使用LVS的 NAT 模式实现 3 台RS的轮询访问

Z字小熊饼干爱吃保安2025-03-29 5:05

配置RS1:

bash 复制代码 
#修改主机名
[root@localhost ~]# hostnamectl hostname RS1

#修改网络
[root@localhost ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 172.25.250.9/24 ipv4.gateway 172.25.250.8 connection.autoconnect yes
[root@localhost ~]# nmcli c up ens160

#挂载并下载服务
[root@RS1 ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
[root@RS1 ~]# dnf install nginx -y
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register.

BaseOS                                                2.0 MB/s | 2.7 kB     00:00    
AppStream                                             2.2 MB/s | 3.2 kB     00:00    
Dependencies resolved.
======================================================================================
 Package                    Architecture   Version                  Repository   Size
======================================================================================
Installing:
 nginx                      x86_64         2:1.20.1-20.el9          app          40 k
Installing dependencies:
 nginx-core                 x86_64         2:1.20.1-20.el9          app         574 k
 nginx-filesystem           noarch         2:1.20.1-20.el9          app          11 k
 redhat-logos-httpd         noarch         90.4-2.el9               app          18 k

Transaction Summary
======================================================================================
Install  4 Packages

Total size: 643 k
Installed size: 1.8 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                              1/1 
  Running scriptlet: nginx-filesystem-2:1.20.1-20.el9.noarch                      1/4 
  Installing       : nginx-filesystem-2:1.20.1-20.el9.noarch                      1/4 
  Installing       : nginx-core-2:1.20.1-20.el9.x86_64                            2/4 
  Installing       : redhat-logos-httpd-90.4-2.el9.noarch                         3/4 
  Installing       : nginx-2:1.20.1-20.el9.x86_64                                 4/4 
  Running scriptlet: nginx-2:1.20.1-20.el9.x86_64                                 4/4 
  Verifying        : nginx-2:1.20.1-20.el9.x86_64                                 1/4 
  Verifying        : nginx-core-2:1.20.1-20.el9.x86_64                            2/4 
  Verifying        : nginx-filesystem-2:1.20.1-20.el9.noarch                      3/4 
  Verifying        : redhat-logos-httpd-90.4-2.el9.noarch                         4/4 
Installed products updated.

Installed:
  nginx-2:1.20.1-20.el9.x86_64                nginx-core-2:1.20.1-20.el9.x86_64       
  nginx-filesystem-2:1.20.1-20.el9.noarch     redhat-logos-httpd-90.4-2.el9.noarch    

Complete!

#配置nginx服务
[root@RS1 ~]# echo $(hostname -I) > /usr/share/nginx/html/index.html 

#重启nginx服务
[root@RS1 ~]# systemctl start nginx

#测试是否配置成功
[root@RS1 ~]# curl localhost
172.25.250.9

配置RS2:

bash 复制代码 
#修改主机名
[root@localhost ~]# hostnamectl hostname RS2

#修改网络
[root@localhost ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 172.25.250.19/24 ipv4.gateway 172.25.250.8 connection.autoconnect yes
[root@localhost ~]# nmcli c up ens160

#挂载并下载服务
[root@RS2 ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
[root@RS2 ~]# dnf install nginx -y
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register.

BaseOS                                                1.0 MB/s | 2.7 kB     00:00    
AppStream                                             3.0 MB/s | 3.2 kB     00:00    
Dependencies resolved.
======================================================================================
 Package                    Architecture   Version                  Repository   Size
======================================================================================
Installing:
 nginx                      x86_64         2:1.20.1-20.el9          app          40 k
Installing dependencies:
 nginx-core                 x86_64         2:1.20.1-20.el9          app         574 k
 nginx-filesystem           noarch         2:1.20.1-20.el9          app          11 k
 redhat-logos-httpd         noarch         90.4-2.el9               app          18 k

Transaction Summary
======================================================================================
Install  4 Packages

Total size: 643 k
Installed size: 1.8 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                              1/1 
  Running scriptlet: nginx-filesystem-2:1.20.1-20.el9.noarch                      1/4 
  Installing       : nginx-filesystem-2:1.20.1-20.el9.noarch                      1/4 
  Installing       : nginx-core-2:1.20.1-20.el9.x86_64                            2/4 
  Installing       : redhat-logos-httpd-90.4-2.el9.noarch                         3/4 
  Installing       : nginx-2:1.20.1-20.el9.x86_64                                 4/4 
  Running scriptlet: nginx-2:1.20.1-20.el9.x86_64                                 4/4 
  Verifying        : nginx-2:1.20.1-20.el9.x86_64                                 1/4 
  Verifying        : nginx-core-2:1.20.1-20.el9.x86_64                            2/4 
  Verifying        : nginx-filesystem-2:1.20.1-20.el9.noarch                      3/4 
  Verifying        : redhat-logos-httpd-90.4-2.el9.noarch                         4/4 
Installed products updated.

Installed:
  nginx-2:1.20.1-20.el9.x86_64                nginx-core-2:1.20.1-20.el9.x86_64       
  nginx-filesystem-2:1.20.1-20.el9.noarch     redhat-logos-httpd-90.4-2.el9.noarch    

Complete!

#配置nginx服务
[root@RS2 ~]# echo $(hostname -I) > /usr/share/nginx/html/index.html 

#重启nginx服务
[root@RS2 ~]# systemctl start nginx

#测试服务是否配置成功
[root@RS2 ~]# curl localhost
172.25.250.19

配置RS3:

bash 复制代码 
#修改主机名
[root@localhost ~]# hostnamectl hostname RS3

#修改网络
[root@localhost ~]# nmcli c modify ens160 ipv4.method manual  ipv4.addresses 172.25.250.29/24 ipv4.gateway 172.25.250.8 connection.autoconnect yes
[root@localhost ~]# nmcli c up ens160

#挂载并下载服务
[root@RS3 ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
[root@RS3 ~]# dnf install nginx -y
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register.

BaseOS                                                2.1 MB/s | 2.7 kB     00:00    
AppStream                                             2.9 MB/s | 3.2 kB     00:00    
Dependencies resolved.
======================================================================================
 Package                    Architecture   Version                  Repository   Size
======================================================================================
Installing:
 nginx                      x86_64         2:1.20.1-20.el9          app          40 k
Installing dependencies:
 nginx-core                 x86_64         2:1.20.1-20.el9          app         574 k
 nginx-filesystem           noarch         2:1.20.1-20.el9          app          11 k
 redhat-logos-httpd         noarch         90.4-2.el9               app          18 k

Transaction Summary
======================================================================================
Install  4 Packages

Total size: 643 k
Installed size: 1.8 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                              1/1 
  Running scriptlet: nginx-filesystem-2:1.20.1-20.el9.noarch                      1/4 
  Installing       : nginx-filesystem-2:1.20.1-20.el9.noarch                      1/4 
  Installing       : nginx-core-2:1.20.1-20.el9.x86_64                            2/4 
  Installing       : redhat-logos-httpd-90.4-2.el9.noarch                         3/4 
  Installing       : nginx-2:1.20.1-20.el9.x86_64                                 4/4 
  Running scriptlet: nginx-2:1.20.1-20.el9.x86_64                                 4/4 
  Verifying        : nginx-2:1.20.1-20.el9.x86_64                                 1/4 
  Verifying        : nginx-core-2:1.20.1-20.el9.x86_64                            2/4 
  Verifying        : nginx-filesystem-2:1.20.1-20.el9.noarch                      3/4 
  Verifying        : redhat-logos-httpd-90.4-2.el9.noarch                         4/4 
Installed products updated.

Installed:
  nginx-2:1.20.1-20.el9.x86_64                nginx-core-2:1.20.1-20.el9.x86_64       
  nginx-filesystem-2:1.20.1-20.el9.noarch     redhat-logos-httpd-90.4-2.el9.noarch    

Complete!

#配置nginx服务
[root@RS3 ~]# echo $(hostname -I) > /usr/share/nginx/html/index.html 

#重启服务
[root@RS3 ~]# systemctl start nginx

#测试服务是否配置完成
[root@RS3 ~]# curl localhost
172.25.250.29

配置LVS(作为lvs服务器它有两块网卡 ,但原本的只有一块,我们手动给添加一块仅主机网络模式的网卡)

配置完成后可以看到原来的虚拟机基础上有两块网卡

bash 复制代码 
#修改主机名
[root@localhost ~]# hostnamectl hostname LVS
[root@localhost ~]# ip ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:08:bc:6c brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    inet 172.25.250.167/24 brd 172.25.250.255 scope global dynamic noprefixroute ens160
       valid_lft 1743sec preferred_lft 1743sec
    inet6 fe80::20c:29ff:fe08:bc6c/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:08:bc:76 brd ff:ff:ff:ff:ff:ff
    altname enp19s0
    inet 192.168.19.130/24 brd 192.168.19.255 scope global dynamic noprefixroute ens224
       valid_lft 1743sec preferred_lft 1743sec
    inet6 fe80::c5f9:dd5a:6666:23b1/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

#查看网络设备连接名称
[root@localhost ~]# nmcli c show
NAME                UUID                                  TYPE      DEVICE 
ens160              e5cd0010-7a84-3798-88d9-772e68c36b11  ethernet  ens160 
Wired connection 1  50433d92-0232-301a-993e-563538ddfd64  ethernet  ens224 
lo                  fe37a8d1-221a-4584-8fb9-0bde4c40ad9d  loopback  lo     

#修改网络设备连接名称
[root@localhost ~]# nmcli c modify  'Wired connection 1' connection.id ens224
[root@localhost ~]# nmcli c show
NAME    UUID                                  TYPE      DEVICE 
ens160  e5cd0010-7a84-3798-88d9-772e68c36b11  ethernet  ens160 
ens224  50433d92-0232-301a-993e-563538ddfd64  ethernet  ens224 
lo      fe37a8d1-221a-4584-8fb9-0bde4c40ad9d  loopback  lo  

#配置NAT模式网卡  
[root@localhost ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 172.25.250.8/24 ipv4.gateway 172.25.250.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@localhost ~]# nmcli c up ens160

#重新连接虚拟机,并挂载
[root@LVS ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.

#下载ipvsadm
[root@LVS ~]# dnf install ipvsadm -y
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register.

BaseOS                                                1.7 MB/s | 2.7 kB     00:00    
AppStream                                             2.8 MB/s | 3.2 kB     00:00    
Dependencies resolved.
======================================================================================
 Package             Architecture       Version                 Repository       Size
======================================================================================
Installing:
 ipvsadm             x86_64             1.31-6.el9              app              54 k

Transaction Summary
======================================================================================
Install  1 Package

Total size: 54 k
Installed size: 89 k
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                              1/1 
  Installing       : ipvsadm-1.31-6.el9.x86_64                                    1/1 
  Running scriptlet: ipvsadm-1.31-6.el9.x86_64                                    1/1 
  Verifying        : ipvsadm-1.31-6.el9.x86_64                                    1/1 
Installed products updated.

Installed:
  ipvsadm-1.31-6.el9.x86_64                                                           

Complete!

#配置仅主机模式网卡
[root@LVS ~]# nmcli c modify  ens224 ipv4.method manual ipv4.addresses 192.168.19.200/24 ipv4.gateway 192.168.19.2 connection.autoconnect yes
[root@LVS ~]# nmcli c up ens224
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)
[root@LVS ~]# ip ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:08:bc:6c brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    inet 172.25.250.8/24 brd 172.25.250.255 scope global noprefixroute ens160
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe08:bc6c/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:08:bc:76 brd ff:ff:ff:ff:ff:ff
    altname enp19s0
    inet 192.168.19.200/24 brd 192.168.19.255 scope global noprefixroute ens224
       valid_lft forever preferred_lft forever
    inet6 fe80::c5f9:dd5a:6666:23b1/64 scope link tentative noprefixroute 
       valid_lft forever preferred_lft forever
[root@LVS ~]#

配置客户端(修改网络模式为仅主机模式)

bash 复制代码 
#修改主机名
[root@localhost ~]# hostnamectl hostname client

#配置仅主机网卡
[root@localhost ~]# nmcli c modify ens160 ipv4.method  manual ipv4.addresses 192.168.19.100/24 ipv4.gateway 192.168.19.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@localhost ~]# nmcli c up ens160

[root@client ~]# nmcli d show ens160
GENERAL.DEVICE:                         ens160
GENERAL.TYPE:                           ethernet
GENERAL.HWADDR:                         00:0C:29:23:8B:26
GENERAL.MTU:                            1500
GENERAL.STATE:                          100 (connected)
GENERAL.CONNECTION:                     ens160
GENERAL.CON-PATH:                       /org/freedesktop/NetworkM>
WIRED-PROPERTIES.CARRIER:               on
IP4.ADDRESS[1]:                         192.168.19.100/24
IP4.GATEWAY:                            192.168.19.2
IP4.ROUTE[1]:                           dst = 192.168.19.0/24, nh>
IP4.ROUTE[2]:                           dst = 0.0.0.0/0, nh = 192>
IP4.DNS[1]:                             223.5.5.5
IP6.ADDRESS[1]:                         fe80::20c:29ff:fe23:8b26/>
IP6.GATEWAY:                            --
IP6.ROUTE[1]:                           dst = fe80::/64, nh = ::,>
[root@client ~]#

在LVS主机上启动ipvsadm服务(注意防火墙有没有关闭)

bash 复制代码 
#查看防火墙的状态,没有关闭就要把防火墙关掉
[root@LVS ~]# systemctl is-active firewalld
active

#关闭防火墙,所有设备都应该关闭防火墙
[root@LVS ~]# systemctl stop firewalld
[root@LVS ~]# setenforce 0
[root@LVS ~]# systemctl is-active firewalld
inactive

#启动ipvsadm服务
[root@LVS ~]# ipvsadm-save > /etc/sysconfig/ipvsadm
[root@LVS ~]# systemctl start ipvsadm

在客服端上查看能否访问

bash 复制代码 
[root@client ~]# curl 192.168.19.200
curl: (7) Failed to connect to 192.168.19.200 port 80: No route to host
#访问失败

访问失败:是因为我们没有做 LVS 规则匹配

bash 复制代码 
#配置一条规则
[root@LVS ~]# ipvsadm -A -t 192.168.19.200:80 -s rr

#为规则添加RS
[root@LVS ~]# ipvsadm -a -t 192.168.19.200:80 -r 172.25.250.9:80 -m -w 2
[root@LVS ~]# ipvsadm -a -t 192.168.19.200:80 -r 172.25.250.19:80 -m -w 2
[root@LVS ~]# ipvsadm -a -t 192.168.19.200:80 -r 172.25.250.29:80 -m -w 2

#查看规则
[root@LVS ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.19.200:80 rr
  -> 172.25.250.9:80              Masq    2      0          0         
  -> 172.25.250.19:80             Masq    2      0          0         
  -> 172.25.250.29:80             Masq    2      0          0         

#配置完成后,重启ipvsadm服务
[root@LVS ~]# systemctl restart ipvsadm

规则配置完成后,在用客户端测试,发现没有报错但也没有数据返回

bash 复制代码 
[root@client ~]# curl 192.168.19.200
^C

原因:没有配置内核转发参数net.ipv4.ip_forward=1

bash 复制代码 
在/etc/sysctl.conf文件中写入内核转发参数,也可以使用vim来编辑
[root@LVS ~]# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf 

#配置完成后,用以下命令来生效
[root@LVS ~]# sysctl -p
net.ipv4.ip_forward = 1

此时配置完成后,再去客户端测试

bash 复制代码 
[root@client ~]# curl 192.168.19.200
172.25.250.19
[root@client ~]# curl 192.168.19.200
172.25.250.9
[root@client ~]# curl 192.168.19.200
172.25.250.29
[root@client ~]# curl 192.168.19.200
172.25.250.19
[root@client ~]# curl 192.168.19.200
172.25.250.9
[root@client ~]# curl 192.168.19.200
172.25.250.29
[root@client ~]# curl 192.168.19.200
172.25.250.19
[root@client ~]# curl 192.168.19.200
172.25.250.9
[root@client ~]# curl 192.168.19.200
172.25.250.29
[root@client ~]# curl 192.168.19.200
172.25.250.19
[root@client ~]# curl 192.168.19.200
172.25.250.9

至此,LVS轮回访问三台RS搭建完成

总结:

1、LVS服务器需要有两块网卡,一块用于虚拟IP,便于用户访问;另一块作为后端真实主机的网关。

2、在配置规则时,需要通过 -m 参数来指定是 NAT 模式

3、需要在 LVS 服务器上配置ip转发内核参数

bash 复制代码 
vim /etc/sysctl.conf
net.ipv4.ip_forward=1
相关推荐
ZaaaaacK37 分钟前
守护进程编程
linux·运维·网络
萌萌哒草头将军1 小时前
注意!⚠️ 🔥 🚧 PostgreSQL 存在安全漏洞,请及时更新版本或者停用删除相关服务,防止中招!🚀🚀🚀
服务器·postgresql·xss
曼岛_1 小时前
[密码学基础]GMT 0029-2014签名验签服务器技术规范深度解析
运维·服务器·密码学·签名验签服务器
libolei2 小时前
ubuntu docker 创建镜像 报错 dial tcp xxxx read udp xxxx i/o timeout 还有 Forbidden
运维·docker·容器
小oo呆2 小时前
【自然语言处理与大模型】Linux环境下Ollama下载太慢了该怎么处理?
linux·服务器·人工智能
熹乐互动2 小时前
FileZilla“服务器发回了不可路由的地址,使用服务器地址代替
运维·服务器
爱吃涮毛肚的肥肥(暂时吃不了版)2 小时前
项目班——0408——qt的多线程开发
服务器·数据库·nginx
雨月琉琉2 小时前
jenkins尾随命令
运维·jenkins
我科绝伦(Huanhuan Zhou)2 小时前
网络设备基础运维全攻略:华为/思科核心操作与巡检指南
运维·服务器·网络
破刺不会编程2 小时前
关于进程状态
linux·服务器
热门推荐
01YOLOv8改进 | 细节创新篇 | iAFF迭代注意力特征融合助力多目标细节涨点02我决定放弃搞 Java 了03RAG 实践- Ollama+RagFlow 部署本地知识库04DeepSeek各版本说明与优缺点分析05Scipy||第三章 线性代数 (scipy.linalg)06本地化部署AI知识库:基于Ollama+DeepSeek+AnythingLLM保姆级教程07如何用 AI 工具做数据分析与可视化?08汽车上的各种质量:整备质量、总质量、装载质量、簧上质量、簧下质量09苍穹外卖面试总结10Linux下的网络管理