一.环境
1.一台linux系统(RHEL5.3)的PC机;
2.三块网卡(至少三块,网卡多可以分不同的vlan,这里就用3块);
3.两根接入网(我这边是一根联通的ADSL,一根铁通的光纤),分别连接路由器,能直连
计算机上网;
4.三块网卡分别为eth0,eth1,eth2;eth0的IP为192.168.2.254,接192.168.2.1;eth2的IP为
172.16.1.2,接光纤网关172.16.1.1;eth1为内部网关,IP为10.10.20.1
4.联通ADSL内部网关为192.168.2.1,铁通光纤内部网关为172.16.1.1。
二.根据要求连接网线
三.配置网卡(只给eth0配置网关,其他两个网卡只有IP)
# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
BOOTPROTO=static
ONBOOT=yes
HWADDR=00:0c:29:0b:17:bd
GATEWAY=192.168.2.1
IPADDR=192.168.2.254
NETMASK=255.255.255.0
# cat /etc/sysconfig/network-scripts/ifcfg-eth2
DEVICE=eth2
BOOTPROTO=static
ONBOOT=yes
HWADDR=00:0c:29:0b:17:d1
IPADDR=172.16.1.2
NETMASK=255.255.255.0
# cat /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
BOOTPROTO=static
ONBOOT=yes
HWADDR=00:0c:29:0b:17:c7
IPADDR=10.10.20.1
NETMASK=255.255.255.0
配置完网卡后重启网络
# /etc/init.d/network resatrt
查看路由表
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
10.10.20.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
172.16.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth2
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth0
有一条是169.254.0.0/24的路由不用管,是网卡自带的,也可以删了。
此时测试网络的连通性,在这台linux路由上应该是可以上网的,走192.168.2.1网关。
三.添加静态路由,达到双线接入,按目的地址走不同的网关的目的。
1.命令添加
# route add -net 59.151.100.0 netmask 255.255.255.0 dev eth2
# route add -host 219.232.254.162 gw 172.16.1.1
第一条添加通往网段的静态路由
第二条添加通往主机的静态路由
2.配置文件添加
写入配置文件,linux静态路由的配置文件默认是不存的,要创建这个文件static-routes,位置在/etc/sysconfig/static-routes,写入配置文件后,开机自动加载。格式为:
any|内部主机地址 net|host 目的IP|目的网段 [netmask] gw 网关IP
[
root@localhost ~]# cat /etc/sysconfig/static-routes
any net 59.151.100.0 netmask 255.255.255.0 gw 172.16.1.1
any host 219.232.254.162 gw 172.16.1.1
3.再查看路由表:
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
219.232.254.162 172.16.1.1 255.255.255.255 UGH 0 0 0 eth2
10.10.20.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
192.168.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
172.16.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2
59.151.100.0 172.16.1.1 255.255.255.0 UG 0 0 0 eth2
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth2
0.0.0.0 192.168.2.1 0.0.0.0 UG 0 0 0 eth0
发现多了两条路由,一个主机路由,一个网段路由
4.在这台linux路由上测试:
先测试连接59.151.100.0/24网段的一台机器,发现走的是光纤网关。
[root@localhost ~]# tracert 59.151.100.210
traceroute to 59.151.100.210 (59.151.100.210), 30 hops max, 40 byte packets
1 localhost (172.16.1.1) 2.531 ms 2.197 ms 2.164 ms
2 localhost (192.168.2.252) 3.526 ms 3.497 ms 3.099 ms
3 localhost (10.60.32.254) 6.996 ms 7.016 ms 7.357 ms
4 localhost (10.0.30.9) 6.448 ms 6.171 ms 6.142 ms
5 localhost (10.0.30.34) 6.496 ms 6.502 ms 6.492 ms
6 localhost (172.16.0.254) 6.018 ms 1.881 ms 3.086 ms
7 localhost (192.168.1.13) 2.913 ms 4.565 ms 4.006 ms
8 218.240.255.10 (218.240.255.10) 2.600 ms 2.517 ms 3.047 ms
9 218.240.255.241 (218.240.255.241) 2.105 ms 2.974 ms 2.652 ms
10 218.240.255.26 (218.240.255.26) 4.926 ms 5.082 ms 4.586 ms
11 219.232.59.1 (219.232.59.1) 4.097 ms 3.225 ms 2.919 ms
12 59.108.1.102 (59.108.1.102) 3.628 ms * *
13 59.108.1.90 (59.108.1.90) 4.589 ms * *
14 * * *
15 * * *
16 * * *
17 * 59.151.96.66 (59.151.96.66) 3.852 ms 5.057 ms
18 59.151.100.210 (59.151.100.210) 6.729 ms 6.731 ms 6.049 ms
测试连接219.232.254.162主机,发现走的也是光纤网关。
traceroute to 219.232.254.162 (219.232.254.162), 30 hops max, 40 byte packets
1 localhost (172.16.1.1) 1.980 ms 1.469 ms 1.926 ms
2 localhost (192.168.2.252) 5.869 ms 5.841 ms 5.812 ms
3 localhost (10.60.32.254) 5.918 ms 5.913 ms 5.924 ms
4 localhost (10.0.30.9) 5.686 ms 5.792 ms 5.387 ms
5 localhost (10.0.30.34) 6.322 ms 6.406 ms 6.223 ms
6 localhost (172.16.0.254) 5.669 ms 3.413 ms 3.287 ms
7 localhost (192.168.1.13) 2.791 ms 5.075 ms 5.023 ms
8 218.240.255.10 (218.240.255.10) 2.984 ms 3.417 ms 3.188 ms
9 218.240.255.241 (218.240.255.241) 3.097 ms 2.916 ms 4.389 ms
10 218.240.255.26 (218.240.255.26) 3.922 ms 4.137 ms 3.616 ms
11 219.232.59.1 (219.232.59.1) 2.870 ms 3.733 ms 3.167 ms
12 59.108.2.1 (59.108.2.1) 6.004 ms 3.801 ms 4.136 ms
13 59.108.1.33 (59.108.1.33) 5.308 ms 6.610 ms 7.619 ms
14 61.51.26.233 (61.51.26.233) 2.846 ms 4.393 ms 4.551 ms
15 211.154.208.189 (211.154.208.189) 4.015 ms 4.671 ms 3.869 ms
16 124.65.58.129 (124.65.58.129) 3.639 ms 4.204 ms 4.020 ms
17 61.148.156.221 (61.148.156.221) 4.437 ms 6.424 ms 4.802 ms
18 61.148.143.22 (61.148.143.22) 3.644 ms 5.328 ms 4.989 ms
19 202.96.8.242 (202.96.8.242) 6.387 ms 3.118 ms 3.102 ms
20 210.74.178.206 (210.74.178.206) 3.464 ms 3.643 ms 3.948 ms
21 * * *
22 124.238.226.70 (124.238.226.70) 8.913 ms 8.960 ms 9.608 ms
23 124.238.226.38 (124.238.226.38) 18.139 ms 22.649 ms 18.481 ms
24 124.238.225.142 (124.238.225.142) 10.596 ms 15.792 ms *
25 (219.232.254.162) 8.709 ms 8.678 ms 8.230 ms
再测试其他公网的一个网络,发现走的是ADSL
[root@localhost ~]# tracert
traceroute to (61.135.167.36), 30 hops max, 40 byte packets
1 localhost (192.168.2.1) 4.677 ms 5.108 ms 6.052 ms
2 125.34.48.1 (125.34.48.1) 27.930 ms 28.141 ms 29.223 ms
3 61.148.16.105 (61.148.16.105) 17.638 ms 18.765 ms 21.330 ms
4 61.148.4.101 (61.148.4.101) 22.597 ms 23.585 ms 24.703 ms
5 bt-228-069.bta.net.cn (202.106.228.69) 28.633 ms 30.101 ms *
6 * 61.148.155.226 (61.148.155.226) 12.302 ms 14.001 ms
7 202.106.43.18 (202.106.43.18) 14.700 ms 16.148 ms 17.596 ms
8 61.135.167.36 (61.135.167.36) 18.788 ms 20.160 ms 22.228 ms
四.添加iptable规则,让内网机器也能按不同目的地址走不同网关,从面达到最终目的。
1.把内网的机器IP设置成10.10.20.0/24网段,网关为10.10.20.1,并连接网络,发现连接不了,因为没有到达外网的路由。
2.添加iptables规则,做IP伪装。
# cat iptables_squid.sh
#!/bin/bash
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -F
iptables -t nat -F
iptables -t nat -A POSTROUTING -s 10.10.20.0/24 -o eth0 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 10.10.20.0/24 -o eth2 -j MASQUERADE
# eth0,eth2为两个外网接口,为出口
五.添加完成之后在内网机器上再测试
C:\Documents and Settings\Administrator>ipconfig
Windows IP Configuration
Ethernet adapter 本地连接:
Connection-specific DNS Suffix . :
IP Address. . . . . . . . . . . . : 10.10.20.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.10.20.1
C:\Documents and Settings\Administrator>tracert 59.151.100.21
Tracing route to 59.151.100.210 over a maximum of 30 hops
1 1 ms <1 ms <1 ms localhost [10.10.20.1]
2 1 ms 1 ms <1 ms localhost [172.16.1.1]
3 1 ms <1 ms <1 ms localhost [192.168.2.252]
4 1 ms <1 ms 1 ms localhost [10.60.32.254]
5 2 ms 1 ms 1 ms localhost [10.0.30.9]
6 1 ms <1 ms <1 ms localhost [10.0.30.34]
7 <1 ms <1 ms <1 ms localhost [172.16.0.254]
8 1 ms 1 ms 1 ms localhost [192.168.1.13]
9 1 ms 1 ms 1 ms 218.240.255.10
10 1 ms 1 ms 1 ms 218.240.255.241
11 1 ms 1 ms 1 ms 218.240.255.26
12 1 ms 1 ms 1 ms 219.232.59.1
13 4 ms 2 ms 3 ms 59.108.1.102
14 2 ms 2 ms 2 ms 59.108.1.90
15 2 ms 2 ms 1 ms 211.151.224.154
16 2 ms 3 ms 1 ms 211.151.227.218
17 2 ms 2 ms 2 ms 211.151.227.46
18 3 ms 2 ms 3 ms 59.151.96.66
19 2 ms 3 ms 2 ms 59.151.100.210
Trace complete.
与在linux路由上相比,增加了一跳,共19跳,并且出口网关为172.16.1.1,正确!
C:\Documents and Settings\Administrator>tracert
Tracing route to [61.135.167.36]
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms localhost [10.10.20.1]
2 2 ms 1 ms <1 ms localhost [192.168.2.1]
3 66 ms 36 ms 30 ms 125.34.48.1
4 20 ms 18 ms 18 ms 61.148.16.105
5 21 ms 28 ms 18 ms 61.148.4.101
6 18 ms 19 ms 19 ms bt-228-069.bta.net.cn [202.106.228.69]
7 26 ms 42 ms 21 ms 61.148.155.226
8 22 ms 19 ms 19 ms 202.106.43.18
9 24 ms 20 ms 33 ms 61.135.167.36
Trace complete.
与在linux路由上相比,增加了一跳,共9跳,并且出口网关为192.168.2.1,正确!
六.可以根据自己的需求再添加静态路由!
