Lvs NAT模型
环境:
堡垒机:192.168.11.26 假设为外网IP
20.1.1.254 假设为内网IP
RS1:20.1.1.11
RS2:20.1.1.12
iptables、selinux统一关闭,为了方便
命令:iptables -F
setenfprce 0
一、配置堡垒机:
[root@web2 ~]# ipvsadm -A -t 192.168.11.26:80 -s rr #配置ipvsadm DIP:PORT rr调度方式 [root@web2 ~]# ipvsadm -a -t 192.168.11.26:80 -r 20.1.1.11 -m -w 1 #加入ipvsadm DIP:PORT权重为1,设定wrr方可生效 [root@web2 ~]# ipvsadm -a -t 192.168.11.26:80 -r 20.1.1.12 -m -w 2 #加入ipvsadm DIP:PORT权重为2,设定wrr方可生效 [root@web2 ~]# ipvsadm -L -n #查看信息 IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.11.26:80 rr -> 20.1.1.11:80 Masq 1 0 0 -> 20.1.1.12:80 Masq 2 0 0 [root@web2 ~]# echo 1 > /proc/sys/net/ipv4/ip_forward #打开内核的转发功能 [root@web2 ~]# cat /proc/sys/net/ipv4/ip_forward #查看是否打开 1 [root@web2 ~]# ifconfig #查看网络信息 eth0 Link encap:Ethernet HWaddr 00:0C:29:AD:98:5C inet addr:192.168.11.26 Bcast:192.168.11.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fead:985c/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1071458 errors:0 dropped:0 overruns:0 frame:0 TX packets:1009598 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:94748166 (90.3 MiB) TX bytes:124692110 (118.9 MiB) eth1 Link encap:Ethernet HWaddr 00:0C:29:AD:98:66 inet addr:20.1.1.254 Bcast:20.1.1.255 Mask:255.255.255.0 inet6 addr: fe80::20c:29ff:fead:9866/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1336 errors:0 dropped:0 overruns:0 frame:0 TX packets:556 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:127358 (124.3 KiB) TX bytes:51956 (50.7 KiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
二、RS1配置,安装httpd并设定===11===
[root@CentOS7_30 ~]# vim /var/www/html/index.html #设定===11=== [root@CentOS7_30 ~]# cat /var/www/html/index.html #查看是否设定成功 <h1>===11===</h1> [root@CentOS7_30 ~]# ip add sh #查看IP地址 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eno16780032: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000 link/ether 00:0c:29:c8:1b:d5 brd ff:ff:ff:ff:ff:ff inet 20.1.1.11/24 brd 20.1.1.255 scope global eno16780032 valid_lft forever preferred_lft forever inet6 fe80::20c:29ff:fec8:1bd5/64 scope link valid_lft forever preferred_lft forever [root@CentOS7_30 ~]# ip route sh #查看网关 default via 20.1.1.254 dev eno16780032 proto static metric 100 20.1.1.0/24 dev eno16780032 proto kernel scope link src 20.1.1.11 metric 100
三、RS2配置,安装httpd并设定===12===
[root@jroa ~]# vim /var/www/html/index.html #设定===11=== [root@jroa ~]# cat /var/www/html/index.html #查看是否设定成功 <h1>===12===</h1> [root@jroa ~]# ip add sh #查看IP地址 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:0c:29:4e:ce:b9 brd ff:ff:ff:ff:ff:ff inet 20.1.1.12/24 brd 20.1.1.255 scope global eth0 inet6 fe80::20c:29ff:fe4e:ceb9/64 scope link valid_lft forever preferred_lft forever [root@jroa ~]# ip route sh #查看网关 20.1.1.0/24 dev eth0 proto kernel scope link src 20.1.1.12 169.254.0.0/16 dev eth0 scope link metric 1002 default via 20.1.1.254 dev eth0
四、其他机子访问测试
[root@redis_master ~]# curl http://192.168.11.26 #访问OK <h1>===12===</h1> [root@redis_master ~]# curl http://192.168.11.26 <h1>===11===</h1> [root@redis_master ~]# curl http://192.168.11.26 <h1>===12===</h1> [root@redis_master ~]# curl http://192.168.11.26 <h1>===11===</h1>
