使用LVS的 NAT 模式实现 3 台RS的轮询访问

Z字小熊饼干爱吃保安2025-03-29 5:05

配置RS1:

bash 复制代码 
#修改主机名
[root@localhost ~]# hostnamectl hostname RS1

#修改网络
[root@localhost ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 172.25.250.9/24 ipv4.gateway 172.25.250.8 connection.autoconnect yes
[root@localhost ~]# nmcli c up ens160

#挂载并下载服务
[root@RS1 ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
[root@RS1 ~]# dnf install nginx -y
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register.

BaseOS                                                2.0 MB/s | 2.7 kB     00:00    
AppStream                                             2.2 MB/s | 3.2 kB     00:00    
Dependencies resolved.
======================================================================================
 Package                    Architecture   Version                  Repository   Size
======================================================================================
Installing:
 nginx                      x86_64         2:1.20.1-20.el9          app          40 k
Installing dependencies:
 nginx-core                 x86_64         2:1.20.1-20.el9          app         574 k
 nginx-filesystem           noarch         2:1.20.1-20.el9          app          11 k
 redhat-logos-httpd         noarch         90.4-2.el9               app          18 k

Transaction Summary
======================================================================================
Install  4 Packages

Total size: 643 k
Installed size: 1.8 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                              1/1 
  Running scriptlet: nginx-filesystem-2:1.20.1-20.el9.noarch                      1/4 
  Installing       : nginx-filesystem-2:1.20.1-20.el9.noarch                      1/4 
  Installing       : nginx-core-2:1.20.1-20.el9.x86_64                            2/4 
  Installing       : redhat-logos-httpd-90.4-2.el9.noarch                         3/4 
  Installing       : nginx-2:1.20.1-20.el9.x86_64                                 4/4 
  Running scriptlet: nginx-2:1.20.1-20.el9.x86_64                                 4/4 
  Verifying        : nginx-2:1.20.1-20.el9.x86_64                                 1/4 
  Verifying        : nginx-core-2:1.20.1-20.el9.x86_64                            2/4 
  Verifying        : nginx-filesystem-2:1.20.1-20.el9.noarch                      3/4 
  Verifying        : redhat-logos-httpd-90.4-2.el9.noarch                         4/4 
Installed products updated.

Installed:
  nginx-2:1.20.1-20.el9.x86_64                nginx-core-2:1.20.1-20.el9.x86_64       
  nginx-filesystem-2:1.20.1-20.el9.noarch     redhat-logos-httpd-90.4-2.el9.noarch    

Complete!

#配置nginx服务
[root@RS1 ~]# echo $(hostname -I) > /usr/share/nginx/html/index.html 

#重启nginx服务
[root@RS1 ~]# systemctl start nginx

#测试是否配置成功
[root@RS1 ~]# curl localhost
172.25.250.9

配置RS2:

bash 复制代码 
#修改主机名
[root@localhost ~]# hostnamectl hostname RS2

#修改网络
[root@localhost ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 172.25.250.19/24 ipv4.gateway 172.25.250.8 connection.autoconnect yes
[root@localhost ~]# nmcli c up ens160

#挂载并下载服务
[root@RS2 ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
[root@RS2 ~]# dnf install nginx -y
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register.

BaseOS                                                1.0 MB/s | 2.7 kB     00:00    
AppStream                                             3.0 MB/s | 3.2 kB     00:00    
Dependencies resolved.
======================================================================================
 Package                    Architecture   Version                  Repository   Size
======================================================================================
Installing:
 nginx                      x86_64         2:1.20.1-20.el9          app          40 k
Installing dependencies:
 nginx-core                 x86_64         2:1.20.1-20.el9          app         574 k
 nginx-filesystem           noarch         2:1.20.1-20.el9          app          11 k
 redhat-logos-httpd         noarch         90.4-2.el9               app          18 k

Transaction Summary
======================================================================================
Install  4 Packages

Total size: 643 k
Installed size: 1.8 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                              1/1 
  Running scriptlet: nginx-filesystem-2:1.20.1-20.el9.noarch                      1/4 
  Installing       : nginx-filesystem-2:1.20.1-20.el9.noarch                      1/4 
  Installing       : nginx-core-2:1.20.1-20.el9.x86_64                            2/4 
  Installing       : redhat-logos-httpd-90.4-2.el9.noarch                         3/4 
  Installing       : nginx-2:1.20.1-20.el9.x86_64                                 4/4 
  Running scriptlet: nginx-2:1.20.1-20.el9.x86_64                                 4/4 
  Verifying        : nginx-2:1.20.1-20.el9.x86_64                                 1/4 
  Verifying        : nginx-core-2:1.20.1-20.el9.x86_64                            2/4 
  Verifying        : nginx-filesystem-2:1.20.1-20.el9.noarch                      3/4 
  Verifying        : redhat-logos-httpd-90.4-2.el9.noarch                         4/4 
Installed products updated.

Installed:
  nginx-2:1.20.1-20.el9.x86_64                nginx-core-2:1.20.1-20.el9.x86_64       
  nginx-filesystem-2:1.20.1-20.el9.noarch     redhat-logos-httpd-90.4-2.el9.noarch    

Complete!

#配置nginx服务
[root@RS2 ~]# echo $(hostname -I) > /usr/share/nginx/html/index.html 

#重启nginx服务
[root@RS2 ~]# systemctl start nginx

#测试服务是否配置成功
[root@RS2 ~]# curl localhost
172.25.250.19

配置RS3:

bash 复制代码 
#修改主机名
[root@localhost ~]# hostnamectl hostname RS3

#修改网络
[root@localhost ~]# nmcli c modify ens160 ipv4.method manual  ipv4.addresses 172.25.250.29/24 ipv4.gateway 172.25.250.8 connection.autoconnect yes
[root@localhost ~]# nmcli c up ens160

#挂载并下载服务
[root@RS3 ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.
[root@RS3 ~]# dnf install nginx -y
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register.

BaseOS                                                2.1 MB/s | 2.7 kB     00:00    
AppStream                                             2.9 MB/s | 3.2 kB     00:00    
Dependencies resolved.
======================================================================================
 Package                    Architecture   Version                  Repository   Size
======================================================================================
Installing:
 nginx                      x86_64         2:1.20.1-20.el9          app          40 k
Installing dependencies:
 nginx-core                 x86_64         2:1.20.1-20.el9          app         574 k
 nginx-filesystem           noarch         2:1.20.1-20.el9          app          11 k
 redhat-logos-httpd         noarch         90.4-2.el9               app          18 k

Transaction Summary
======================================================================================
Install  4 Packages

Total size: 643 k
Installed size: 1.8 M
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                              1/1 
  Running scriptlet: nginx-filesystem-2:1.20.1-20.el9.noarch                      1/4 
  Installing       : nginx-filesystem-2:1.20.1-20.el9.noarch                      1/4 
  Installing       : nginx-core-2:1.20.1-20.el9.x86_64                            2/4 
  Installing       : redhat-logos-httpd-90.4-2.el9.noarch                         3/4 
  Installing       : nginx-2:1.20.1-20.el9.x86_64                                 4/4 
  Running scriptlet: nginx-2:1.20.1-20.el9.x86_64                                 4/4 
  Verifying        : nginx-2:1.20.1-20.el9.x86_64                                 1/4 
  Verifying        : nginx-core-2:1.20.1-20.el9.x86_64                            2/4 
  Verifying        : nginx-filesystem-2:1.20.1-20.el9.noarch                      3/4 
  Verifying        : redhat-logos-httpd-90.4-2.el9.noarch                         4/4 
Installed products updated.

Installed:
  nginx-2:1.20.1-20.el9.x86_64                nginx-core-2:1.20.1-20.el9.x86_64       
  nginx-filesystem-2:1.20.1-20.el9.noarch     redhat-logos-httpd-90.4-2.el9.noarch    

Complete!

#配置nginx服务
[root@RS3 ~]# echo $(hostname -I) > /usr/share/nginx/html/index.html 

#重启服务
[root@RS3 ~]# systemctl start nginx

#测试服务是否配置完成
[root@RS3 ~]# curl localhost
172.25.250.29

配置LVS(作为lvs服务器它有两块网卡 ,但原本的只有一块,我们手动给添加一块仅主机网络模式的网卡)

配置完成后可以看到原来的虚拟机基础上有两块网卡

bash 复制代码 
#修改主机名
[root@localhost ~]# hostnamectl hostname LVS
[root@localhost ~]# ip ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:08:bc:6c brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    inet 172.25.250.167/24 brd 172.25.250.255 scope global dynamic noprefixroute ens160
       valid_lft 1743sec preferred_lft 1743sec
    inet6 fe80::20c:29ff:fe08:bc6c/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:08:bc:76 brd ff:ff:ff:ff:ff:ff
    altname enp19s0
    inet 192.168.19.130/24 brd 192.168.19.255 scope global dynamic noprefixroute ens224
       valid_lft 1743sec preferred_lft 1743sec
    inet6 fe80::c5f9:dd5a:6666:23b1/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

#查看网络设备连接名称
[root@localhost ~]# nmcli c show
NAME                UUID                                  TYPE      DEVICE 
ens160              e5cd0010-7a84-3798-88d9-772e68c36b11  ethernet  ens160 
Wired connection 1  50433d92-0232-301a-993e-563538ddfd64  ethernet  ens224 
lo                  fe37a8d1-221a-4584-8fb9-0bde4c40ad9d  loopback  lo     

#修改网络设备连接名称
[root@localhost ~]# nmcli c modify  'Wired connection 1' connection.id ens224
[root@localhost ~]# nmcli c show
NAME    UUID                                  TYPE      DEVICE 
ens160  e5cd0010-7a84-3798-88d9-772e68c36b11  ethernet  ens160 
ens224  50433d92-0232-301a-993e-563538ddfd64  ethernet  ens224 
lo      fe37a8d1-221a-4584-8fb9-0bde4c40ad9d  loopback  lo  

#配置NAT模式网卡  
[root@localhost ~]# nmcli c modify ens160 ipv4.method manual ipv4.addresses 172.25.250.8/24 ipv4.gateway 172.25.250.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@localhost ~]# nmcli c up ens160

#重新连接虚拟机,并挂载
[root@LVS ~]# mount /dev/sr0 /mnt
mount: /mnt: WARNING: source write-protected, mounted read-only.

#下载ipvsadm
[root@LVS ~]# dnf install ipvsadm -y
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use "rhc" or "subscription-manager" to register.

BaseOS                                                1.7 MB/s | 2.7 kB     00:00    
AppStream                                             2.8 MB/s | 3.2 kB     00:00    
Dependencies resolved.
======================================================================================
 Package             Architecture       Version                 Repository       Size
======================================================================================
Installing:
 ipvsadm             x86_64             1.31-6.el9              app              54 k

Transaction Summary
======================================================================================
Install  1 Package

Total size: 54 k
Installed size: 89 k
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                              1/1 
  Installing       : ipvsadm-1.31-6.el9.x86_64                                    1/1 
  Running scriptlet: ipvsadm-1.31-6.el9.x86_64                                    1/1 
  Verifying        : ipvsadm-1.31-6.el9.x86_64                                    1/1 
Installed products updated.

Installed:
  ipvsadm-1.31-6.el9.x86_64                                                           

Complete!

#配置仅主机模式网卡
[root@LVS ~]# nmcli c modify  ens224 ipv4.method manual ipv4.addresses 192.168.19.200/24 ipv4.gateway 192.168.19.2 connection.autoconnect yes
[root@LVS ~]# nmcli c up ens224
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/5)
[root@LVS ~]# ip ad
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens160: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:08:bc:6c brd ff:ff:ff:ff:ff:ff
    altname enp3s0
    inet 172.25.250.8/24 brd 172.25.250.255 scope global noprefixroute ens160
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fe08:bc6c/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever
3: ens224: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether 00:0c:29:08:bc:76 brd ff:ff:ff:ff:ff:ff
    altname enp19s0
    inet 192.168.19.200/24 brd 192.168.19.255 scope global noprefixroute ens224
       valid_lft forever preferred_lft forever
    inet6 fe80::c5f9:dd5a:6666:23b1/64 scope link tentative noprefixroute 
       valid_lft forever preferred_lft forever
[root@LVS ~]#

配置客户端(修改网络模式为仅主机模式)

bash 复制代码 
#修改主机名
[root@localhost ~]# hostnamectl hostname client

#配置仅主机网卡
[root@localhost ~]# nmcli c modify ens160 ipv4.method  manual ipv4.addresses 192.168.19.100/24 ipv4.gateway 192.168.19.2 ipv4.dns 223.5.5.5 connection.autoconnect yes
[root@localhost ~]# nmcli c up ens160

[root@client ~]# nmcli d show ens160
GENERAL.DEVICE:                         ens160
GENERAL.TYPE:                           ethernet
GENERAL.HWADDR:                         00:0C:29:23:8B:26
GENERAL.MTU:                            1500
GENERAL.STATE:                          100 (connected)
GENERAL.CONNECTION:                     ens160
GENERAL.CON-PATH:                       /org/freedesktop/NetworkM>
WIRED-PROPERTIES.CARRIER:               on
IP4.ADDRESS[1]:                         192.168.19.100/24
IP4.GATEWAY:                            192.168.19.2
IP4.ROUTE[1]:                           dst = 192.168.19.0/24, nh>
IP4.ROUTE[2]:                           dst = 0.0.0.0/0, nh = 192>
IP4.DNS[1]:                             223.5.5.5
IP6.ADDRESS[1]:                         fe80::20c:29ff:fe23:8b26/>
IP6.GATEWAY:                            --
IP6.ROUTE[1]:                           dst = fe80::/64, nh = ::,>
[root@client ~]#

在LVS主机上启动ipvsadm服务(注意防火墙有没有关闭)

bash 复制代码 
#查看防火墙的状态,没有关闭就要把防火墙关掉
[root@LVS ~]# systemctl is-active firewalld
active

#关闭防火墙,所有设备都应该关闭防火墙
[root@LVS ~]# systemctl stop firewalld
[root@LVS ~]# setenforce 0
[root@LVS ~]# systemctl is-active firewalld
inactive

#启动ipvsadm服务
[root@LVS ~]# ipvsadm-save > /etc/sysconfig/ipvsadm
[root@LVS ~]# systemctl start ipvsadm

在客服端上查看能否访问

bash 复制代码 
[root@client ~]# curl 192.168.19.200
curl: (7) Failed to connect to 192.168.19.200 port 80: No route to host
#访问失败

访问失败:是因为我们没有做 LVS 规则匹配

bash 复制代码 
#配置一条规则
[root@LVS ~]# ipvsadm -A -t 192.168.19.200:80 -s rr

#为规则添加RS
[root@LVS ~]# ipvsadm -a -t 192.168.19.200:80 -r 172.25.250.9:80 -m -w 2
[root@LVS ~]# ipvsadm -a -t 192.168.19.200:80 -r 172.25.250.19:80 -m -w 2
[root@LVS ~]# ipvsadm -a -t 192.168.19.200:80 -r 172.25.250.29:80 -m -w 2

#查看规则
[root@LVS ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.19.200:80 rr
  -> 172.25.250.9:80              Masq    2      0          0         
  -> 172.25.250.19:80             Masq    2      0          0         
  -> 172.25.250.29:80             Masq    2      0          0         

#配置完成后,重启ipvsadm服务
[root@LVS ~]# systemctl restart ipvsadm

规则配置完成后,在用客户端测试,发现没有报错但也没有数据返回

bash 复制代码 
[root@client ~]# curl 192.168.19.200
^C

原因:没有配置内核转发参数net.ipv4.ip_forward=1

bash 复制代码 
在/etc/sysctl.conf文件中写入内核转发参数,也可以使用vim来编辑
[root@LVS ~]# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf 

#配置完成后,用以下命令来生效
[root@LVS ~]# sysctl -p
net.ipv4.ip_forward = 1

此时配置完成后,再去客户端测试

bash 复制代码 
[root@client ~]# curl 192.168.19.200
172.25.250.19
[root@client ~]# curl 192.168.19.200
172.25.250.9
[root@client ~]# curl 192.168.19.200
172.25.250.29
[root@client ~]# curl 192.168.19.200
172.25.250.19
[root@client ~]# curl 192.168.19.200
172.25.250.9
[root@client ~]# curl 192.168.19.200
172.25.250.29
[root@client ~]# curl 192.168.19.200
172.25.250.19
[root@client ~]# curl 192.168.19.200
172.25.250.9
[root@client ~]# curl 192.168.19.200
172.25.250.29
[root@client ~]# curl 192.168.19.200
172.25.250.19
[root@client ~]# curl 192.168.19.200
172.25.250.9

至此,LVS轮回访问三台RS搭建完成

总结:

1、LVS服务器需要有两块网卡,一块用于虚拟IP,便于用户访问;另一块作为后端真实主机的网关。

2、在配置规则时,需要通过 -m 参数来指定是 NAT 模式

3、需要在 LVS 服务器上配置ip转发内核参数

bash 复制代码 
vim /etc/sysctl.conf
net.ipv4.ip_forward=1
相关推荐
Wnq1007211 分钟前
DEEPSEEK创业项目推荐:
运维·计算机视觉·智能硬件·ai创业·deepseek
weixin_4284984914 分钟前
Linux系统perf命令使用介绍,如何用此命令进行程序热点诊断和性能优化
linux·运维·性能优化
盛满暮色 风止何安1 小时前
VLAN的高级特性
运维·服务器·开发语言·网络·网络协议·网络安全·php
lemon3106242 小时前
dockerfile制作镜像
linux·运维·服务器·学习
AI享网无代码创作2 小时前
WP Mail 邮件发送:WordPress Mail SMTP设置
运维·服务器·网络
就改了2 小时前
Java进阶——Lombok的使用
java·服务器·前端
陈阳羽3 小时前
云服务器Ubuntu安装宝塔面板MongoDB修改配置文件本地连接
服务器·mongodb·ubuntu
无名之逆4 小时前
hyperlane:Rust HTTP 服务器开发的不二之选
服务器·开发语言·前端·后端·安全·http·rust
Kendra9194 小时前
Keepalive+LVS+Nginx+NFS高可用架构
nginx·架构·lvs
苏十八4 小时前
计算机网络相关知识小结
服务器·网络·计算机网络
热门推荐
01uniApp使用XR-Frame创建3D场景(3)光源投影的运用。02RAG 实践- Ollama+RagFlow 部署本地知识库03DeepSeek各版本说明与优缺点分析04【笔记】MJ Prompt05本地化部署AI知识库:基于Ollama+DeepSeek+AnythingLLM保姆级教程06从零安装 LLaMA-Factory 微调 Qwen 大模型成功及所有的坑07【通信中间件】Fdbus HelloWorld实例08苍穹外卖面试总结09如何在WPS和Word/Excel中直接使用DeepSeek功能10PyTorch量化技术教程:第四章 PyTorch在量化交易中的应用