实验试图如下:
实验步骤如下:
# 网络综合实验
1、设置内核路由功能,使同一个系统中的所有网卡都能互相通信
[root@node2 ~]# sysctl -a | grep ip_forward #查看路由功能是否开启 net.ipv4.ip_forward = 0 net.ipv4.ip_forward_update_priority = 1 net.ipv4.ip_forward_use_pmtu = 0 [root@node2 ~]# vim /etc/sysctl.conf #添加 net.ipv4.ip_forward = 1 [root@node2 ~]# sysctl -p #生效 net.ipv4.ip_forward = 12、编写防火墙规则
[root@node2 ~]# iptables -t nat -A POSTROUTING -o ens160 -j SNAT --to-source 172.25.254.100 [root@node2 ~]# iptables -t nat -nL Chain PREROUTING (policy ACCEPT) target prot opt source destination Chain INPUT (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination Chain POSTROUTING (policy ACCEPT) target prot opt source destination SNAT all -- 0.0.0.0/0 0.0.0.0/0 to:172.25.254.100
3、添加192.168.0.10的网关(172.25.254.100)
[root@node1 system-connections]# vim ens160.nmconnection address=192.168.0.10/24,172.25.254.100
3、测试
1)192.168.0.10 ping 172.25.254.200 2)172.25.254.200 ping 192.168.0.10
