Linux虛擬機做網關實現區域網上網

火星人 @ 2014-03-23 , reply:0



一直都是用的XP通過ADSL上網,由於XP沒有路由的功能,所以一直只能讓宿主機和客戶機(虛擬機)其中的一個上網.今天突發奇想,用虛擬機做宿主機的網關,形成一個小型區域網上網的模型.

宿主機:XP,192.168.1.11
虛擬機:redhat 9,192.168.1.13

首先要保證linux上已經裝了撥號軟體pppoe

將虛擬機的網關設置去掉
[root@localhost root]# less /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=none
IPADDR=192.168.1.13
NETMASK=255.255.255.0
TYPE=Ethernet
USERCTL=no
PEERDNS=no
NETWORK=192.168.1.0
BROADCAST=192.168.1.255

配置adsl連接信息
[root@localhost root]# adsl-setup
Welcome to the ADSL client setup. First, I will run some checks on
your system to make sure the PPPoE client is installed properly...

LOGIN NAME
Enter your Login Name (default root): 輸入adsl帳號

INTERFACE
Enter the Ethernet interface connected to the ADSL modem
For Solaris, this is likely to be something like /dev/hme0.
For Linux, it will be ethX, where 'X' is a number.
(default eth0): 輸入連接modem的網卡

Do you want the link to come up on demand, or stay up continuously?
If you want it to come up on demand, enter the idle time in seconds
after which the link should be dropped. If you want the link to
stay up permanently, enter 'no' (two letters, lower-case.)
NOTE: Demand-activated links do not interact well with dynamic IP
addresses. You may have some problems with demand-activated links.
Enter the demand value (default no): 直接回車即可

DNS
Please enter the IP address of your ISP's primary DNS server.
If your ISP claims that 'the server will provide dynamic DNS addresses',
enter 'server' (all lower-case) here.
If you just press enter, I will assume you know what you are
doing and not modify your DNS setup.
Enter the DNS information here: 輸入DNS的地址,如果是由ADSL自動獲取,則輸入server

PASSWORD
Please enter your Password: ADSL的密碼
Please re-enter your Password: 再輸入一次密碼

USERCTRL
Please enter 'yes' (two letters, lower-case.) if you want to allow
normal user to start or stop DSL connection (default yes): 直接回車即可

FIREWALLING
Please choose the firewall rules to use. Note that these rules are
very basic. You are strongly encouraged to use a more sophisticated
firewall setup; however, these will provide basic security. If you
are running any servers on your machine, you must choose 'NONE' and
set up firewalling yourself. Otherwise, the firewall rules will deny
access to all standard servers like Web, e-mail, ftp, etc. If you
are using SSH, the rules will block outgoing SSH connections which
allocate a privileged source port.

The firewall choices are:
0 - NONE: This script will not set any firewall rules. You are responsible
for ensuring the security of your machine. You are STRONGLY
recommended to use some kind of firewall rules.
1 - STANDALONE: Appropriate for a basic stand-alone web-surfing workstation
2 - MASQUERADE: Appropriate for a machine acting as an Internet gateway
for a LAN
Choose a type of firewall (0-2): 是否啟用防火牆,0表示不設

Start this connection at boot time
Do you want to start this connection at boot time?
Please enter no or yes (default no): 是否在系統啟動的時候連接.默認是否

** Summary of what you entered ** 之前輸入的所有信息概要如下
Ethernet Interface: eth0
User name: xxx
Activate-on-demand: No
DNS addresses: Supplied by ISP's server
Firewalling: NONE
User Control: yes
Accept these settings and adjust configuration files (y/n)? y 是否寫入配置文件
Adjusting /etc/sysconfig/network-scripts/ifcfg-ppp0
Adjusting /etc/ppp/chap-secrets and /etc/ppp/pap-secrets
(But first backing it up to /etc/ppp/chap-secrets.bak)
(But first backing it up to /etc/ppp/pap-secrets.bak)

Congratulations, it should be all set up!

Type '/sbin/ifup ppp0' to bring up your xDSL link and '/sbin/ifdown ppp0'
to bring it down.
Type '/sbin/adsl-status /etc/sysconfig/network-scripts/ifcfg-ppp0'
to see the link status.

啟動adsl,開始撥號
[root@localhost root]# adsl-start

撥號成功查看當前網路信息
[root@localhost root]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:XX:XX:XX:XX
inet addr:192.168.1.13 Bcast:192.168.1.255 Mask:255.255.255.0

ppp0 Link encap:Point-to-Point Protocol
inet addr:59.175.103.180 P-t-P:59.175.102.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:3 errors:0 dropped:0 overruns:0 frame:0
TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:54 (54.0 b) TX bytes:54 (54.0 b)

測試,ping外網域名
[root@localhost root]# ping www.baidu.com
PING www.a.shifen.com (220.181.37.4) 56(84) bytes of data.
64 bytes from 220.181.37.4: icmp_seq=1 ttl=52 time=100 ms
64 bytes from 220.181.37.4: icmp_seq=2 ttl=52 time=102 ms

這樣就實現了虛擬機通過ADSL上網,查看當前路由信息
[root@localhost root]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
59.175.102.1 * 255.255.255.255 UH 0 0 0 ppp0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 59.175.102.1 0.0.0.0 UG 0 0 0 ppp0

默認網關已經指向了外網的出口.

開始啟用轉發和nat,實現內外網的路由和NAT轉換
[root@localhost root]# echo 0 > /proc/sys/net/ipv4/ip_forward
[root@localhost root]# iptables -t filter -F
[root@localhost root]# iptables -t nat -F
[root@localhost root]# iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQU
ERADE
[root@localhost root]# echo 1 > /proc/sys/net/ipv4/ip_forward

將xp的網關設為linux的ip192.168.1.13,DNS設為ADSL的DNS,如武漢的為202.103.24.68.這樣就可以在XP上上網了.

在上一篇文章linux做網關的時候,並沒有使用iptables.例如在linux 1.13上增加另一個網路的ip 0.13,只需要使用echo 1 > /proc/sys/net/ipv4/ip_forward來 啟用轉發,客戶xp1.11的網關指向1.13就可以ping通1.13了

因為此時linux只是單純的路由轉發,而它做adsl內網網關的時候發生了NAT,所以需要使用iptables.

記得每次修改IP設置之後要重啟網卡,並且重新啟動轉發
echo 1 > /proc/sys/net/ipv4/ip_forward

附記:
做完linux虛擬機網關的實驗后,關閉vmware回到xp中連接adsl,報錯:域上的用戶名/密碼錯誤.禁用本地連接發現死在那裡了,啟用的時候報連接失敗.只能重啟看看了,誰知道就停在那裡了,不耐煩就按了reset.發現在選擇系統的那個地方停住了,選擇進入安全模式也是停在那個地方.重複若干次都不行.害怕,懊惱,鬱悶….難道要重新裝系統??拿出系統盤,放入光碟機,還是覺得不甘心,準備嘗試一下,仍然停在那個地方,把插著的U盤拔了,竟然就進去了.不由得長噓一口氣,一場虛驚啊…佛祖保佑….

不過實驗幾次后發現確實有這個問題,修改了本地連接之後,再用adsl連接會報域上的用戶名/密碼錯誤.沒辦法只好把modem重啟了.




[火星人 via ] Linux虛擬機做網關實現區域網上網已經有130次圍觀

http://www.coctec.com/docs/linux/show-post-122030.html