目录

一、NAT地址转换模式

1、实验环境

2、实验部署

一、NAT地址转换模式

1、实验环境

分析：

客户端的请求经过LVS后负载均衡，分配到指定服务器处理，处理结果返回时还是会经过LVS负载均衡器返回给client端的。

需要一台win10 虚拟机

一台linux系统服务器作为LVS负载均衡器

二台linux系统服务器作为httpd1和httpd2

数据流向：

client (cip) 请求，通过vmnet1到达负载均衡器lvs的ens36网卡接口，通过建立虚拟主机来进行传输，配置ipvsadm,到达后端真实服务器，通过轮询来分配。（lvs 的ens36地址为client的网关，lvs 的ens33地址为后端真实服务器网关）

httpd1或者httpd2处理完请求以后返回数据，到达负载均衡器LVS的ens33,通过iptables的SNAT规则，将数据转发到ens36。最后到达Client端。

2、实验部署

1、给LVS新增一张类型为vmnet1的网卡

2、配置ens36网卡信息

[root@zwb_lvs ~]# cd /etc/sysconfig/network-scripts/[root@zwb_lvs network-scripts]# cp ifcfg-ens33 ifcfg-ens36[root@zwb_lvs network-scripts]# vim ifcfg-ens36TYPE=EthernetPROXY_METHOD=noneBROWSER_ONLY=noBOOTPROTO=staticDEFROUTE=yesIPV4_FAILURE_FATAL=noIPV6INIT=yesIPV6_AUTOCONF=yesIPV6_DEFROUTE=yesIPV6_FAILURE_FATAL=noIPV6_ADDR_GEN_MODE=stable-privacyNAME=ens36DEVICE=ens36ONBOOT=yesIPADDR=192.168.68.100PREFIX=24#GATEWAY=192.168.159.2#DNS1=114.114.114.114IPV6_PRIVACY=no[root@zwb_lvs network-scripts]# systemctl restart network[root@zwb_lvs network-scripts]# ifconfig ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 192.168.159.159 netmask 255.255.255.0 broadcast 192.168.159.255inet6 fe80::ce01:2f86:7a80:ce3c prefixlen 64 scopeid 0x20<link>ether 00:0c:29:66:d9:2f txqueuelen 1000 (Ethernet)RX packets 24625 bytes 28528244 (27.2 MiB)RX errors 0 dropped 0 overruns 0 frame 0TX packets 7944 bytes 758397 (740.6 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0ens36: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500inet 192.168.68.100 netmask 255.255.255.0 broadcast 192.168.68.255inet6 fe80::a234:2aee:5c0c:10a9 prefixlen 64 scopeid 0x20<link>ether 00:0c:29:66:d9:39 txqueuelen 1000 (Ethernet)RX packets 3 bytes 276 (276.0 B)RX errors 0 dropped 0 overruns 0 frame 0TX packets 24 bytes 3701 (3.6 KiB)TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0##编译安装Nginx[root@zwb_lvs opt]#yum -y install gcc gcc-c++ pcre-devel zlib-devel make ##环境安装[root@zwb_lvs opt]#tar zxvf nginx-1.15.9.tar.gz -C ##提前把安装包放到opt下[root@zwb_lvs opt]# lsnginx-1.15.9 nginx-1.15.9.tar.gz rh[root@zwb_lvs opt]# cd nginx-1.15.9/[root@zwb_lvs nginx-1.15.9]# ./configure \##初始化> --prefix=/usr/local/nginx \> --user=nginx \> --group=nginx \> --with-http_stub_status_module[root@zwb_lvs nginx-1.15.9]# make && make install ### 编译安装[root@zwb_lvs nginx-1.15.9]# ln -s /usr/local/nginx/sbin/* /usr/local/sbin/ ##优化环境变量[root@zwb_lvs nginx-1.15.9]# useradd -M -s /sbin/nologin nginx ##创建程序管理用户[root@zwb_lvs nginx-1.15.9]# vim /usr/lib/systemd/system/nginx.service ##优化，添加 ##nginx.service[Unit]Description=nginxAfter=network.target[Service]Type=forkingPIDFile =/usr/local/nginx/logs/nginx.pidExecStart=/usr/local/nginx/sbin/nginxExecReload=/bin/kill -s HUP $MAINPIDExecStop=/bin/kill -s QUIT $MAINPIDPrivateTmp=true[Install]WantedBy=multi-user.target：wq[root@zwb_lvs nginx-1.15.9]# chmod 754 /lib/systemd/system/nginx.service ##给与权限[root@zwb_lvs nginx-1.15.9]# systemctl status nginx.service ####开启nginx服务● nginx.service - nginxLoaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)Active: inactive (dead)[root@zwb_lvs nginx-1.15.9]# systemctl start nginx.service [root@zwb_lvs nginx-1.15.9]# systemctl status nginx.service ● nginx.service - nginxLoaded: loaded (/usr/lib/systemd/system/nginx.service; disabled; vendor preset: disabled)Active: active (running) since 一 -09-12 14:58:07 CST; 2s agoProcess: 23341 ExecStart=/usr/local/nginx/sbin/nginx (code=exited, status=0/SUCCESS)....................................

3、配置httpd1和httd2

①httpd1

[root@zwb-pxe ~]# hostnamectl set-hostname zwb_httpd1 #### 改主机名[root@zwb-pxe ~]# su[root@zwb_httpd1 ~]# yum -y install httpd###安装httpd服务.......................................[root@zwb_httpd1 ~]# rpm -q httpdhttpd-2.4.6-97.el7.centos.5.x86_64[root@zwb_httpd1 ~]# systemctl start httpd###开启httpd服务[root@zwb_httpd1 ~]# systemctl status httpd ###查看状态● httpd.service - The Apache HTTP ServerLoaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)Active: active (running) since 四 -09-08 01:53:55 CST; 25s ago.........................................[root@zwb_httpd1 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33 ###修改网卡信息TYPE=EthernetPROXY_METHOD=noneBROWSER_ONLY=noBOOTPROTO=staticDEFROUTE=yesIPV4_FAILURE_FATAL=noIPV6INIT=yesIPV6_AUTOCONF=yesIPV6_DEFROUTE=yesIPV6_FAILURE_FATAL=noIPV6_ADDR_GEN_MODE=stable-privacyNAME=ens33UUID=d78d9180-d8c7-4d65-86fb-5364e4cf736bDEVICE=ens33ONBOOT=yesIPV6_PRIVACY=noDNS1=114.114.114.114IPADDR=192.168.159.100PREFIX=24GATEWAY=192.168.159.159[root@zwb_httpd1 ~]# cd /var/www/html/ [root@zwb_httpd1 html]# ls[root@zwb_httpd1 html]# vim index.html ##修改网站主页内容this is httpd1

②httpd2

[root@zwb ~]# hostnamectl set-hostname zwb_httpd2[root@zwb ~]# su[root@zwb_httpd2 ~]# yum -y install httpd[root@zwb_httpd2 ~]# systemctl start httpd[root@zwb_httpd2 ~]# systemctl status httpd.service ● httpd.service - The Apache HTTP ServerLoaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)Active: active (running) since 四 -09-08 01:55:20 CST; 6min ago..................................[root@zwb_httpd2 ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33DEVICE=ens33IPV6INIT=yesBOOTPROTO=noneUUID=1b12a726-f53a-4faf-a198-af9308140a56ONBOOT=yesTYPE=EthernetPROXY_METHOD=noneBROWSER_ONLY=noDEFROUTE=yesIPV4_FAILURE_FATAL=noIPV6_AUTOCONF=yesIPV6_DEFROUTE=yesIPV6_FAILURE_FATAL=noNAME=ens33IPADDR=192.168.159.10PREFIX=24GATEWAY=192.168.159.159[root@zwb_httpd2 ~]# vim /var/www/html/index.htmlthis is httpd2

4、配置LVS负载均衡器

#需要提前安装Nginx，之前的博客有手工编译安装nginx.[root@zwb_lvs etc]# vim /etc/sysctl.conf........................net.ipv4.ip_forward=1###开启转发功能[root@zwb_lvs network-scripts]# sysctl -p ####刷新配置net.ipv4.ip_forward = 1[root@zwb_lvs network-scripts]# yum -y install iptables-services.x86_64 ####iptables更新[root@zwb_lvs network-scripts]# iptables -t nat -L ###查看iptables 的NAT表的规则Chain PREROUTING (policy ACCEPT)targetprot opt sourcedestination Chain INPUT (policy ACCEPT)targetprot opt sourcedestination Chain OUTPUT (policy ACCEPT)targetprot opt sourcedestination Chain POSTROUTING (policy ACCEPT)targetprot opt sourcedestination RETURNall -- 192.168.122.0/24base-/24 RETURNall -- 192.168.122.0/24255.255.255.255MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24masq ports: 1024-65535MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24masq ports: 1024-65535MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24 [root@zwb_lvs network-scripts]# iptables -F ##清空iptables规则[root@zwb_lvs network-scripts]# iptables -t nat -A POSTROUTING -s 192.168.159.0/24 -o ens36 -j SNAT --to-source 192.168.68.100[root@zwb_lvs network-scripts]# systemctl start iptables.service ###开启iptables[root@zwb_lvs network-scripts]# modprobe ip_vs[root@zwb_lvs network-scripts]# cat /proc/net/ip_vsIP Virtual Server version 1.2.1 (size=4096)Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port Forward Weight ActiveConn InActConn[root@zwb_lvs network-scripts]# yum -y install ipvsadm[root@zwb_lvs network-scripts]# ipvsadm-save > /etc/sysconfig/ipvsadm ##先做这个，不然 ###ipvsadm无法启动，加载ipvsadm的规则[root@zwb_lvs network-scripts]# ipvsadm -C##清空原有策略[root@zwb_lvs network-scripts]# ipvsadm -A -t 192.168.68.100:80 -s rr##-A：添加一个虚拟主机，指定虚拟主机的端口及ip[root@zwb_lvs network-scripts]# ipvsadm -a -t 192.168.68.100:80 -r 192.168.159.10:80 -m -w 1## -a:添加真实服务器，指定真实服务器的端口及ip -m:使用NAT集群模式 -w:权重[root@zwb_lvs network-scripts]# ipvsadm -a -t 192.168.68.100:80 -r 192.168.159.100:80 -m -w 1[root@zwb_lvs network-scripts]# ipvsadm ###开启ipvsadm[root@zwb_lvs network-scripts]# ipvsadm -ln###查看现有ipvsadm规则IP Virtual Server version 1.2.1 (size=4096)Prot LocalAddress:Port Scheduler Flags-> RemoteAddress:Port Forward Weight ActiveConn InActConnTCP 192.168.68.100:80 rr-> 192.168.159.10:80 Masq 100 -> 192.168.159.100:80 Masq 100 [root@zwb_lvs network-scripts]# ipvsadm-save > /etc/sysconfig/ipvsadm ###保存现有ipvsadm ##规则[root@zwb_lvs ~]# cat /etc/sysconfig/ipvsadm-A -t zwb_lvs:http -s rr-a -t zwb_lvs:http -r 192.168.159.10:http -m -w 1-a -t zwb_lvs:http -r 192.168.159.100:http -m -w 1

5、开启win10 虚拟机

修改为vmnet1 模式

修改ip

6、验证

刷新