From 0b3f71518cb6c54e7746395f530153e9a364037e Mon Sep 17 00:00:00 2001 From: darksun Date: Sat, 16 Dec 2017 19:18:24 +0800 Subject: [PATCH] =?UTF-8?q?update=20at=202017=E5=B9=B4=2012=E6=9C=88=2016?= =?UTF-8?q?=E6=97=A5=20=E6=98=9F=E6=9C=9F=E5=85=AD=2019:18:24=20CST?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...entOS-RHEL 6 or 7 machine into a router.md | 87 ------------------ ...entOS-RHEL 6 or 7 machine into a router.md | 91 +++++++++++++++++++ 2 files changed, 91 insertions(+), 87 deletions(-) delete mode 100644 sources/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md create mode 100644 translated/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md diff --git a/sources/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md b/sources/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md deleted file mode 100644 index ae2cd9e2b2..0000000000 --- a/sources/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md +++ /dev/null @@ -1,87 +0,0 @@ -Translate by lujun9972 -Turning a CentOS/RHEL 6 or 7 machine into a router -====== -In this tutorial we are going to learn to convert RHEL/CentOS 6 & 7 machines into a router by using NATting. Router as we know is layer 3 networking device that is used to connect 2 or more networks i.e. either connecting LAN to WAN or LAN to LAN etc. Router devices are quite expensive & especially for small organizations, that might be a reason for concern. So rather than using a dedicated Hardware, we can use any Linux machine & convert it into a router. -We will be discussing process for both RHEL/CentOS 6 & 7\. But before we do that, let's discuss the things we will be needing for our setup. - -### Prerequisite - -**1-** A machine with either RHEL/CentOS 6 or 7 installed -**2-** Two NICs to assign local IP address & WAN IP address respectively - -We must assign IP address to both network interface cards, one IP should be for local area network (information regarding it will be provided by our Network administrator) & other IP should be to access internet, information for WAN IP will be provided by ISP. For example - - **Ifcfg-en0s3 192.168.1.1** (LAN IP address) -**Ifcfg-en0s5 10.1.1.1 ** (WAN IP address) - - **Note** - Change the interface name according to Linux distro being used. - -Now that we have what we need, we will move onto the setup - -### Step 1 Enabling IP forwarding - -Firstly we will enable IP forwarding on the machine. Process of doing same is same in both RHEL/CentOS 6 & 7\. To enable IP forwarding, run - -``` -$ sysctl -w net.ipv4.ip_forward=1 -``` - -But this will not persist on system reboot. To make it survive a system reboot, open - -``` -$ vi /etc/sysctl.conf -``` - -& enter the following to the file, - -``` -net.ipv4.ip_forward = 1 -``` - -Save file & exit. IP forwarding has now been enabled on the system. - -### Step 2 Configuring IPtables/Firewalld rules - -Next we need to start services of IPtables/firewalld on our systems to configure the NATting rule, - -``` -$ systemctl start firewalld (For Centos/RHEL 7) -$ service iptables start (For Centos/RHEL 6) -``` - -Next step is to configure the NATting rule on the firewall. Run the following command, - -``` -CentOS/RHEL 6 -$ iptables -t nat -A POSTROUTING -o XXXX -j MASQUERADE -$ service iptables restart CentOS/RHEL 7 -$ firewall-cmd -permanent -direct -passthrough ipv4 -t nat -I POSTROUTING -o XXXX -j MASQUERADE -s 192.168.1.0/24 -$ systemctl restart firewalld -``` - -Here, **XXXX** is the name of the network interface with the WAN IP address. This completes configuration of Linux machine as router, next we will test our router after configuring a client machine. - -### Step 3 Configuring the client machine - -To test the router, we need to assign the internal (LAN) IP address as gateway on our client machine, its 192.168.1.1 in our case. So whether using a Windows machine or linux machine as client, make sure that we have 192.168.1.1 as our gateway. Once that's done, open terminal/CMD run a ping test against a website to make sure that internet is accessible on client machine, - - **$ ping google.com -** - -We can also check by browsing websites via our web browser. - - --------------------------------------------------------------------------------- - -via: http://linuxtechlab.com/turning-centosrhel-6-7-machine-router/ - -作者:[][a] -译者:[lujun9972](https://github.com/lujun9972) -校对:[校对者ID](https://github.com/校对者ID) - -本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 - -[a]:http://linuxtechlab.com -[1]:https://www.facebook.com/linuxtechlab/ -[2]:https://twitter.com/LinuxTechLab -[3]:https://plus.google.com/+linuxtechlab diff --git a/translated/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md b/translated/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md new file mode 100644 index 0000000000..97f04f1384 --- /dev/null +++ b/translated/tech/20171213 Turning a CentOS-RHEL 6 or 7 machine into a router.md @@ -0,0 +1,91 @@ +将安装了 CentOS/RHEL 6/7 的机器转变成路由器 +====== +在本文中,我们将学习通过使用 NAT 技术将安装有 RHEL/CentOS 6 & 7 的及其转变成路由器来用。 我们都知道,路由器是一个工作在第三层的网络设备,用于将 2 个或多个网络连接在一起,即将局域网连接上广域网上或者局域网直接互联。 路由器非常昂贵,尤其对于小型组织来说更是如此,这可能是我们关注路由器的一个原因。 与其使用专用硬件,不如让我们用 Linux 机器转换成路由器来用。 + +RHEL/CentOS 6 和 7 上的操作过程我们都会讲。但在开始之前, 让我们先看看需要准备那些东西。 + +### 前期条件 + +1- 一台装有 RHEL/CentOS 6 或 7 的机器 + +2- 两块分别配有本地 IP 和外网 IP 的网卡 + +我们需要为两个网卡都分配 IP 地址,一个本地网络的 IP( 由我们的网络管理员提供),另一个是互联网 IP( 由 ISP 提供)。 像这样: + +``` +Ifcfg-en0s3 192.168.1.1 (LAN IP address) +Ifcfg-en0s5 10.1.1.1 (WAN IP address) +``` + +**注意** - 不同 Linux 发行版的网卡名是不一样的。 + +现在准备工作完成了,可以进行配置了。 + +### 步骤 1 启用 IP 转发 + +第一步,我们启用 IP 转发。 这一步在 RHEL/CentOS 6 和 7 上是相同的。 运行 + +``` +$ sysctl -w net.ipv4.ip_forward=1 +``` + +但是这样会在系统重启后恢复。要让重启后依然生效需要打开 + +``` +$ vi /etc/sysctl.conf +``` + +然后输入下面内容, + +``` +net.ipv4.ip_forward = 1 +``` + +保存并退出。现在系统就启用 IP 转发了。 + +### 步骤 2 配置 IPtables/Firewalld 的规则 + +下一步我们需要启动 IPtables/firewalld 服务并配置 NAT 规则, + +``` +$ systemctl start firewalld (For Centos/RHEL 7) +$ service iptables start (For Centos/RHEL 6) +``` + +然后运行下面命令来配置防火墙的 NAT 规则: + +``` +CentOS/RHEL 6 +$ iptables -t nat -A POSTROUTING -o XXXX -j MASQUERADE +$ service iptables restart +CentOS/RHEL 7 +$ firewall-cmd -permanent -direct -passthrough ipv4 -t nat -I POSTROUTING -o XXXX -j MASQUERADE -s 192.168.1.0/24 +$ systemctl restart firewalld +``` +这里,**XXXX** 是配置有外网 IP 的那个网卡名称。 这就将 Linux 及其配置成了路由器了, 下面我们就可以配置客户端然后测试路由器了。 + +### 步骤 3 配置客户端 + +要测试路由器,我们需要在客户端的网关设置成内网 IP, 本例中就是 192.168.1.1。 因此不管客户机是 Windows 还是 Linux, 请先确保网关是 192.168.1.1。 完成后, 打开终端 /CMD 并 ping 一个网站来测试客户端是否能访问互联网了: + +``` +$ ping google.com +``` + +我们也可以通过网络浏览器访问网站的方式来检查。 + + +-------------------------------------------------------------------------------- + +via: http://linuxtechlab.com/turning-centosrhel-6-7-machine-router/ + +作者:[Shusain][a] +译者:[lujun9972](https://github.com/lujun9972) +校对:[校对者ID](https://github.com/校对者ID) + +本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出 + +[a]:http://linuxtechlab.com/author/shsuain/ +[1]:https://www.facebook.com/linuxtechlab/ +[2]:https://twitter.com/LinuxTechLab +[3]:https://plus.google.com/+linuxtechlab