真机可以上网,怎么才能让真机上的虚拟机也能上网?
1.真机上的设定:
su - 切换到root用户下进行下列操作
打开配置文件 vim /etc/sysconfig/network-scripts/ifcfg-br0
删除文件中的网关GATEWAY并保存
systemctl restart network 重启网络
查看resolv.conf
vim /etc/resolv.conf
开启防火墙,
1.systemctl start firewalld 开启防火墙
systemctl enable firewalld 禁用防火墙
2.firewall-cmd --add-masquerade (添加伪装)
firewall-cmd --permanent --add-masquerade (--permanent 永久添加)
3.firewall-cmd --reload 加载防火墙
4.firewall-cmd --list-all 列出防火墙信息
systemctl restart network 重启网络
虚拟机上的设定:
如果虚拟机是静态网络可直接下面操作,如果是动态网络,将动态改为静态再进行下面的操作。
1.添加网关
vim /etc/sysconfig/network/
GATEWAY=172.25.254.77 (这里的ip是我的真机ip)
systemctl restart network 重启网络
2.设定外网解析
vim /etc/resolv.conf
nameserver 114.114.114.114
3.进行测试
ping www.baidu
能够ping通 说明实验成功。
4.注意:如果还有问题,并不能上网。那么执行 (查看内核路由功能是否开启。)
[root@foundation77 ~]# sysctl -a | grep ip_forward
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_use_pmtu = 0
若 net.ipv4.ip_forward = 0
则表示内核路由未开启。
修改方法:
1.临时修改:sysctl -w net.ipv4.ip_forward = 1
2.永久修改方法:
vim /etc/sysctl.conf
net.ipv4.ip_forward = 1 (写入)
保存之后,执行命令
systemctl restart network
若 net.ipv4.ip_forward = 1 则表示开启。
二、使用iptables的策略
基本思想也是使用masquerade的方法,将从虚拟机发出的数据包其源IP,替换可上网的的IP,从而,将数据包发送到公网上去。
下面分别从可连网的真机(RHEL7.3)和虚拟机(RHEL7.2)两个角度进行配置的说明:
真机
step1.安装iptables的服务软件
//step1.安装iptables的服务软件,首先进行查询iptables
[root@foundation8 kiosk]# yum search iptables
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
============================ N/S matched: iptables =============================
iptables-devel.i686 : Development package for iptables
iptables-devel.x86_64 : Development package for iptables
iptables-services.x86_64 : iptables and ip6tables services for iptables
iptables.i686 : Tools for managing Linux kernel packet filtering capabilities
iptables.x86_64 : Tools for managing Linux kernel packet filtering capabilities
Name and summary matches only, use "search all" for everything.
//找到我们想要安装的包后直接yum安装
[root@foundation8 kiosk]# yum install iptables-services.x86_64 -y
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Resolving Dependencies
--> Running transaction check
---> Package iptables-services.x86_64 0:1.4.21-17.el7 will be installed
--> Finished Dependency Resolution
……
Installed:
iptables-services.x86_64 0:1.4.21-17.el7
Complete!
//安装成功
step2.启动该服务
systemctl start iptables.service
systemctl enable iptables.service
step3.关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
step4.清空原有的iptables策略
//查看原有策略
[root@foundation8 kiosk]# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
//清空原有策略
[root@foundation8 kiosk]# iptables -F
//保存修改
[root@foundation8 kiosk]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
//再次查看,策略已经全部清除了
[root@foundation8 kiosk]# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
step5.添加iptables策略
//注意:wlp2s0是本机可联网的网卡,192.168.1.100是本机可联网的ip
具体的可以通过ifconfig这个命令进行查看
iptables -t nat -A POSTROUTING -o wlp2s0 -j SNAT --to-source 192.168.1.100
step6.开启路由转发机制
//服务器作为网关的时候需要把这个功能开启
[root@foundation8 kiosk]# sysctl -a | grep ip_forward
net.ipv4.ip_forward = 0
net.ipv4.ip_forward_use_pmtu = 0
//如果`net.ipv4.ip_forward = 0`,那么需要编辑文件进行修改
vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
虚拟机
step1:设置网关
使用你熟悉的任何一种方法将虚拟机的网关设置为真机的ip,我下面展示的是直接配置网卡信息的方法
#vim /etc/sysconfig/network-scripts/ifcfg-ens3 //注意:网卡视情况而定,或许你的是eth0,eth1等等
然后,添加网关信息
#GATEWAY=172.25.8.250
重启动网络服务
#systemctl restart network
再次查看网关情况,成功添加
## route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.25.8.250 0.0.0.0 UG 100 0 0 ens3
172.25.8.0 0.0.0.0 255.255.255.0 U 100 0 0 ens3
step2:测试外网IP
首先,用真机测ping www.baidu,得到www.baidu的ip,然后,在虚拟机里面进行测试ip
//真机测试
[root@foundation8 kiosk]# ping www.baidu
PING www.a.shifen (119.75.213.61) 56(84) bytes of data.
64 bytes from 119.75.213.61 (119.75.213.61): icmp_seq=1 ttl=52 time=76.7 ms
64 bytes from 119.75.213.61 (119.75.213.61): icmp_seq=2 ttl=52 time=74.9 ms
^C
--- www.a.shifen ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 74.917/75.845/76.774/0.968 ms
//虚拟机测试
[root@foundation8 kiosk]# ping 119.75.216.20
PING 119.75.216.20 (119.75.216.20) 56(84) bytes of data.
64 bytes from 119.75.216.20: icmp_seq=1 ttl=51 time=67.9 ms
64 bytes from 119.75.216.20: icmp_seq=2 ttl=51 time=79.9 ms
64 bytes from 119.75.216.20: icmp_seq=3 ttl=51 time=67.8 ms
^C
--- 119.75.216.20 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 67.856/71.935/79.972/5.691 ms
//操作显示,此时的虚拟机已经可以通过ping IP的方式连接到外网了
但是,这个时候ping www.baidu是不能成功的如下,所以,需要我们去进行域名的解析
[root@master ~]# ping www.baidu
ping: unknown host www.baidu
step3.设置DNS
[root@master ~]# cat /etc/resolv.conf
# Generated by NetworkManager
# No nameservers found; try putting DNS servers into your
# ifcfg files in /etc/sysconfig/network-scripts like so:
#
# DNS1=xxx.xxx.xxx.xxx
# DNS2=xxx.xxx.xxx.xxx
# DOMAIN=lab.foo bar.foo
nameserver 211.137.96.205 //设置DNS服务器的IP
step4:域名访问
//虚拟机
[root@master ~]# ping www.baidu
PING www.a.shifen (111.13.100.92) 56(84) bytes of data.
64 bytes from sc.10086.defaultbadlist (111.13.100.92): icmp_seq=1 ttl=40 time=52.6 ms
64 bytes from sc.10086.defaultbadlist (111.13.100.92): icmp_seq=2 ttl=40 time=79.5 ms
64 bytes from sc.10086.defaultbadlist (111.13.100.92): icmp_seq=3 ttl=40 time=55.7 ms
真机可以上网,怎么才能让真机上的虚拟机也能上网?
1.真机上的设定:
su - 切换到root用户下进行下列操作
打开配置文件 vim /etc/sysconfig/network-scripts/ifcfg-br0
删除文件中的网关GATEWAY并保存
systemctl restart network 重启网络
查看resolv.conf
vim /etc/resolv.conf
开启防火墙,
1.systemctl start firewalld 开启防火墙
systemctl enable firewalld 禁用防火墙
2.firewall-cmd --add-masquerade (添加伪装)
firewall-cmd --permanent --add-masquerade (--permanent 永久添加)
3.firewall-cmd --reload 加载防火墙
4.firewall-cmd --list-all 列出防火墙信息
systemctl restart network 重启网络
虚拟机上的设定:
如果虚拟机是静态网络可直接下面操作,如果是动态网络,将动态改为静态再进行下面的操作。
1.添加网关
vim /etc/sysconfig/network/
GATEWAY=172.25.254.77 (这里的ip是我的真机ip)
systemctl restart network 重启网络
2.设定外网解析
vim /etc/resolv.conf
nameserver 114.114.114.114
3.进行测试
ping www.baidu
能够ping通 说明实验成功。
4.注意:如果还有问题,并不能上网。那么执行 (查看内核路由功能是否开启。)
[root@foundation77 ~]# sysctl -a | grep ip_forward
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_use_pmtu = 0
若 net.ipv4.ip_forward = 0
则表示内核路由未开启。
修改方法:
1.临时修改:sysctl -w net.ipv4.ip_forward = 1
2.永久修改方法:
vim /etc/sysctl.conf
net.ipv4.ip_forward = 1 (写入)
保存之后,执行命令
systemctl restart network
若 net.ipv4.ip_forward = 1 则表示开启。
二、使用iptables的策略
基本思想也是使用masquerade的方法,将从虚拟机发出的数据包其源IP,替换可上网的的IP,从而,将数据包发送到公网上去。
下面分别从可连网的真机(RHEL7.3)和虚拟机(RHEL7.2)两个角度进行配置的说明:
真机
step1.安装iptables的服务软件
//step1.安装iptables的服务软件,首先进行查询iptables
[root@foundation8 kiosk]# yum search iptables
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
============================ N/S matched: iptables =============================
iptables-devel.i686 : Development package for iptables
iptables-devel.x86_64 : Development package for iptables
iptables-services.x86_64 : iptables and ip6tables services for iptables
iptables.i686 : Tools for managing Linux kernel packet filtering capabilities
iptables.x86_64 : Tools for managing Linux kernel packet filtering capabilities
Name and summary matches only, use "search all" for everything.
//找到我们想要安装的包后直接yum安装
[root@foundation8 kiosk]# yum install iptables-services.x86_64 -y
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered to Red Hat Subscription Management. You can use subscription-manager to register.
Resolving Dependencies
--> Running transaction check
---> Package iptables-services.x86_64 0:1.4.21-17.el7 will be installed
--> Finished Dependency Resolution
……
Installed:
iptables-services.x86_64 0:1.4.21-17.el7
Complete!
//安装成功
step2.启动该服务
systemctl start iptables.service
systemctl enable iptables.service
step3.关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
step4.清空原有的iptables策略
//查看原有策略
[root@foundation8 kiosk]# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW tcp dpt:22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
//清空原有策略
[root@foundation8 kiosk]# iptables -F
//保存修改
[root@foundation8 kiosk]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[ OK ]
//再次查看,策略已经全部清除了
[root@foundation8 kiosk]# iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
step5.添加iptables策略
//注意:wlp2s0是本机可联网的网卡,192.168.1.100是本机可联网的ip
具体的可以通过ifconfig这个命令进行查看
iptables -t nat -A POSTROUTING -o wlp2s0 -j SNAT --to-source 192.168.1.100
step6.开启路由转发机制
//服务器作为网关的时候需要把这个功能开启
[root@foundation8 kiosk]# sysctl -a | grep ip_forward
net.ipv4.ip_forward = 0
net.ipv4.ip_forward_use_pmtu = 0
//如果`net.ipv4.ip_forward = 0`,那么需要编辑文件进行修改
vim /etc/sysctl.conf
net.ipv4.ip_forward = 1
虚拟机
step1:设置网关
使用你熟悉的任何一种方法将虚拟机的网关设置为真机的ip,我下面展示的是直接配置网卡信息的方法
#vim /etc/sysconfig/network-scripts/ifcfg-ens3 //注意:网卡视情况而定,或许你的是eth0,eth1等等
然后,添加网关信息
#GATEWAY=172.25.8.250
重启动网络服务
#systemctl restart network
再次查看网关情况,成功添加
## route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.25.8.250 0.0.0.0 UG 100 0 0 ens3
172.25.8.0 0.0.0.0 255.255.255.0 U 100 0 0 ens3
step2:测试外网IP
首先,用真机测ping www.baidu,得到www.baidu的ip,然后,在虚拟机里面进行测试ip
//真机测试
[root@foundation8 kiosk]# ping www.baidu
PING www.a.shifen (119.75.213.61) 56(84) bytes of data.
64 bytes from 119.75.213.61 (119.75.213.61): icmp_seq=1 ttl=52 time=76.7 ms
64 bytes from 119.75.213.61 (119.75.213.61): icmp_seq=2 ttl=52 time=74.9 ms
^C
--- www.a.shifen ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 74.917/75.845/76.774/0.968 ms
//虚拟机测试
[root@foundation8 kiosk]# ping 119.75.216.20
PING 119.75.216.20 (119.75.216.20) 56(84) bytes of data.
64 bytes from 119.75.216.20: icmp_seq=1 ttl=51 time=67.9 ms
64 bytes from 119.75.216.20: icmp_seq=2 ttl=51 time=79.9 ms
64 bytes from 119.75.216.20: icmp_seq=3 ttl=51 time=67.8 ms
^C
--- 119.75.216.20 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 67.856/71.935/79.972/5.691 ms
//操作显示,此时的虚拟机已经可以通过ping IP的方式连接到外网了
但是,这个时候ping www.baidu是不能成功的如下,所以,需要我们去进行域名的解析
[root@master ~]# ping www.baidu
ping: unknown host www.baidu
step3.设置DNS
[root@master ~]# cat /etc/resolv.conf
# Generated by NetworkManager
# No nameservers found; try putting DNS servers into your
# ifcfg files in /etc/sysconfig/network-scripts like so:
#
# DNS1=xxx.xxx.xxx.xxx
# DNS2=xxx.xxx.xxx.xxx
# DOMAIN=lab.foo bar.foo
nameserver 211.137.96.205 //设置DNS服务器的IP
step4:域名访问
//虚拟机
[root@master ~]# ping www.baidu
PING www.a.shifen (111.13.100.92) 56(84) bytes of data.
64 bytes from sc.10086.defaultbadlist (111.13.100.92): icmp_seq=1 ttl=40 time=52.6 ms
64 bytes from sc.10086.defaultbadlist (111.13.100.92): icmp_seq=2 ttl=40 time=79.5 ms
64 bytes from sc.10086.defaultbadlist (111.13.100.92): icmp_seq=3 ttl=40 time=55.7 ms