Virtual machine implements IP forwarding

Others 2022-04-23 01:42:17 views: 0

  Due to work needs, under the leadership of the master, a virtual machine's SNAT IP forwarding function was implemented. The effect of this function is probably to use the virtual machine as a router for the computer. The host's request is forwarded through the virtual machine, and the received response is also passed. The virtual machine parses back so that firewall functions can be developed on the virtual machine.

  Let me introduce the equipment first, a long-standing desktop computer (probably the kind of school computer room with about 3G memory, and the generation of processor i3 is unclear) loaded with Windows7 system (OK, this configuration can also run virtual machines, desktop The computer is still much stronger than the notebook), the virtual machine is loaded with the Centos6.5 system, the memory is allocated 1G, and the disk space is 40G. OK, not much to say, let's go straight to the job.

  What we want to achieve is roughly as follows:

  We know that a virtual machine needs a network adapter to connect to the Internet. For the target virtual machine, two network adapters are required, one for connecting to the external network (Internet) and the other for connecting to the internal network (Windows7). The two network cards use IPs of different network segments implement routing and forwarding functions in the virtual machine.

  First create a new network adapter for the virtual machine, right-click on your own virtual machine--->Settings--->Add at the bottom"--->Network Adapter

  Enter the Centos system, all the configuration files about the network are in:

/etc/sysconfig/network-script/

  Where ifcfg-eth0 is the configuration file of the network adapter, here, we use the virtual network card to complete the configuration of the virtual machine router, so there is no need to set a configuration file for the second adapter, it will be in promiscuous mode, no IP address, we To make the first network adapter connect to the external network and the second adapter to connect to the internal network (connected to Windows), a series of settings are required.

  Assume that the IP of the external network is 192.168.111.9 and the gateway is 192.168.111.1. In ifcfg-eth0, set the IP address to the external network IP and the gateway to the external network gateway. Assuming that the intranet IP (WindowsIP) is 192.168.133.5, then the gateway of the intranet needs to be set to the IP address of the second adapter, but the second adapter is in promiscuous mode and has no IP, so you need to create a new virtual network card and set it IP and bind it to the second adapter.

  Create a new virtual network card

brctl addbr br0

  bind it to the adapter

brctl addif br0 eth1

  Set the IP address for the virtual network card (used as the gateway of the intranet)

ifconfig br0 192.168.133.4

  Set the gateway of the Windows system to the IP address of br0

  Restart the network service (note that the creation and settings of the above virtual network card will not be automatically saved, and will not be saved after the next boot, it is recommended to write a script file to write the above content, and run the script every time you boot)

service network restart

  At this time, the two adapters are connected to the connection respectively. Now it is necessary to forward the IP request to the two adapters to forward the Windows request from the second adapter eth1 to eth0, and communicate with the outside world through eth0.

  First enable the IPv4 forwarding function of the system, the configuration file is as follows

/etc/sysctl.conf

  find the properties below

net.ipv4.ip_forward

  Change its value to 1 to allow IPv4 forwarding

  In the forwarding part, the iptables tool is used for IP forwarding. iptables is a simple access tool for detecting data packets. The rules are formed into a table to realize the absolutely detailed access control function. Use the following command to perform IP forwarding

iptables -t nat -A POSTROUTING -s 192.168.133.0/24 -o eth0 -j SNAT --to-source 192.168.111.9

  It means that all IP requests on the 192.168.133.0/24 network segment are forwarded by 192.168.111.9.

  There are two ways to save the content set by iptables. The first is to store the configuration file in a directory.

iptables-save >/var/log/iptables.backup

  When you need to read the configuration

iptables-restore </var/log/iptables.backup

  The second way is to use the following command to automatically store

service iptables save

  Of course you have to restart the service

service iptables restart
service network restart

  This completes the function of the virtual machine acting as a router to forward IP

 

Guess you like

Origin http://43.154.161.224:23101/article/api/json?id=325382262&siteId=291194637
Recommended
Ranking
Empire cms smart tag calls four first-level recommended articles, starting from the fourth article
Linux environment installation and configuration Elasticsearch7.17
Big Data processing architecture and Lambda Kappa architecture
Explore the top of the AI large model platform - Wenxin Qianfan
Beijing car PK10 lucky airship Guanya size and value of the odd and even tips
W3B x Sui Hacker House|In-depth understanding of Sui and Move language
Know almost Ko Chan: Chinese what any decent open source software products? (Finishing from my original answer)
Comprehensively improve AD domain security authentication | Zhuyun IDaaS
Android Update Engine Analysis (24) What happened when making the downgrade package?
Spark Architecture and Operating Mechanism (1) - System Architecture
Daily
More
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)

Code World

© 2018 codetd.com