公司新发展了一个双线机房,为解决南北访问的问题,我把服务器托管到一个双线机房。经过反复调试,终于完成相应的配置。现将配置过程简明记录如下,供大家参考。
一、服务器状态
网通使用第一块网卡(eth0):
IP:218.57.200.242
掩码:255.255.255.0
网关:218.57.200.1
DNS1:202.102.152.3
DNS2:202.102.128.68
电信使用第二块网卡(eth1):
IP:222.173.254.21
掩码:255.255.255.240
网关:222.173.254.17
DNS1:219.146.0.130
DNS2:219.150.32.132
二、配置网卡:
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=none
IPADDR=218.57.200.242
NETMASK=255.255.255.0
GATEWAY=218.57.200.1
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
PEERDNS=yes
#vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth1
ONBOOT=yes
BOOTPROTO=none
IPADDR=222.173.254.21
NETMASK=255.255.255.240
GATEWAY=222.173.254.17
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
PEERDNS=yes
# vi /etc/sysconfig/network-scripts/route-eth1
GATEWAY0=218.57.200.1
NETMASK0=255.255.255.0
ADDRESS0=218.57.200.242
# vi /etc/sysconfig/networking/profiles/default/resolv.conf
nameserver 202.102.152.3
nameserver 202.102.128.68
三、配置路由表
# vi /etc/iproute2/rt_tables,增加网通和电信两个路由表
252 cnc
251 tel
设置网通的路由表
# ip route add 218.57.200.0/24 via 218.57.200.242 dev eth0 table cnc
# ip route add 127.0.0.0/8 dev lo table cnc
# ip route add default via 218.57.200.1 dev eth0 table cnc
设置电信的路由表
ip route add 222.173.254.0/24 via 222.173.254.21 dev eth1 table tel
ip route add 127.0.0.0/8 dev lo table tel
ip route add default via 222.173.254.17 dev eth1 table tel
制定策略,让222.173.254.21的回应数据包走电信的路由表路由,218.57.200.242的回应数据包走网通的路由表路由
ip rule add from 222.173.254.21 table tel
ip rule add from 218.57.200.242 table cnc
修改IP转发文件
# vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
kernel.sysrq = 0
设置静态路由表文件
# vi /etc/sysconfig/static-routes
eth0 net 218.57.200.242 netmask 255.255.255.0 gw 218.57.200.1
eth1 net 222.173.254.21 netmask 255.255.255.240 gw 222.173.254.17
将从两个WAN口出去的数据包进行IP伪装masquerade
# /sbin/modprobe ip_conntrack_ftp
# /sbin/modprobe ip_nat_ftp
# /sbin/iptables -t nat -A postrouting -o eth0 -j masquerade
# /sbin/iptables -t nat -A postrouting -o eth1 -j masquerade
设置默认网关为网通
# route add default gw 222.173.254.17
增加出口路由策略,客户端是网通的走网通线路,其余走电信线路。
ip rule add to 121.16.0.0/13 table cnc
ip rule add to 121.24.0.0/14 table cnc
ip rule add to 121.28.0.0/15 table cnc
ip rule add to 121.30.0.0/16 table cnc
ip rule add to 121.31.0.0/16 table cnc
其余省略...
刷新路由表
ip route flush cache
四、配置DNS
在服务器上配置自己的DNS解析,将域名服务器商处的域名解析指向服务器。
这样,来自网通的查询,将反馈网站网通的IP,其余反馈电信的IP。
配置named.conf
view "cnc" {
match-clients {121.16.0.0/13;121.24.0.0/14;121.28.0.0/15;121.30.0.0/16;121.31.0.0/16;121.47.0.0/16;121.76.0.0/16;121.77.0.0/16;122.192.0.0/14;122.198.192.0/18;123.199.128.0/20;124.108.40.0/21;124.128.0.0/13;124.160.0.0/16;124.161.0.0/16;124.162.0.0/16;124.163.0.0/16;其余省略...;}
recursion yes;
zone "xtjc.com" {
type master;
file "/var/named/xtjc.com.cnc";
};
};
view "other" {
match-clients { any; };
recursion no;
zone "xtjc.com" {
type master;
file "/var/named/xtjc.com";
};
};
配置xtjc.com.cnc,对应网通IP
$TTL 86400
@ IN SOA xtjc.com. root (
2006111800 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS xtjc.com.
IN A 218.57.200.242
IN MX 10 mail
www IN A 218.57.200.242
ns1 IN A 218.57.200.242
ns IN A 222.173.254.21
mail IN A 218.57.200.242
1 IN PTR localhost.
配置xtjc.com,对应电信IP
$TTL 86400
@ IN SOA xtjc.com. root (
2006111800 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS xtjc.com.
IN A 222.173.254.21
IN MX 10 mail
www IN A 222.173.254.21
ns IN A 222.173.254.21
ns1 IN A 218.57.200.242
mail IN A 222.173.254.21
1 IN PTR localhost.
配置222.173.254.zone、218.57.200.zone做反向解析;
$TTL 86400
@ IN SOA xtjc.com. root.xtjc.com. (
2006111813
3600
7200
3600000
86400 )
IN NS localhost.
242 IN PTR [url]www.xtjc.com.[/url]
242 IN PTR ns1.xtjc.com.
242 IN PTR mail.xtjc.com.
五、配置apache,做好虚拟主机设置
# vi /usr/local/apache/conf/httpd.conf
NameVirtualHost 218.57.200.242:80
NameVirtualHost 222.173.254.21:80
ServerName xxx.com
DocumentRoot /www/html/
ServerAdmin [url=mailto:webmaster@xxx.com]webmaster@xxx.com[/url]ErrorLog logs/xtjc.com-error_log
ServerName [url]www.xtjc.com[/url]
DocumentRoot /var/www/html/xtjc.com
ServerAdmin [email]webmaster@xtjc.com[/email]
ErrorLog logs/xtjc.com-error_log
CustomLog "|/usr/local/sbin/cronolog /var/log/httpd/xtjc.com-access_log.%Y%m%d" combined
一、服务器状态
网通使用第一块网卡(eth0):
IP:218.57.200.242
掩码:255.255.255.0
网关:218.57.200.1
DNS1:202.102.152.3
DNS2:202.102.128.68
电信使用第二块网卡(eth1):
IP:222.173.254.21
掩码:255.255.255.240
网关:222.173.254.17
DNS1:219.146.0.130
DNS2:219.150.32.132
二、配置网卡:
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=none
IPADDR=218.57.200.242
NETMASK=255.255.255.0
GATEWAY=218.57.200.1
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
PEERDNS=yes
#vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth1
ONBOOT=yes
BOOTPROTO=none
IPADDR=222.173.254.21
NETMASK=255.255.255.240
GATEWAY=222.173.254.17
TYPE=Ethernet
USERCTL=no
IPV6INIT=no
PEERDNS=yes
# vi /etc/sysconfig/network-scripts/route-eth1
GATEWAY0=218.57.200.1
NETMASK0=255.255.255.0
ADDRESS0=218.57.200.242
# vi /etc/sysconfig/networking/profiles/default/resolv.conf
nameserver 202.102.152.3
nameserver 202.102.128.68
三、配置路由表
# vi /etc/iproute2/rt_tables,增加网通和电信两个路由表
252 cnc
251 tel
设置网通的路由表
# ip route add 218.57.200.0/24 via 218.57.200.242 dev eth0 table cnc
# ip route add 127.0.0.0/8 dev lo table cnc
# ip route add default via 218.57.200.1 dev eth0 table cnc
设置电信的路由表
ip route add 222.173.254.0/24 via 222.173.254.21 dev eth1 table tel
ip route add 127.0.0.0/8 dev lo table tel
ip route add default via 222.173.254.17 dev eth1 table tel
制定策略,让222.173.254.21的回应数据包走电信的路由表路由,218.57.200.242的回应数据包走网通的路由表路由
ip rule add from 222.173.254.21 table tel
ip rule add from 218.57.200.242 table cnc
修改IP转发文件
# vi /etc/sysctl.conf
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
kernel.sysrq = 0
设置静态路由表文件
# vi /etc/sysconfig/static-routes
eth0 net 218.57.200.242 netmask 255.255.255.0 gw 218.57.200.1
eth1 net 222.173.254.21 netmask 255.255.255.240 gw 222.173.254.17
将从两个WAN口出去的数据包进行IP伪装masquerade
# /sbin/modprobe ip_conntrack_ftp
# /sbin/modprobe ip_nat_ftp
# /sbin/iptables -t nat -A postrouting -o eth0 -j masquerade
# /sbin/iptables -t nat -A postrouting -o eth1 -j masquerade
设置默认网关为网通
# route add default gw 222.173.254.17
增加出口路由策略,客户端是网通的走网通线路,其余走电信线路。
ip rule add to 121.16.0.0/13 table cnc
ip rule add to 121.24.0.0/14 table cnc
ip rule add to 121.28.0.0/15 table cnc
ip rule add to 121.30.0.0/16 table cnc
ip rule add to 121.31.0.0/16 table cnc
其余省略...
刷新路由表
ip route flush cache
四、配置DNS
在服务器上配置自己的DNS解析,将域名服务器商处的域名解析指向服务器。
这样,来自网通的查询,将反馈网站网通的IP,其余反馈电信的IP。
配置named.conf
view "cnc" {
match-clients {121.16.0.0/13;121.24.0.0/14;121.28.0.0/15;121.30.0.0/16;121.31.0.0/16;121.47.0.0/16;121.76.0.0/16;121.77.0.0/16;122.192.0.0/14;122.198.192.0/18;123.199.128.0/20;124.108.40.0/21;124.128.0.0/13;124.160.0.0/16;124.161.0.0/16;124.162.0.0/16;124.163.0.0/16;其余省略...;}
recursion yes;
zone "xtjc.com" {
type master;
file "/var/named/xtjc.com.cnc";
};
};
view "other" {
match-clients { any; };
recursion no;
zone "xtjc.com" {
type master;
file "/var/named/xtjc.com";
};
};
配置xtjc.com.cnc,对应网通IP
$TTL 86400
@ IN SOA xtjc.com. root (
2006111800 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS xtjc.com.
IN A 218.57.200.242
IN MX 10 mail
www IN A 218.57.200.242
ns1 IN A 218.57.200.242
ns IN A 222.173.254.21
mail IN A 218.57.200.242
1 IN PTR localhost.
配置xtjc.com,对应电信IP
$TTL 86400
@ IN SOA xtjc.com. root (
2006111800 ; Serial
28800 ; Refresh
14400 ; Retry
3600000 ; Expire
86400 ) ; Minimum
IN NS xtjc.com.
IN A 222.173.254.21
IN MX 10 mail
www IN A 222.173.254.21
ns IN A 222.173.254.21
ns1 IN A 218.57.200.242
mail IN A 222.173.254.21
1 IN PTR localhost.
配置222.173.254.zone、218.57.200.zone做反向解析;
$TTL 86400
@ IN SOA xtjc.com. root.xtjc.com. (
2006111813
3600
7200
3600000
86400 )
IN NS localhost.
242 IN PTR [url]www.xtjc.com.[/url]
242 IN PTR ns1.xtjc.com.
242 IN PTR mail.xtjc.com.
五、配置apache,做好虚拟主机设置
# vi /usr/local/apache/conf/httpd.conf
NameVirtualHost 218.57.200.242:80
NameVirtualHost 222.173.254.21:80
ServerName xxx.com
DocumentRoot /www/html/
ServerAdmin [url=mailto:webmaster@xxx.com]webmaster@xxx.com[/url]ErrorLog logs/xtjc.com-error_log
ServerName [url]www.xtjc.com[/url]
DocumentRoot /var/www/html/xtjc.com
ServerAdmin [email]webmaster@xtjc.com[/email]
ErrorLog logs/xtjc.com-error_log
CustomLog "|/usr/local/sbin/cronolog /var/log/httpd/xtjc.com-access_log.%Y%m%d" combined
编辑:梦想家