虚拟机做网关实现局域网上网
一直都是用的XP通过ADSL上网,由于XP没有路由的功能,所以一直只能让宿主机和客户机(虚拟机)其中的一个上网.今天突发奇想,用虚拟机做宿主机的网关,形成一个小型局域网上网的模型.
宿主机:XP,192.168.1.11
虚拟机:redhat 9,192.168.1.13
首先要保证linux上已经装了拨号软件pppoe
将虚拟机的网关设置去掉
[root@localhost root]# less /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=none
IPADDR=192.168.1.13
NETMASK=255.255.255.0
TYPE=Ethernet
USERCTL=no
PEERDNS=no
NETWORK=192.168.1.0
BROADCAST=192.168.1.255
配置adsl连接信息
[root@localhost root]# adsl-setup
Welcome to the ADSL client setup. First, I will run some checks on
your system to make sure the PPPoE client is installed properly...
LOGIN NAME
Enter your Login Name (default root): 输入adsl帐号
INTERFACE
Enter the Ethernet interface connected to the ADSL modem
For Solaris, this is likely to be something like /dev/hme0.
For Linux, it will be ethX, where 'X' is a number.
(default eth0): 输入连接modem的网卡
Do you want the link to come up on demand, or stay up continuously?
If you want it to come up on demand, enter the idle time in seconds
after which the link should be dropped. If you want the link to
stay up permanently, enter 'no' (two letters, lower-case.)
NOTE: Demand-activated links do not interact well with dynamic IP
addresses. You may have some problems with demand-activated links.
Enter the demand value (default no): 直接回车即可
DNS
Please enter the IP address of your ISP's primary DNS server.
If your ISP claims that 'the server will provide dynamic DNS addresses',
enter 'server' (all lower-case) here.
If you just press enter, I will assume you know what you are
doing and not modify your DNS setup.
Enter the DNS information here: 输入DNS的地址,如果是由ADSL自动获取,则输入server
PASSWORD
Please enter your Password: ADSL的密码
Please re-enter your Password: 再输入一次密码
USERCTRL
Please enter 'yes' (two letters, lower-case.) if you want to allow
normal user to start or stop DSL connection (default yes): 直接回车即可
FIREWALLING
Please choose the firewall rules to use. Note that these rules are
very basic. You are strongly encouraged to use a more sophisticated
firewall setup; however, these will provide basic security. If you
are running any servers on your machine, you must choose 'NONE' and
set up firewalling yourself. Otherwise, the firewall rules will deny
access to all standard servers like Web, e-mail, ftp, etc. If you
are using SSH, the rules will block outgoing SSH connections which
allocate a privileged source port.
The firewall choices are:
0 - NONE: This script will not set any firewall rules. You are responsible
for ensuring the security of your machine. You are STRONGLY
recommended to use some kind of firewall rules.
1 - STANDALONE: Appropriate for a basic stand-alone web-surfing workstation
2 - MASQUERADE: Appropriate for a machine acting as an Internet gateway
for a LAN
Choose a type of firewall (0-2): 是否启用防火墙,0表示不设
Start this connection at boot time
Do you want to start this connection at boot time?
Please enter no or yes (default no): 是否在系统启动的时候连接.默认是否
** Summary of what you entered ** 之前输入的所有信息概要如下
Ethernet Interface: eth0
User name: xxx
Activate-on-demand: No
DNS addresses: Supplied by ISP's server
Firewalling: NONE
User Control: yes
Accept these settings and adjust configuration files (y/n)? y 是否写入配置文件
Adjusting /etc/sysconfig/network-scripts/ifcfg-ppp0
Adjusting /etc/ppp/chap-secrets and /etc/ppp/pap-secrets
(But first backing it up to /etc/ppp/chap-secrets.bak)
(But first backing it up to /etc/ppp/pap-secrets.bak)
Congratulations, it should be all set up!
Type '/sbin/ifup ppp0' to bring up your xDSL link and '/sbin/ifdown ppp0'
to bring it down.
Type '/sbin/adsl-status /etc/sysconfig/network-scripts/ifcfg-ppp0'
to see the link status.
启动adsl,开始拨号
[root@localhost root]# adsl-start
拨号成功查看当前网络信息
[root@localhost root]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:XX:XX:XX:XX
inet addr:192.168.1.13 Bcast:192.168.1.255 Mask:255.255.255.0
ppp0 Link encap:Point-to-Point Protocol
inet addr:59.175.103.180 P-t-P:59.175.102.1 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1
RX packets:3 errors:0 dropped:0 overruns:0 frame:0
TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:3
RX bytes:54 (54.0 b) TX bytes:54 (54.0 b)
测试,ping外网域名
[root@localhost root]# ping [url]www.baidu.com[/url]
PING [url]www.a.shifen.com[/url] (220.181.37.4) 56(84) bytes of data.
64 bytes from 220.181.37.4: icmp_seq=1 ttl=52 time=100 ms
64 bytes from 220.181.37.4: icmp_seq=2 ttl=52 time=102 ms
这样就实现了虚拟机通过ADSL上网,查看当前路由信息
[root@localhost root]# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
59.175.102.1 * 255.255.255.255 UH 0 0 0 ppp0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
127.0.0.0 * 255.0.0.0 U 0 0 0 lo
default 59.175.102.1 0.0.0.0 UG 0 0 0 ppp0
默认网关已经指向了外网的出口.
开始启用转发和nat,实现内外网的路由和NAT转换
[root@localhost root]# echo 0 > /proc/sys/net/ipv4/ip_forward
[root@localhost root]# iptables -t filter -F
[root@localhost root]# iptables -t nat -F
[root@localhost root]# iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQU
ERADE
[root@localhost root]# echo 1 > /proc/sys/net/ipv4/ip_forward
将xp的网关设为linux的ip192.168.1.13,DNS设为ADSL的DNS,如武汉的为202.103.24.68.这样就可以在XP上上网了.
在上一篇文章linux做网关的时候,并没有使用iptables.例如在linux 1.13上增加另一个网络的ip 0.13,只需要使用echo 1 > /proc/sys/net/ipv4/ip_forward来 启用转发,客户xp1.11的网关指向1.13就可以ping通1.13了
因为此时linux只是单纯的路由转发,而它做adsl内网网关的时候发生了NAT,所以需要使用iptables.
记得每次修改IP设置之后要重启网卡,并且重新启动转发
echo 1 > /proc/sys/net/ipv4/ip_forward
附记:
做完linux虚拟机网关的实验后,关闭vmware回到xp中连接adsl,报错:域上的用户名/密码错误.禁用本地连接发现死在那里了,启用的时候报连接失败.只能重启看看了,谁知道就停在那里了,不耐烦就按了reset.发现在选择系统的那个地方停住了,选择进入安全模式也是停在那个地方.重复若干次都不行.害怕,懊恼,郁闷….难道要重新装系统??拿出系统盘,放入光驱,还是觉得不甘心,准备尝试一下,仍然停在那个地方,把插着的U盘拔了,竟然就进去了.不由得长嘘一口气,一场虚惊啊…佛祖保佑….
不过实验几次后发现确实有这个问题,修改了本地连接之后,再用adsl连接会报域上的用户名/密码错误.没办法只好把modem重启了.
本文转自yahoon 51CTO博客,原文链接:http://blog.51cto.com/yahoon/37080,如需转载请自行联系原作者
