架构图
首先准备三台主机:
第一台主机:IP(仅主机) 192.168.0.10
第二台主机:IP (仅主机)192.168.0.100
IP (nat) 172.25.254.100
第三台主机:IP(nat)172.25.254.200
注意前两台主机是rhel9的,第三台是rhel7的
第一台主机进行IP网络配置
仅主机设置IP192.168.0.0网段
[root@localhost ~]# vim /etc/NetworkManager/system-connections/
[connection]
id=ens160
uuid=a0c85c17-b95a-313f-bbb3-f621c8c9c47d
type=ethernet
autoconnect-priority=-999
interface-name=ens160
timestamp=1751975550
[ethernet]
[ipv4]
method=manual
address1=192.168.0.10/24 #仅主机IP
[ipv6]
addr-gen-mode=eui64
method=auto
[proxy]
[root@localhost ~]# nmcli connection show
NAME UUID TYPE DEVICE
ens160 a0c85c17-b95a-313f-bbb3-f621c8c9c47d ethernet ens160
lo f4b1d5fe-5aec-4eba-973a-e500a3c5bb4f loopback lo
[root@localhost ~]# nmcli connection up ens160通过ip a 查看
第二台主机进行IP网络配置(两个网卡)
[root@rh9-node1 ~]# cd /etc/NetworkManager/system-connections/
[root@rh9-node1 system-connections]# ls
ens160.nmconnection
[root@rh9-node1 system-connections]# cp -p ens160.nmconnection eth1.nmconnection
[root@rh9-node1 system-connections]# ls
ens160.nmconnection eth1.nmconnection
[root@rh9-node1 system-connections]# vim eth1.nmconnection
[connection]
id=eth1
type=ethernet
interface-name=eth1
[ipv4]
method=manual
address1=192.168.0.100/24
[root@rh9-node1 system-connections]# nmcli connection reload
[root@rh9-node1 system-connections]# nmcli connection show
NAME UUID TYPE DEVICE
eth0 d2975348-e208-38df-9b76-2314670fb475 ethernet eth0
eth1 5eb4da26-5d1d-30a5-8747-80181ed055fa ethernet eth1
lo b9426d7a-6ecf-4d6d-a26c-bc91cae49d80 loopback lo
[root@rh9-node1 system-connections]# nmcli connection up eth1
连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/5)网卡名是eth1是仅主机模式 (没有网关以及DNS)
[connection]
id=eth1
type=ethernet
interface-name=eth1
[ipv4]
method=manual
address1=192.168.0.100/24网卡名为eth0是nat模式(已经有了,就不写过程了,过程相似)
[connection]
id=eth0
uuid=d2975348-e208-38df-9b76-2314670fb475
type=ethernet
interface-name=eth0
[ethernet]
[ipv4]
address1=172.25.254.100/24,172.25.254.2
dns=8.8.8.8;
method=manual 通过ip a 查看
第三台主机进行IP网络配置(这是rhel7)
[root@rh7-node1 ~]# cd /etc/sysconfig/network-scripts/
[root@rh7-node1 network-scripts]# vim ifcfg-ens33
DEVICE=ens33
NAME=lee
BOOTPROTO=none
IPADDR0=172.25.254.200
NETMASK0=255.255.255.0
GATEWAY0=172.25.254.2
DNS1=8.8.8.8
ONBOOT=yes
[root@rh7-node1 network-scripts]# nmcli connection show
NAME UUID TYPE DEVICE
lee c96bc909-188e-ec64-3a96-6a90982b08ad ethernet ens33
[root@rh7-node1 network-scripts]# nmcli connection up lee通过ip a 查看
三台主机IP配置完成!
模拟不同网络区域通信
如果想从第一台主机访问第三台主机通过以下操作
在第二台主机上检查仅主机网卡与nat网卡是否通信
1.设置内核路由功能,使同一个系统中的所有网卡都可以互相通信
[root@rh9-node1 ~]# sysctl -a | grep "ip_forward"
net.ipv4.ip_forward = 0 #这是关闭的
net.ipv4.ip_forward_update_priority = 1
net.ipv4.ip_forward_use_pmtu = 0
[root@rh9-node1 ~]# vim /etc/sysctl.conf
net.ipv4.ip_forward = 1 #把0改成1就生效了
[root@rh9-node1 ~]# sysctl -p
net.ipv4.ip_forward = 1
2.编写火墙规则
出去时做地址转换
[root@rh9-node1 ~]# iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 172.25.254.100
[root@rh9-node1 ~]# iptables -t nat -nL
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 0.0.0.0/0 0.0.0.0/0 to:172.25.254.100
[root@rh9-node1 ~]# 
3.第一台主机进行增加网关
在仅主机模式网卡的主机中设定网关为双网卡主机的仅主机模式网卡的ip
[root@localhost ~]# vim /etc/NetworkManager/system-connections/
[connection]
id=ens160
uuid=a0c85c17-b95a-313f-bbb3-f621c8c9c47d
type=ethernet
autoconnect-priority=-999
interface-name=ens160
timestamp=1751975550
[ethernet]
[ipv4]
method=manual
address1=192.168.0.10/24,192.168.0.100 #添加网关
[ipv6]
addr-gen-mode=eui64
method=auto
[proxy]
[root@localhost ~]# nmcli connection reload
[root@localhost ~]# nmcli connection up ens160
连接已成功激活(D-Bus 活动路径:/org/freedesktop/NetworkManager/ActiveConnection/4)
[root@localhost ~]# 
4.测试
