1.检测服务器上ip地址是否生效/可用的方法
ping g.cn -I 服务器ip 表示使用本机的指定ip ping g.cn 如果可以ping通则表示正常
例如:美国刚买的ip
23.234.200.0/24
[root@PDS794 ~]# ping g.cn -I 23.234.200.251
PING g.cn (173.194.79.160) from 23.234.200.251 : 56(84) bytes of data.
64 bytes from pb-in-f160.1e100.net (173.194.79.160): icmp_seq=1 ttl=51 time=26.5 ms
64 bytes from pb-in-f160.1e100.net (173.194.79.160): icmp_seq=2 ttl=51 time=26.5 ms
64 bytes from pb-in-f160.1e100.net (173.194.79.160): icmp_seq=3 ttl=51 time=26.7 ms
2.通道的建立
例如:
bj06-us01 1.54.16.1-2 210.51.3.31-198.148.124.34
cat >> /etc/rc.local <<\EOF
#bj06-us01
ip tunnel add bj06-us01 mode ipip remote 198.148.124.34 local 210.51.3.31
ip add add dev bj06-us01 1.54.16.1 peer 1.54.16.2
ifconfig bj06-us01 1.54.16.1/30
ip link set bj06-us01 up
route add -host 1.54.16.2 dev bj06-us01
EOF
#us01-bj06
ip tunnel add us01-bj06 mode ipip remote 210.51.3.31 local 198.148.124.34
ip add add dev us01-bj06 1.54.16.2 peer 1.54.16.1
ifconfig us01-bj06 1.54.16.2/30
ip link set us01-bj06 up
route add -host 1.54.16.1 dev us01-bj06
测试结果:
[root@bj06 ~]# alias ips
alias ips='ip route show'
[root@bj06 ~]# ips |grep us01
1.54.16.2 dev bj06-us01 scope link
1.54.16.0/30 dev bj06-us01 proto kernel scope link src 1.54.16.1
203.117.0.0/16 via 1.54.16.2 dev bj06-us01
[root@bj06 ~]# alias p
alias p='ping'
[root@bj06 ~]# p 1.54.16.2
PING 1.54.16.2 (1.54.16.2) 56(84) bytes of data.
64 bytes from 1.54.16.2: icmp_seq=1 ttl=64 time=223 ms
64 bytes from 1.54.16.2: icmp_seq=2 ttl=64 time=223 ms
64 bytes from 1.54.16.2: icmp_seq=3 ttl=64 time=224 ms
要改3个地方
1.私网ip
1.54.16.1-2
2.公网ip
210.51.3.31-198.148.124.34
3.接口名称
dev bj06-us01
为什么要建立通道
通过路由转发 如 ip route replace 这种方法比较灵活 比如说访问台服与国服使用不同的路由 如访问203.66.0.0/16(台服魔兽ip段)时走中台的路由 而访问国服魔兽(123.125.0.0/16)可以走到北京的路由
可以挡攻击 使用路由切换程序可以挡流量攻击
3. 163yum源
#换成163的yum源:
cd /etc/yum.repos.d
mv CentOS-Base.repo CentOS-Base.repo.save
wget mirrors.163.com/.help/CentOS
5
-Base-163.repo
#wget mirrors.163.com/.help/CentOS
6
-Base-163.repo
sed -i 's/enabled=1/enabled=0/g' /etc/yum/pluginconf.d/fastestmirror.conf
cat /dev/null > /var/cache/yum/timedhosts.txt
yum clean all
yum makecache
[root@bj06 yum.repos.d]# ls /etc/yum.repos.d/
CentOS6-Base-163.repo CentOS-Debuginfo.repo CentOS-Vault.repo epel-testing.repo
CentOS-Base.repo CentOS-Media.repo epel.repo
除了它,其他的都可以备份下,暂时不用!
4.默认路由
查默认路由
[root@bj02 ~]# ip route show |grep def
default via 1.27.10.1 dev bj02-gz02c
查通道信息:
[root@bj02 ~]#
ifconfig |grep bj02-gz02c -A 6
bj02-gz02c Link encap:IPIP Tunnel HWaddr
inet addr:1.27.10.2 P-t-P:1.27.10.1 Mask:255.255.255.252
UP POINTOPOINT RUNNING NOARP MTU:1480 Metric:1
RX packets:1488769604 errors:0 dropped:0 overruns:0 frame:0
TX packets:1702443750 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2923348000 (2.7 GiB) TX bytes:99236479 (94.6 MiB)
[root@bj02 ~]#
cat /etc/rc.local |grep bj02-
gz02c 可查出对端的ip
#bj02-gz02c
ip tunnel add bj02-gz02c mode ipip remote
116.213.249.196 local 202.108.54.10
ip add add dev bj02-gz02c 1.27.10.2 peer 1.27.10.1
ifconfig bj02-gz02c 1.27.10.2/30
ip link set bj02-gz02c up
route add -host 1.27.10.1 dev bj02-gz02c
ip route replace default via 1.27.10.1 dev bj02-gz02c
拥有国际出口的默认路由:
[root@gz02 ~]# ifconfig |grep 116.213.249.196
inet addr:116.213.249.196 Bcast:116.213.249.223 Mask:255.255.255.224
[root@gz02 ~]# ip route show |grep default
default via 203.78.190.14 dev em2
直接从接口出去
You have new mail in /var/spool/mail/roo
如何修改默认路由:
[root@bj02 ~]# ip ro re 0.0.0.0/0 via 1.54.10.1 dev bj02-bj06
[root@bj02 ~]# ips |grep def
default via 1.54.10.1 dev bj02-bj06
调整路由的方法和修改默认路由的方法类似,如把 台服lol的认证ip 203.117网段通过bj06通过通道送出去
ip ro re 203.117.0.0/16 via 1.54.16.2 dev bj06-us01
本文转自 gjp0731 51CTO博客,原文链接:http://blog.51cto.com/guojiping/1319596
