Shulou(Shulou.com)06/01 Report--

What is soft routing under Redhat linux 9.0? to solve this problem, this article introduces the corresponding analysis and solution in detail, hoping to help more partners who want to solve this problem to find a simpler and easier way.

Experimental conditions: create a Redhat Linux 9.0 virtual machine and a Windows XP virtual machine, Linux virtual machine has two network cards (eth0 and eth2), eth0 implementation and Internet connection, eth2 implementation and intranet connection. Their information is as follows:

Eth0: IP (192.168.0.133) MASK (255.255.255.0) Gateway (192.168.0.2) DNS (same as host)

Eth2: IP (192.168.132.128) MASK (255.255.255.0) Gateway (none)

The purpose of the experiment is to build the Linux virtual machine into a soft router so that the Windows XP virtual machine (in the network segment 192.168.132.0) can access the Internet through this soft route. So the IP address of Windows XP is as follows:

IP (192.168.132.129) MASK (255.255.255.0) Gateway (192.168.132.128, which is actually the IP of eth2)

DNS (same as host)

Experimental principle: the Windows XP virtual machine sends the message to the Linux virtual machine, and the Linux virtual machine verifies the destination address of the message, and then selects the route according to the routing table. But it is not possible to send it out in this way, because its source address is 192.168.132.0max 24, not 192.168.0.0, so the gateway 192.168.0.2 (the gateway of eth0) will not send it out, so we have to camouflage the address, that is, NAT (Network address Translation) that we often see. A lot of the conversion of NAT is done with the NAT function of the firewall, so we will also use the firewall iptables (included with Redhat 9.0) later.

The steps of the experiment:

(1) in Linux virtual machine

1. Configure the network:

In the graphical interface, click the red hat in the lower left corner, and then "system Settings-Network". After entering the password, you can see the network card (eth0 and eth2), click eth0, and enter IP (192.168.0.133) MASK (255.255.255.0) Gateway (192.168.0.2) DNS (the same as the host). Then click eth2, enter IP (192.168.132.128) MASK (255.255.255.0) Gateway (not filled), and then save and exit (in fact, it and modify ifcfg_eth0, ifcfg_eth2, network and other files or use the ifconfig command is the same effect, you personally like it). If you are used to the command line, you can also enter it manually.

2. Now that the network of the Linux virtual machine is configured, you can ping it and ping it in the following order.

Ping 127.0.0.1 (check whether the protocol, etc. Is installed correctly)

Ping 192.168.132.128 (check if eth2 is normal)

Ping 192.168.0.133 (check if eth0 is normal)

Ping 192.168.0.2 (check if the gateway is working)

Ping www.baidu.com (connect to the public network and check whether it is normal. If there is an error message that cannot be found in the URL, it is likely that the DNS is not set up)

If all the ping is connected, then we can proceed to the next step, if there is no ping connection, then continue to test.

Then look at your routing table with route-n and you can see similar information.

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

192.168.132.0 0.0.0.0 255.255.255.0 U 0 0 0 eth2

127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo

0.0.0.0 192.168.0.2 0.0.0.0 UG 0 0 0 eth0

You see that? The first line of information indicates that a message with a destination address of 192.168.0 Gateway 24 is sent from eth0, and the second line of information indicates that a message with a destination address of 192.168.132.0 Gateway is sent from eth2. The third line is similar, it is a loopback address sent to the computer itself, and the fourth line is the default gateway because its Flags flag is UG (G for Gateway).

3. After completing the above IP settings, it is not enough to start the IP forwarding function. Enter on the command line

Echo 1 > / proc/sys/net/ipv4/ip_forward is fine, but it's gone after reboot, so finally put the

Just change net.ipv4.ip_forward = 0 to net.ipv4.ip_forward = 1.

(2) in the Windows XP virtual machine

The setup of the XP virtual machine is very simple. As we usually do, just set the IP, mask, gateway and DNS as follows: IP (192.168.132.129) MASK (255.255.255.0) Gateway (192.168.132.128, which is actually the IP of eth2) DNS (same as the host)

So far, I thought it was all right! Then ping Baidu, or ping does not pass, this is why? Because we haven't disguised IP yet. Because only the IP disguised as 192.168.0.0Accord 24 can be sent from eth0. Remember that there is one in route-n.

Destination Gateway Genmask Flags Metric Ref Use Iface

192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0

Is that the kind of information? That's what we're talking about. So we need to move on to the next step, NAT.

(3) NAT and network address translation

1. Introduction to NAT:

With the help of NAT, when an "internal" network with a private (reserved) address sends a packet through a router, the private address is translated into a legitimate IP address, and a local area network only needs to use a small number of IP addresses (or even one) to realize the communication requirements between all computers in the private address network and Internet. NAT will automatically modify the source IP address and destination IP address of IP messages, and Ip address verification will be completed automatically during NAT processing. Some applications embed the source IP address into the data portion of the IP message, so the message needs to be modified at the same time to match the modified source IP address in the IP header. Otherwise, applications with IP addresses embedded in the message data will not work properly.

2. NAT in Linux

In Linux, to achieve the function of NAT, we use the NAT of the firewall, so we need to use the iptables command. The syntax of iptables is not introduced here, it is too long, you can check it with man iptables.

3. Now we want all computers on network segment 192.168.132.0 to be able to access the Internet through this router, so we can set up a script to copy the following content, then chmod 755 XXX.sh changes its permissions, and finally type. / XXX.sh to run

#! / bin/bash

# initialize INPUT, FORWARD, OUTPUT and other chains

# clear the settings of the original firewall

Iptables-F

# packets that do not conform to INPUT, FORWARD and OUTPUT chain rules are discarded by default, and POSTROUTING and PREROUTING are received by default

Iptables-P INPUT DROP

Iptables-P FORWARD DROP

Iptables-P OUTPUT DROP

Iptables-t nat-P POSTROUTING ACCEPT

Iptables-t nat-P PREROUTING ACCEPT

# add a rule to the FORWARD chain: all messages whose source address belongs to 192.168.132.0 ANYWHERE 24 and the destination address is ANYWHERE are received, but this only allows the message to be sent. The received message does not comply with this rule and will be discarded, so add a rule: all messages whose source address belongs to Universe and the destination address is 192.168.132.0 Universe 24 are also received, so that they can communicate in both directions.

Iptables-t filter-A FORWARD-s 192.168.132.0 pick 24-d 0.0.0.0 max 0-j ACCEPT

Iptables-t filter-A FORWARD-s 0.0.0. 0 ACCEPT 0-d 192.168.132.0 max 24-j ACCEPT

# the following sentence means to add a rule to the POSTROUTING chain: all messages sent from eth0 disguise IP, that is, NAT, which is the core of the whole NAT.

Iptables-t nat-A POSTROUTING-o eth0-j MASQUERADE

So far, everything is ready, switch to the Windows XP virtual machine, ping 192.168.0.2 (the gateway of the Linux host), if the ping is not available, carefully check whether the above steps are correct! If ping is connected, you can surf the Internet. Open your IE and try it. If the DNS setting in XP is not correct, you will not be able to access the Internet. Be careful!

(4) questions

We still don't know how to add network cards to the virtual machine (except eth0, eth2, eth8), and then we can identify them for Linux. If we can, it will be so much fun that we can form a complex network.

(5) concluding remarks

The configuration of the previous IP address and so on generally will not have too big problem, generally the problem lies in the NAT part. Some books do not use Redhat 9.0, so the command is not iptables, but others such as ipchains, ipfwadm and so on. It's up to you. There are some systems that are even worse. If you don't even have iptables/ipchains/ipfwadm, you have to install it and compile it. It's annoying. You have to hold on until you successfully configure a route. You will feel that the previous efforts are worth it.

This is the answer to the question about what soft routing is under Redhat linux 9.0. I hope the above content can be of some help to you. If you still have a lot of doubts to be solved, you can follow the industry information channel for more related knowledge.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.