LVS NAT模式搭建

转载：http://blog.51cto.com/10963213/2096100

准备工作

三台机器上都执行执行

systemctl stop firewalld; systemctl disable firewalld

安装iptables-services

systemctl enable iptables; systemctl start iptables; iptables -F; service iptables save 

setenforce 0

分发器的设置

配置内网ip 192.168.130.116

[root@lynn-04 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33TYPE=EthernetPROXY_METHOD=noneBROWSER_ONLY=noBOOTPROTO=staticDEFROUTE=yesIPV4_FAILURE_FATAL=noIPV6INIT=yesIPV6_AUTOCONF=yesIPV6_DEFROUTE=yesIPV6_FAILURE_FATAL=noIPV6_ADDR_GEN_MODE=stable-privacyNAME=ens33DEVICE=ens33ONBOOT=yesIPADDR=192.168.130.116NETMASK=255.255.255.0GATEWAY=192.168.130.2DNS1=119.29.29.29

配置外网ip 192.168.214.116 （vmware仅主机模式）

[root@lynn-04 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens37TYPE=EthernetPROXY_METHOD=noneBROWSER_ONLY=noBOOTPROTO=staticDEFROUTE=yesIPV4_FAILURE_FATAL=noIPV6INIT=yesIPV6_AUTOCONF=yesIPV6_DEFROUTE=yesIPV6_FAILURE_FATAL=noIPV6_ADDR_GEN_MODE=stable-privacyNAME=ens37DEVICE=ens37ONBOOT=noIPADDR=192.168.214.116

安装ipvsadm

[root@lynn-04~]# yum install -y ipvsadm

编写脚本/usr/local/sbin/lvs_nat.sh

[root@lynn-04 ~]# vim /usr/local/sbin/lvs_nat.sh#! /bin/bash# director 服务器上开启路由转发功能echo1 > /proc/sys/net/ipv4/ip_forward# 关闭icmp的重定向echo0 > /proc/sys/net/ipv4/conf/all/send_redirectsecho0 > /proc/sys/net/ipv4/conf/default/send_redirects# 注意区分网卡名字，我的两个网卡分别为ens33和ens37echo0 > /proc/sys/net/ipv4/conf/ens33/send_redirectsecho0 > /proc/sys/net/ipv4/conf/ens37/send_redirects# director 设置nat防火墙iptables -t nat -Fiptables -t nat -Xiptables -t nat -A POSTROUTING-s192.168.130.0/24  -j MASQUERADE# director设置ipvsadmIPVSADM='/usr/sbin/ipvsadm'$IPVSADM-C$IPVSADM-A -t 192.168.214.116:80-swlc$IPVSADM-a-t 192.168.214.116:80 -r 192.168.130.118:80 -m -w 1$IPVSADM-a-t 192.168.214.116:80 -r 192.168.130.128:80 -m -w 1

加载脚本/usr/local/sbin/lvs_nat.sh

[root@lynn-04~]# sh /usr/local/sbin/lvs_nat.sh

rs1的设置

配置内网ip 192.168.130.118

配置网关 192.168.130.116 （这里的网关为分发器的内网ip）

[root@lynn-05 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33TYPE=EthernetPROXY_METHOD=noneBROWSER_ONLY=noBOOTPROTO=staticDEFROUTE=yesIPV4_FAILURE_FATAL=noIPV6INIT=yesIPV6_AUTOCONF=yesIPV6_DEFROUTE=yesIPV6_FAILURE_FATAL=noIPV6_ADDR_GEN_MODE=stable-privacyNAME=ens33DEVICE=ens33ONBOOT=yesIPADDR=192.168.130.118NETMASK=255.255.255.0GATEWAY=192.168.130.116DNS1=119.29.29.29

安装nginx 需要在能外网通信的时候安装

[root@lynn-05~]# yum install -y nginx

启动nginx

[root@lynn-05~]# systemctl start nginx[root@lynn-05~]# ps aux |grep nginxroot21310.00.21229082244?        Ss16:030:00nginx: master process /usr/sbin/nginxnginx21320.00.31232923596?        S16:030:00nginx: worker processnginx21330.00.31232923596?        S16:030:00nginx: worker processnginx21340.00.31232923592?        S16:030:00nginx: worker processnginx21350.00.31232923600?        S16:030:00nginx: worker processroot21420.00.0112676984pts/0S+16:090:00grep--color=auto nginx

给nginx默认主页设置一个标志方便测试

[root@lynn-05~]# echo 'lynn-05' > /usr/share/nginx/html/index.html[root@lynn-05~]# cat /usr/share/nginx/html/index.htmllynn-05

rs2的设置

配置内网ip 192.168.130.128

配置网关 192.168.130.116 （这里的网关为分发器的内网ip）

[root@lynn-06 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33TYPE=EthernetPROXY_METHOD=noneBROWSER_ONLY=noBOOTPROTO=staticDEFROUTE=yesIPV4_FAILURE_FATAL=noIPV6INIT=yesIPV6_AUTOCONF=yesIPV6_DEFROUTE=yesIPV6_FAILURE_FATAL=noIPV6_ADDR_GEN_MODE=stable-privacyNAME=ens33UUID=fef8a686-6a1e-49bc-b03e-7797fc4c58bbDEVICE=ens33ONBOOT=yesIPADDR=192.168.130.128NETMASK=255.255.255.0GATEWAY=192.168.130.116DNS1=119.29.29.29

安装nginx 需要在能外网通信的时候安装

[root@lynn-06~]# yum install -y nginx

启动nginx

[root@lynn-06~]# systemctl start nginx[root@lynn-06~]# ps aux |grep nginxroot36150.00.21229082244?        Ss11:030:00nginx: master process /usr/sbin/nginxnginx36160.00.31232923348?        S11:030:00nginx: worker processnginx36170.00.31232923600?        S11:030:00nginx: worker processnginx36180.00.31232923600?        S11:030:00nginx: worker processnginx36190.00.31232923600?        S11:030:00nginx: worker processroot534550.00.0112676984pts/0S+16:100:00grep--color=auto nginx

给nginx默认主页设置一个标志方便测试

[root@lynn-06~]# echo 'lynn-06' > /usr/share/nginx/html/index.html[root@lynn-06~]# cat /usr/share/nginx/html/index.htmllynn-06

测试

通过外网ip访问

[root@lynn-04 ~]#curl192.168.214.116lynn-05[root@lynn-04 ~]#curl192.168.214.116lynn-06[root@lynn-04 ~]#curl192.168.214.116lynn-05[root@lynn-04 ~]#curl192.168.214.116lynn-06[root@lynn-04 ~]#curl192.168.214.116lynn-05[root@lynn-04 ~]#curl192.168.214.116lynn-06