10.61)  0.345 ms  0.351 ms  0.349 ms

实际工作中192.168.100.203上开启了一个squid代理，所以需要开启路由转发：echo 1 > /proc/sys/net/ipv4/ip_forward

设置本地两个网卡能互ping：

iptables -t nat -A POSTROUTING -s 192.168.100.0/24 -d 172.16.0.0/24 -o eth1 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 172.16.0.0/24 -d 192.168.100.0/24 -o eth0 -j MASQUERADE

码农公寓

相关文章