ÔõÑùÔÚlinuxÉÏÉèÖø߿ÉÓõÄnatÍø¹Ø

ͻ񻣼

ÍøÂçµØµãת»»£¨NAT£©ÊÇÒ»ÖÖ³£ÓõÄÍøÂçÊÖÒÕ£¬ÓÃÓÚ½«Ë½ÓÐÍøÂçµÄIPµØµãת»»Îª¹«¹²ÍøÂçµÄIPµØµã

¡£ÔÚLinuxϵͳÉÏ£¬ÉèÖø߿ÉÓõÄNATÍø¹Ø¿ÉÒÔÌá¸ßÍøÂçµÄ¿ÉÓÃÐԺͿɿ¿ÐÔ

¡£±¾ÎĽ«ÏÈÈÝÔõÑùʹÓÃKeepalivedºÍiptables¹¤¾ß£¬ÔÚLinuxÉÏÉèÖø߿ÉÓõÄNATÍø¹Ø

¡£

Òªº¦´Ê£ºNAT¡¢¸ß¿ÉÓá¢Keepalived¡¢iptables

СÐò£º

ÔÚÏÖ´úµÄÍøÂçÇéÐÎÖÐ£¬ÍøÂçµÄ¿ÉÓÃÐԺͿɿ¿ÐÔÊǺÜÊÇÖ÷ÒªµÄ

¡£ÎªÁËʵÏÖ´ËÄ¿µÄ£¬ÉèÖø߿ÉÓõÄNATÍø¹ØºÜÊÇÒªº¦

¡£¸ß¿ÉÓõÄNATÍø¹Ø¿ÉÒÔÔÚÖ÷±¸Ä£Ê½ÏÂÊÂÇé£¬ÒÔÈ·±£µ±Ö÷»ú±¬·¢¹ÊÕÏʱ£¬±¸ÓÃÍø¹ØÄܹ»×Ô¶¯½ÓÊÜÊÂÇé£¬²¢¼á³ÖÍøÂç¼ÌÐøÔËÐÐ

¡£

°ì·¨1£º×°ÖúÍÉèÖÃKeepalived

1.1 ×°ÖÃKeepalivedÈí¼þ°ü£º

ÔÚÖÕ¶ËÖÐÔËÐÐÒÔÏÂÏÂÁî×°ÖÃKeepalivedÈí¼þ°ü£º

sudo apt-get install keepalived

1.2 ÉèÖÃKeepalived£º

½øÈëKeepalivedµÄÉèÖÃÎļþĿ¼£¬²¢½¨ÉèÒ»¸öÃûΪkeepalived.confµÄÉèÖÃÎļþ

¡£Ê¹ÓÃÒÔÏÂʾÀýÉèÖÃ£¬Æ¾Ö¤ÏÖÕæÏàÐξÙÐÐÐ޸ģº

global_defs {

router_id NatRouter

}

vrrp_script check_nat_gateway {

script “pidof keepalived”

interval 2

weight -1

}

vrrp_instance NatGateway {

state MASTER

interface eth0

virtual_router_id 1

priority 100

advert_int 1

authentication {

  auth_type PASS
  auth_pass YourPasswordHere

µÇ¼ºó¸´ÖÆ

}

virtual_ipaddress {

  192.168.1.1/24

µÇ¼ºó¸´ÖÆ

}

track_script {

  check_nat_gateway

µÇ¼ºó¸´ÖÆ

}

}

ÉúÑIJ¢Í˳öÉèÖÃÎļþ

¡£

°ì·¨2£ºÉèÖÃiptables

ΪÁËʵÏָ߿ÉÓõÄNATÍø¹Ø£¬ÎÒÃÇ»¹ÐèÒªÉèÖÃiptables£¬Ê¹Æä¿ÉÒÔ׼ȷת·¢ºÍ´¦ÀíÍøÂçÁ÷Á¿

¡£

2.1 ÆôÓÃIPת·¢£º

·­¿ª/etc/sysctl.confÎļþ£¬²¢ÕÒµ½ÒÔÏÂÐУº

net.ipv4.ip_forward=1

×÷·Ï×¢Ê͸ÃÐÐ£¬Ê¹Æä±äΪ£º

net.ipv4.ip_forward=1

ÉúÑIJ¢Í˳öÎļþ

¡£È»ºó£¬ÔÚÖÕ¶ËÖÐÔËÐÐÒÔÏÂÏÂÁîʹÐÞ¸ÄÉúЧ£º

sudo sysctl -p

2.2 ÉèÖÃiptables£º

ÔÚÖÕ¶ËÖÐÔËÐÐÒÔÏÂÏÂÁîÉèÖÃiptables£º

sudo iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

ÉúÑÄiptables¹æÔò£¬²¢½«ÆäдÈ볤ÆÚÐÔ¹æÔòÎļþ£¬Ê¹ÆäÔÚϵͳÖØÐÂÆô¶¯Ê±ÉúЧ£º

sudo iptables-save | sudo tee /etc/iptables/rules.v4

°ì·¨3£ºÆô¶¯ºÍ²âÊԸ߿ÉÓõÄNATÍø¹Ø

3.1 Æô¶¯KeepalivedЧÀÍ£º

ÔÚÖÕ¶ËÖÐÔËÐÐÒÔÏÂÏÂÁîÆô¶¯KeepalivedЧÀÍ£º

sudo service keepalived start

3.2 ²âÊԸ߿ÉÓÃÐÔ£º

ͨ¹ýpingÏÂÁî²âÊԸ߿ÉÓõÄNATÍø¹Ø

¡£´ÓÁíһ̨ÅÌËã»úpingÐéÄâIPµØµã£¨192.168.1.1£©£¬ÈôÊÇÍøÂçÕý³££¬Ôò±¸·ÝÍø¹ØÒÑ׼ȷ½ÓÊÜ

¡£

½áÂÛ£º

ͨ¹ýʹÓÃKeepalivedºÍiptables£¬ÎÒÃÇ¿ÉÒÔÔÚLinuxϵͳÉÏÉèÖø߿ÉÓõÄNATÍø¹Ø

¡£ÕâÖÖÉèÖ÷½·¨È·±£Á˵±Ö÷Íø¹Ø±¬·¢¹ÊÕÏʱ£¬±¸·ÝÍø¹ØÄܹ»×Ô¶¯½ÓÊÜÊÂÇé£¬´Ó¶øÌá¸ßÍøÂçµÄ¿ÉÓÃÐԺͿɿ¿ÐÔ

¡£

²Î¿¼ÎÄÏ×£º

“How To Set Up a High Availability Rolling Update NAT Gateway with Keepalived and HAproxy on Ubuntu 14.04 | DigitalOcean” (https://www.digitalocean.com/community/tutorials/how-to-set-up-a-high-availability-rolling-update-nat-gateway-with-keepalived-and-haproxy-on-ubuntu-14-04)

ÒÔÉϾÍÊÇÔõÑùÔÚLinuxÉÏÉèÖø߿ÉÓõÄNATÍø¹ØµÄÏêϸÄÚÈÝ£¬¸ü¶àÇë¹Ø×¢±¾ÍøÄÚÆäËüÏà¹ØÎÄÕ£¡