虛擬機作網關實現局域網上網

虛擬機作網關實現局域網上網

一直都是用的XP經過ADSL上網,因爲XP沒有路由的功能,因此一直只能讓宿主機和客戶機(虛擬機)其中的一個上網.今天突發奇想,用虛擬機作宿主機的網關,造成一個小型局域網上網的模型.

宿主機:XP,192.168.1.11

虛擬機:redhat 9,192.168.1.13

首先要保證linux上已經裝了撥號軟件pppoe

將虛擬機的網關設置去掉

[root@localhost root]# less /etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0

ONBOOT=yes

BOOTPROTO=none

IPADDR=192.168.1.13

NETMASK=255.255.255.0

TYPE=Ethernet

USERCTL=no

PEERDNS=no

NETWORK=192.168.1.0

BROADCAST=192.168.1.255

配置adsl鏈接信息

[root@localhost root]# adsl-setup

Welcome to the ADSL client setup. First, I will run some checks on

your system to make sure the PPPoE client is installed properly...

LOGIN NAME

Enter your Login Name (default root): 輸入adsl賬號

INTERFACE

Enter the Ethernet interface connected to the ADSL modem

For Solaris, this is likely to be something like /dev/hme0.

For Linux, it will be ethX, where 'X' is a number.

(default eth0): 輸入鏈接modem的網卡

Do you want the link to come up on demand, or stay up continuously?

If you want it to come up on demand, enter the idle time in seconds

after which the link should be dropped. If you want the link to

stay up permanently, enter 'no' (two letters, lower-case.)

NOTE: Demand-activated links do not interact well with dynamic IP

addresses. You may have some problems with demand-activated links.

Enter the demand value (default no): 直接回車便可

DNS

Please enter the IP address of your ISP's primary DNS server.

If your ISP claims that 'the server will provide dynamic DNS addresses',

enter 'server' (all lower-case) here.

If you just press enter, I will assume you know what you are

doing and not modify your DNS setup.

Enter the DNS information here: 輸入DNS的地址,若是是由ADSL自動獲取,則輸入server

PASSWORD

Please enter your Password: ADSL的密碼

Please re-enter your Password: 再輸入一次密碼

USERCTRL

Please enter 'yes' (two letters, lower-case.) if you want to allow

normal user to start or stop DSL connection (default yes): 直接回車便可

FIREWALLING

Please choose the firewall rules to use. Note that these rules are

very basic. You are strongly encouraged to use a more sophisticated

firewall setup; however, these will provide basic security. If you

are running any servers on your machine, you must choose 'NONE' and

set up firewalling yourself. Otherwise, the firewall rules will deny

access to all standard servers like Web, e-mail, ftp, etc. If you

are using SSH, the rules will block outgoing SSH connections which

allocate a privileged source port.

The firewall choices are:

0 - NONE: This script will not set any firewall rules. You are responsible

for ensuring the security of your machine. You are STRONGLY

recommended to use some kind of firewall rules.

1 - STANDALONE: Appropriate for a basic stand-alone web-surfing workstation

2 - MASQUERADE: Appropriate for a machine acting as an Internet gateway

for a LAN

Choose a type of firewall (0-2): 是否啓用防火牆,0表示不設

Start this connection at boot time

Do you want to start this connection at boot time?

Please enter no or yes (default no): 是否在系統啓動的時候鏈接.默認是否

** Summary of what you entered ** 以前輸入的全部信息概要以下

Ethernet Interface: eth0

User name: xxx

Activate-on-demand: No

DNS addresses: Supplied by ISP's server

Firewalling: NONE

User Control: yes

Accept these settings and adjust configuration files (y/n)? y 是否寫入配置文件

Adjusting /etc/sysconfig/network-scripts/ifcfg-ppp0

Adjusting /etc/ppp/chap-secrets and /etc/ppp/pap-secrets

(But first backing it up to /etc/ppp/chap-secrets.bak)

(But first backing it up to /etc/ppp/pap-secrets.bak)

Congratulations, it should be all set up!

Type '/sbin/ifup ppp0' to bring up your xDSL link and '/sbin/ifdown ppp0'

to bring it down.

Type '/sbin/adsl-status /etc/sysconfig/network-scripts/ifcfg-ppp0'

to see the link status.

啓動adsl,開始撥號

[root@localhost root]# adsl-start

撥號成功查看當前網絡信息

[root@localhost root]# ifconfig

eth0 Link encap:Ethernet HWaddr 00:0C:XX:XX:XX:XX

inet addr:192.168.1.13 Bcast:192.168.1.255 Mask:255.255.255.0

ppp0 Link encap:Point-to-Point Protocol

inet addr:59.175.103.180 P-t-P:59.175.102.1 Mask:255.255.255.255

UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1492 Metric:1

RX packets:3 errors:0 dropped:0 overruns:0 frame:0

TX packets:3 errors:0 dropped:0 overruns:0 carrier:0

collisions:0 txqueuelen:3

RX bytes:54 (54.0 b) TX bytes:54 (54.0 b)

測試,ping外網域名

[root@localhost root]# ping [url]www.baidu.com[/url]

PING [url]www.a.shifen.com[/url] (220.181.37.4) 56(84) bytes of data.

64 bytes from 220.181.37.4: icmp_seq=1 ttl=52 time=100 ms

64 bytes from 220.181.37.4: icmp_seq=2 ttl=52 time=102 ms

這樣就實現了虛擬機經過ADSL上網,查看當前路由信息

[root@localhost root]# route

Kernel IP routing table

Destination Gateway Genmask Flags Metric Ref Use Iface

59.175.102.1 * 255.255.255.255 UH 0 0 0 ppp0

192.168.1.0 * 255.255.255.0 U 0 0 0 eth0

169.254.0.0 * 255.255.0.0 U 0 0 0 eth0

127.0.0.0 * 255.0.0.0 U 0 0 0 lo

default 59.175.102.1 0.0.0.0 UG 0 0 0 ppp0

默認網關已經指向了外網的出口.

開始啓用轉發和nat,實現內外網的路由和NAT轉換

[root@localhost root]# echo 0 > /proc/sys/net/ipv4/ip_forward

[root@localhost root]# iptables -t filter -F

[root@localhost root]# iptables -t nat -F

[root@localhost root]# iptables -t nat -A POSTROUTING -s 192.168.1.0/24 -j MASQU

ERADE

[root@localhost root]# echo 1 > /proc/sys/net/ipv4/ip_forward

將xp的網關設爲linux的ip192.168.1.13,DNS設爲ADSL的DNS,如武漢的爲202.103.24.68.這樣就能夠在XP上上網了.

在上一篇文章linux作網關的時候,並無使用iptables.例如在linux 1.13上增長另外一個網絡的ip 0.13,只須要使用echo 1 > /proc/sys/net/ipv4/ip_forward來啓用轉發,客戶xp1.11的網關指向1.13就能夠ping通1.13了

由於此時linux只是單純的路由轉發,而它作adsl內網網關的時候發生了NAT,因此須要使用iptables.

記得每次修改IP設置以後要重啓網卡,而且從新啓動轉發

echo 1 > /proc/sys/net/ipv4/ip_forward

附記:

作完linux虛擬機網關的實驗後,關閉vmware回到xp中鏈接adsl,報錯:域上的用戶名/密碼錯誤.禁用本地鏈接發現死在那裏了,啓用的時候報鏈接失敗.只能重啓看看了,誰知道就停在那裏了,不耐煩就按了reset.發如今選擇系統的那個地方停住了,選擇進入安全模式也是停在那個地方.重複若干次都不行.懼怕,懊惱,鬱悶….難道要從新裝系統??拿出系統盤,放入光驅,仍是以爲不甘心,準備嘗試一下,仍然停在那個地方,把插着的U盤拔了,居然就進去了.不禁得長噓一口氣,一場虛驚啊…佛祖保佑….

不過實驗幾回後發現確實有這個問題,修改了本地鏈接以後,再用adsl鏈接會報域上的用戶名/密碼錯誤.沒辦法只好把modem重啓了.