2019独角兽企业重金招聘Python工程师标准>>> 
- 网络环境:
先说下网络环境,有三台服务器,处在网络1和网络2折两个完全隔绝的环境,网络1和网络2之间不能互通。其中,Server1在网络1中,Server3在网络2中,而Server2有两块网卡,分别位于网络1和网络2中。Server3不能直接访问Server1,因为它们处于不同的网络。若要实现这两个服务器之间的互联,就必须要利用Server2这台服务器。将Server2视为网关,Server3如要访问Server1,将数据发送至Server2,再用Server2转发到Server1中。 - 具体配置:
Server3增加一条路由,访问192.168.100.*网段的请求,都发送至Server2中。但以为他们之间只能通过109.105.115.*网段,所以必须如下设置:
root@ubuntu111:~# route add -net 192.168.100.0/24 gw 109.105.115.42
root@ubuntu111:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 109.105.115.1 0.0.0.0 UG 0 0 0 p2p1
109.105.115.0 * 255.255.255.0 U 0 0 0 p2p1
192.168.100.0 109.105.115.42 255.255.255.0 UG 0 0 0 p2p1
可以观察到路由表中已经增添了192.168.100.*网段的路由,接下来配置Server2。Server2中的网卡情况如下:
root@ubuntu42:~# ifconfig
br0 Link encap:Ethernet HWaddr 00:25:90:c9:dd:a0 inet addr:109.105.115.42 Bcast:109.105.115.255 Mask:255.255.255.0inet6 addr: fe80::e45b:96ff:feac:b796/64 Scope:LinkUP BROADCAST RUNNING MTU:1500 Metric:1RX packets:2490763 errors:0 dropped:0 overruns:0 frame:0TX packets:369712 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:0 RX bytes:606668767 (606.6 MB) TX bytes:44997503 (44.9 MB)
p2p1 Link encap:Ethernet HWaddr e4:1d:2d:7d:c2:80 inet addr:192.168.100.42 Bcast:192.168.100.255 Mask:255.255.255.0inet6 addr: fe80::e61d:2dff:fe7d:c280/64 Scope:LinkUP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1RX packets:314 errors:0 dropped:0 overruns:0 frame:0TX packets:488 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:1000 RX bytes:47695 (47.6 KB) TX bytes:45781 (45.7 KB)
root@ubuntu42:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 109.105.115.1 0.0.0.0 UG 0 0 0 br0
109.105.115.0 * 255.255.255.0 U 0 0 0 br0
192.168.100.0 192.168.100.42 255.255.255.0 UG 0 0 0 p2p1
此时,如果直接在Server3中ping Server1,发现还是不通,但是在Server2中使用tcpdump命令,发现数据的确已经发送到了Server2了。
root@ubuntu42:~# tcpdump -nei eth0 host 109.105.115.111
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
00:15:54.561488 a0:36:9f:78:70:08 > 00:25:90:c9:dd:a0, ethertype IPv4 (0x0800), length 98: 109.105.115.111 > 192.168.100.251: ICMP echo request, id 23780, seq 16, length 64
00:15:55.561537 a0:36:9f:78:70:08 > 00:25:90:c9:dd:a0, ethertype IPv4 (0x0800), length 98: 109.105.115.111 > 192.168.100.251: ICMP echo request, id 23780, seq 17, length 64
那么,就只有一个可能性了,就是Server2的转发失败了,因此,需要打开Server2的转发功能。
root@ubuntu42:~# echo 1 > /proc/sys/net/ipv4/ip_forward
再次直接在Server3中ping Server1,ping通,搞定。
京公网安备 11010802041100号