基于CentOS8部署NAT模式LVS

NAT模式

1.根据服务器的角色修改主机名

internet clinet

[root@centos8 ~]# hostnamectl set-hostname internet

firewall

[root@centos8 ~]# hostnamectl set-hostname firewall

lvs director

[root@centos8 ~]# hostnamectl set-hostname lvs

real sever 1

[root@centos8 ~]# hostnamectl set-hostname rs1

real server 2

[root@centos8 ~]# hostnamectl set-hostname rs2

2、部署lvs服务器

安装lvs管理工具

[root@lvs ~]# yum -y install ipvsadm

添加vip地址并设置路由指向防火墙firewall的IP地址

[root@lvs ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
# Generated by dracut initrd
NAME="eth0"
DEVICE="eth0"
ONBOOT=yes
NETBOOT=yes
UUID="ee1d9be0-11ff-4ff1-a1de-6e0ca0d72661"
IPV6INIT=yes
BOOTPROTO=static
IPADDR=10.0.0.38
IPADDR1=10.0.0.200 #vip地址
GATEWAY=10.0.0.28
PREFIX=24
TYPE=Ethernet
DNS1=180.76.76.76
[root@lvs ~]# 
[root@lvs ~]# ip route
default via 10.0.0.28 dev eth0 proto static metric 100 
10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.38 metric 100 
[root@lvs ~]#

修改内核参数，开启转发功能

[root@firewall ~]# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf 
[root@firewall ~]# sysctl -p
net.ipv4.ip_forward = 1
[root@firewall ~]#

创建lvs规则

[root@lvs ~]# ipvsadm  -A -t 10.0.0.200:80 -s rr #创建一个轮询集群
[root@lvs ~]# ipvsadm  -a -t 10.0.0.200:80 -r 10.0.0.48 -m   #-m是nat模式
[root@lvs ~]# ipvsadm  -a -t 10.0.0.200:80 -r 10.0.0.58 -m
[root@lvs ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  10.0.0.200:80 rr
  -> 10.0.0.48:80                 Masq    1      0          0         
  -> 10.0.0.58:80                 Masq    1      0          0         
[root@lvs ~]#

3、部署RS1服务器

rs1 安装httpd服务，并修改网关指向lvs director

[root@rs1 ~]#  yum -y install httpd
[root@rs1 ~]#  systemctl start httpd
[root@rs1 ~]#  

[root@rs1 ~]# ip route
default via 10.0.0.38 dev eth0 proto static metric 100 
10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.48 metric 100 
[root@rs1 ~]#

4、部署RS1服务器

rs2 安装httpd服务，并修改网关指向lvs director

[root@rs2 ~]# yum  -y install httpd
[root@rs2 ~]# systemctl start httpd

[root@rs2 ~]# ip route
default via 10.0.0.38 dev eth0 proto static metric 100 
10.0.0.0/24 dev eth0 proto kernel scope link src 10.0.0.58 metric 100 
[root@rs2 ~]#

5、部署 firewall服务器

开启路由转发功能

[root@firewall ~]# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf 
[root@firewall ~]# sysctl -p
net.ipv4.ip_forward = 1

设置iptables转发规则，收到外网到“公网”IP192.168.6.200的httpd请求，转发给VIP地址10.0.0.200的httpd

[root@firewall ~]# iptables -t nat -A PREROUTING -d 192.168.6.200 -p tcp --dport 80 -j DNAT --to-destination 10.0.0.200:80
[root@firewall ~]#

删除eth0网关

[root@centos8 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
# Generated by dracut initrd
NAME="eth0"
DEVICE="eth0"
ONBOOT=yes
NETBOOT=yes
UUID="ee1d9be0-11ff-4ff1-a1de-6e0ca0d72661"
IPV6INIT=yes
BOOTPROTO=static
IPADDR=10.0.0.28
PREFIX=24
TYPE=Ethernet
DNS1=180.76.76.76
[root@centos8 ~]#

将“公网”IP192.168.6.200配置到网卡上，并删除网关

[root@centos8 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
# Generated by dracut initrd
NAME="eth1"
DEVICE="eth1"
ONBOOT=yes
NETBOOT=yes
IPV6INIT=yes
BOOTPROTO=static
IPADDR=192.168.6.28
IPADDR1=192.168.6.200
PREFIX=24
TYPE=Ethernet
DNS1=180.76.76.76
[root@centos8 ~]#

6、在Internet服务器访问测试

[root@internet ~]# curl 192.168.6.200
rs1
[root@internet ~]# curl 192.168.6.200
rs2
[root@internet ~]# curl 192.168.6.200
rs1
[root@internet ~]# curl 192.168.6.200
rs2

最后编辑于：2020.12.18 16:58:52