Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

LVS/NAT configuration

2025-01-19 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

Three servers, one as director and two as real server

Director has an external network ip (192.168.220.135) and an intranet ip (192.168.221.135), only the intranet ip (192.168.221.128) and (192.168.221.129) on the two real server, and the intranet gateways of the two real server need to be set to the intranet ip of director (192.168.221.135).

Since my computer has only one network card, I add a custom network adapter to the virtual machine.

The public network configuration of director is as follows:

DEVICE=eth0

HWADDR=00:0C:29:7D:FD:E3

TYPE=Ethernet

UUID=9269429d-11de-465d-baad-1c898dd2d8aa

ONBOOT=yes

NM_CONTROLLED=yes

BOOTPROTO=static

IPADDR=192.168.220.135

NETMASK=255.255.255.0

GATEWAY=192.168.220.2

DNS1=192.168.220.2

DNS2=8.8.8.8

The private network configuration of director is as follows:

DEVICE=eth2

HWADDR=00:0C:29:7D:FD:ED

TYPE=Ethernet

UUID=9269429d-11de-465d-baad-1c898dd2d8aa

ONBOOT=yes

NM_CONTROLLED=yes

BOOTPROTO=static

IPADDR=192.168.221.135

NETMASK=255.255.255.0

# GATEWAY=192.168.221.2

# DNS1=192.168.221.2

# DNS2=8.8.8.8

Httpd is installed on both real server: yum install-y nginx

Install ipvsadm yum install-y ipvsadm on Director

Vim / usr/local/sbin/lvs_nat.sh / / added on Direcotr:

#! / bin/bash

# enable route forwarding on the director server:

Echo 1 > / proc/sys/net/ipv4/ip_forward

# turn off the redirection of icmp

Echo 0 > / proc/sys/net/ipv4/conf/all/send_redirects

Echo 0 > / proc/sys/net/ipv4/conf/default/send_redirects

Echo 0 > / proc/sys/net/ipv4/conf/eth0/send_redirects

Echo 0 > / proc/sys/net/ipv4/conf/eth2/send_redirects

# director set nat Firewall

Iptables-t nat-F

Iptables-t nat-X

Iptables-t nat-A POSTROUTING-s 192.168.221.0 take 24-j MASQUERADE

# director sets ipvsadm

IPVSADM='/sbin/ipvsadm'

$IPVSADM-C

$IPVSADM-A-t 192.168.220.135purl 80-s rr

$IPVSADM-a-t 192.168.220.135purl 80-r 192.168.221.128purl 80-m

$IPVSADM-a-t 192.168.220.135purl 80-r 192.168.221.129purl 80-m

Run this script directly to complete the configuration of lvs/nat:

/ bin/bash / usr/local/sbin/lvs_nat.sh

To distinguish between testing the web content on the two machines through a browser, we can modify the default page of nginx:

On rs1: echo "rs1rs1" > / usr/share/nginx/html/index.html

On rs2: echo "rs2rs2" > / usr/share/nginx/html/index.html

You can complete the construction of the nat mode of load balancer by doing the above.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report