Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

How to configure Linux dual network card

2025-01-18 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/01 Report--

This article introduces the relevant knowledge of "how to configure Linux dual network cards". In the operation of actual cases, many people will encounter such a dilemma, so let the editor lead you to learn how to deal with these situations. I hope you can read it carefully and be able to achieve something!

Configure dual network card network interfaces eth0 and eth2, configure NAT (network address translation) on the server, and configure static NAT redirection packets between the public network ip and the private ip address of the intranet, so that the server becomes a transparent gateway so that intranet computers can access the external Internet without barriers.

Keywords: Redhat Linux;DNS (Domain name Resolution Server); NAT (Network address Translation); iptables rules

Steps:

Step1 configures the interface addresses of two network cards

Set the IP address and subnet mask of the first Nic eth0:

# ifconfig eth0 202.38.75.7 netmask 255.255.255.0 up

Modify the / etc/sysconfig/network-scripts/ifcfg-eth0 file as follows:

DEVICE=eth0

BOOTPROTO=none

BROADCAST=202.38.75.255

IPADDR=202.38.75.7

NETMASK=255.255.255.0

NETWORK=202.38.75.0

ONBOOT=yes

USERCTL=no

PEERDNS=no

TYPE=Ethernet

GATEWAY=202.38.75.254

Set the IP address and subnet mask of the second Nic eth2:

# ifconfig eth0 192.18.75.209 netmask 255.255.255.0 up

Modify the / etc/sysconfig/network-scripts/ifcfg-eth0 file as follows:

DEVICE=eth2

BOOTPROTO=none

BROADCAST=192.168.75.223

IPADDR=192.168.75.209

NETMASK=255.255.255.240

NETWORK=192.168.75.0

ONBOOT=yes

USERCTL=no

PEERDNS=no

TYPE=Ethernet

Step2 sets up the routing table using the route command

Set the routing table of the first Nic eth0:

# route add-net 202.38.75.0 netmask 255.255.255.0 dev eth0

Set the routing table of the second Nic eth2:

# route add-net 192.168.75.0 netmask 255.255.255.0 dev eth2

Use the route command to observe the routing:

# route

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

202.38.75.0 * 255.255.255.0 U 000 eth0

192.168.75.0 * 255.255.255.0 U 000 eth2

127.0.0.0 * 255.0.0.0 U 000 lo

Step3 configure DNS (Domain Name Sever Domain name Resolution Server) server address

Configure the DNS server used by the host: edit the / etc/resolv.conf file, which reads: nameserver 202.38.64.1, which specifies the address of the DNS server. You can write up to three addresses as a candidate DNS server in the event of the previous failure.

# vi / etc/resolv.conf

Nameserver 202.38.64.1

Step4 restart and test the network service

After completing the network configuration, restart the network service with the following command:

# service network restart

Shutting down interface eth0: [OK]

After shutting down the interface eth2: [OK]

Close the loopback interface: [OK]

Disable IPv4 packet forwarding: [OK]

Set network parameters: [OK]

Eject loopback interface: [OK]

Pop-up interface eth0: [OK]

Pop-up interface eth2: [OK]

Test the network interface between the private network machine and the server eth2:

Ping server on the intranet machine:

# ping 192.168.75.209

If ping is available, there is nothing wrong with the eth2 network interface.

Test server external network interface eth0:

Ping the external network on the server, such as the DNS server ip address:

# ping 202.38.64.1 (DNS server of HKUST)

If ping is available, there is nothing wrong with the eth0 network interface and DNS server settings.

Step5 configures NAT on the server

Using NAT, you can translate the source address (SNAT) or destination address (DNAT) of a packet.

DNAT operation is mainly used in a situation where you have a legal IP address and you want to redirect access to the firewall to another machine. That is, we are changing the destination address so that the packet can be rerouted to a host.

SNAT changes the source address of the packet, which can hide your local network to a great extent. A good example is that we know the external address of the firewall, but we must replace the local network address with this address. With this operation, the firewall can automatically SNAT and De-SNAT the package (that is, reverse SNAT) so that the LAN can connect to the Internet. If you use an address like 192.168.0. Bind 24, you won't get any response from Internet. Because IANA defines these networks (among others) as private, they can only be used within LAN.

Our situation here belongs to the application of SNAT. Because the internal network uses a private ip such as 192.168.75.0 ip 24, it is impossible to access the external Internet network ip by using this type of ip address directly (for example, 202.38.75.7). By adding iptables routing rules, the packets from the internal LAN machine can be redirected and the source address will be changed to the server ip address, so that the intranet machine can access the external network smoothly. From this point of view, after providing NAT services, the server is like a transparent gateway, which makes the internal and external network machines accessible.

The setting method is as follows:

Create a natstat script file under the / etc path:

# vi / etc/natstat

The content is set to:

#! / bin/bash

# check whether the required module is working properly

Echo 1 > / proc/sys/net/ipv4/ip_forward

/ sbin/modprobe ip_tables http://www.bbqmw.net/qm_bbqmbd/

/ sbin/modprobe ip_nat_ftp

/ sbin/modprobe iptable_nat

# set SNAT rules

/ sbin/iptables-t nat-A POSTROUTING-o eth0-s 192.168.75.0 to-source 24-j SNAT-- to-source 202.38.75.7

Then save the script file, set the natstat file access to executable, and execute the script

# cd / etc

# chmod + x natstat

#. / natstat

Finally, add a script to start NAT automatically on / etc/rc.local:

# vi / etc/rc.local (Note: different systems may be different, either / etc/rc.d/rc.local or / etc/rc.conf)

Add the following script to it:

/ etc/natstat

Save the file and exit.

In this way, the NAT service is configured on the gateway server, and the intranet machine should be able to access the external network.

Try ping public network ip on the private network machine:

# ping 202.38.64.1 (DNS server)

If you can ping, the setting is successful.

This is the end of the content of "how to configure Linux dual network cards". Thank you for your reading. If you want to know more about the industry, you can follow the website, the editor will output more high-quality practical articles for you!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 252

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report