本文介绍了一个大学实验室内部网络的配置方案,包括通过H3C802.1X认证实现单账号多PC共享上网的方法,详细说明了Linux服务器作为NAT服务器的配置步骤,以及如何设置DHCP池。
网络环境简介:
需求描述:环境为某大学实验室内部网络,外连接大学校园网,并存在H3C 802.1X认证,仅仅分配一个账号,且Linux服务器仅有一块网卡,要求实现实验室内部PC能够同时上网;
结构搭建如图所示;
例如:PC1的流量经过1--2--3--4出去,nat服务器承担了实验室所有流量的出接口,还可以很据需要加入流量过滤控制;
由于所认证协议本身问题,只能在H3C802.1x在服务器上部署;而不能在无线路由上部署;
服务器配置:
定义ifcfg-eth0
DEVICE="eth0"
NM_CONTROLLED="yes"
ONBOOT=yes
TYPE=Ethernet
BOOTPROTO=none
IPADDR=202.200.155.19
PREFIX=23
DNS1=202.200.144.3
DNS2=61.134.1.4
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth0"
MACADDR=50:E5:49:B7:E2:9F
GATEWAY=202.200.155.254
NM_CONTROLLED="yes"
ONBOOT=yes
TYPE=Ethernet
BOOTPROTO=none
IPADDR=202.200.155.19
PREFIX=23
DNS1=202.200.144.3
DNS2=61.134.1.4
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=no
NAME="System eth0"
MACADDR=50:E5:49:B7:E2:9F
GATEWAY=202.200.155.254
定义ifcfg-eth0:0
DEVICE="eth0:0"
NM_CONTROLLED="yes"
ONBOOT=yes
TYPE=Ethernet
BOOTPROTO=none
IPADDR=10.1.1.1
NETMASK=255.255.255.0
DNS1=202.200.144.3
DNS2=61.134.1.4
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=yes
NAME="System eth0:0"
MACADDR=50:E5:49:B7:E2:9F
PREFIX=24
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
NM_CONTROLLED="yes"
ONBOOT=yes
TYPE=Ethernet
BOOTPROTO=none
IPADDR=10.1.1.1
NETMASK=255.255.255.0
DNS1=202.200.144.3
DNS2=61.134.1.4
DEFROUTE=yes
IPV4_FAILURE_FATAL=yes
IPV6INIT=yes
NAME="System eth0:0"
MACADDR=50:E5:49:B7:E2:9F
PREFIX=24
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
定义本地yum源
cat /etc/yum.repos.d/dvd.repo
[dvd]
name=install dvd
baseurl=file:///mnt/Server
enabled=1
gpgcheck=0
name=install dvd
baseurl=file:///mnt/Server
enabled=1
gpgcheck=0
cat /etc/yum.repos.d/rhel-debuginfo.repo
[rhel-debuginfo]
name=Red Hat Enterprise Linux $releasever - $basearch - Debug
baseurl=file:///mnt/Server
enabled=1
gpgcheck=0
name=Red Hat Enterprise Linux $releasever - $basearch - Debug
baseurl=file:///mnt/Server
enabled=1
gpgcheck=0
NAT配置:内网地址转为eth0的外网地址
service iptables stop
echo "1">/proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 202.200.154.10 -o eth0 -j SNAT --to 202.200.154.126
iptables -t nat -A POSTROUTING -s 202.200.154.11 -o eth0 -j SNAT --to 202.200.154.126
iptables -t nat -A POSTROUTING -s 202.200.154.12 -o eth0 -j SNAT --to 202.200.154.126
iptables -t nat -A POSTROUTING -s 202.200.154.13 -o eth0 -j SNAT --to 202.200.154.126
iptables -t nat -A POSTROUTING -s 202.200.154.14 -o eth0 -j SNAT --to 202.200.154.126
iptables -t nat -A POSTROUTING -s 202.200.154.15 -o eth0 -j SNAT --to 202.200.154.126
echo "1">/proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 202.200.154.10 -o eth0 -j SNAT --to 202.200.154.126
iptables -t nat -A POSTROUTING -s 202.200.154.11 -o eth0 -j SNAT --to 202.200.154.126
iptables -t nat -A POSTROUTING -s 202.200.154.12 -o eth0 -j SNAT --to 202.200.154.126
iptables -t nat -A POSTROUTING -s 202.200.154.13 -o eth0 -j SNAT --to 202.200.154.126
iptables -t nat -A POSTROUTING -s 202.200.154.14 -o eth0 -j SNAT --to 202.200.154.126
iptables -t nat -A POSTROUTING -s 202.200.154.15 -o eth0 -j SNAT --to 202.200.154.126
iptables -t nat -A POSTROUTING -s 10.1.1.0/24 -o eth0 -j SNAT --to 202.200.154.126
定义DHCP池
ddns-update-style interim;
ignore client-updates;
subnet 202.200.154.0 netmask 255.255.254.0
{
option routers 202.200.154.126;
option subnet-mask 255.255.254.0;
option broadcast-address 202.200.155.255;
option domain-name-servers 202.200.144.3,61.134.1.4;
range dynamic-bootp 202.200.154.10 202.200.154.18;
default-lease-time 7200;
max-lease-time 14400;
}
ignore client-updates;
subnet 202.200.154.0 netmask 255.255.254.0
{
option routers 202.200.154.126;
option subnet-mask 255.255.254.0;
option broadcast-address 202.200.155.255;
option domain-name-servers 202.200.144.3,61.134.1.4;
range dynamic-bootp 202.200.154.10 202.200.154.18;
default-lease-time 7200;
max-lease-time 14400;
}
转载于:https://blog.51cto.com/549754832/894738
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
