本文共 5337 字,大约阅读时间需要 17 分钟。
1.拓扑图:
备注:因为应用原因,需要在linux2上添加一个公网地址,并且在中间路由设备不受控制的情况下,Linux1能访问到linux2上面的公网地址。
2.基本接口配置:
linux1:192.168.10.1/24
linux2:192.168.20.2/24
R1:
interface FastEthernet0/0
ip address 192.168.10.10 255.255.255.0 no shutdown ! interface FastEthernet0/1 ip address 192.168.20.10 255.255.255.0 no shutdown3.路由配置:
linux1网关:192.168.10.10
linux2网关:192.168.20.10 R1:只有直连路由4.Linux2单网卡多地址配置:
[root@Linux1 ~]# cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0:0
[root@Linux1 ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0:0 # Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE] DEVICE=eth0:0 BOOTPROTO=none ONBOOT=yes HWADDR=00:0c:29:08:48:63NETMASK=255.255.255.252 IPADDR=202.100.2.2 TYPE=Ethernet USERCTL=no IPV6INIT=no PEERDNS=yes [root@Linux1 ~]# service network restart [root@Linux1 ~]# ping 202.100.2.2 PING 202.100.2.2 (202.100.2.2) 56(84) bytes of data. 64 bytes from 202.100.2.2: icmp_seq=1 ttl=64 time=0.124 ms --- 202.100.2.2 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.124/0.124/0.124/0.000 ms [root@ams ~]# ping 192.168.10.10 PING 192.168.10.10 (192.168.10.10) 56(84) bytes of data. 64 bytes from 192.168.10.10: icmp_seq=1 ttl=255 time=70.6 ms --- 192.168.10.10 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 70.629/70.629/70.629/0.000 ms5.GRE tunnel配置:
A.确定是否加载了GRE模块
[root@Linux1 ~]# lsmod |grep ip_gre [root@Linux2 ~]# lsmod |grep ip_greB.加载GRE模块[root@linux1 ~]# uname -an
Linux linux1 2.6.9-78.EL #1 Wed Jul 9 15:27:01 EDT 2008 i686 i686 i386 GNU/Linux [root@linux1 ~]# insmod /lib/modules/2.6.9-78.EL/kernel/net/ipv4/ip_gre.ko [root@linux2 ~]# uname -an Linux linux2 2.6.18-164.el5 #1 SMP Thu Sep 3 03:33:56 EDT 2009 i686 i686 i386 GNU/Linux [root@linux2 ~]# insmod /lib/modules/2.6.18-164.el5/kernel/net/ipv4/ip_gre.koC.GRE tunnel接口配置
Linux1:
ip tunnel add tunnel0 mode gre remote 192.168.20.2 local 192.168.10.1 ttl 255 ip link set tunnel0 up mtu 1400 ip addr add 172.16.1.1/30 dev tunnel0 ip addr add 172.16.1.1/30 peer 172.16.1.2/30 dev tunnel0 ip route add 202.100.2.2/32 dev tunnel0Linux2: ip tunnel add tunnel0 mode gre remote 192.168.10.1 local 192.168.20.2 ttl 255 ip link set tunnel0 up mtu 1400 ip addr add 172.16.1.2/30 dev tunnel0 ip addr add 172.16.1.2/30 peer 172.16.1.1/30 dev tunnel0D.将tunnel配置开机运行:linux1:
vi /etc/init.d/gre.sh ##内容如下: insmod /lib/modules/2.6.9-78.EL/kernel/net/ipv4/ip_gre.ko ip tunnel add tunnel0 mode gre remote 192.168.20.2 local 192.168.10.1 ttl 255 ip link set tunnel0 up mtu 1400 ip addr add 172.16.1.1/30 dev tunnel0 ip addr del 172.16.1.1/30 peer 172.16.1.2/30 dev tunnel0 ip addr add 172.16.1.1/30 peer 172.16.1.2/30 dev tunnel0 ip route add 202.100.2.2/32 dev tunnel0chmod +x /etc/init.d/gre.sh echo "/etc/init.d/gre.sh" >> /etc/rc.d/rc.locallinux2:vi /etc/init.d/gre.sh ##内容如下: insmod /lib/modules/2.6.18-164.el5/kernel/net/ipv4/ip_gre.ko ip tunnel add tunnel0 mode gre remote 192.168.10.1 local 192.168.20.2 ttl 255 ip link set tunnel0 up mtu 1400 ip addr add 172.16.1.2/30 dev tunnel0 ip addr del 172.16.1.2/30 peer 172.16.1.1/30 dev tunnel0 ip addr add 172.16.1.2/30 peer 172.16.1.1/30 dev tunnel0chmod +x /etc/init.d/gre.sh echo "/etc/init.d/gre.sh" >> /etc/rc.d/rc.localD.验证GRE接口[root@Linux1 ~]# ip addr show
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 brd 127.255.255.255 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:0c:29:e4:65:78 brd ff:ff:ff:ff:ff:ff inet 192.168.10.1/24 brd 192.168.10.255 scope global eth0 inet6 fe80::20c:29ff:fee4:6578/64 scope link valid_lft forever preferred_lft forever 3: sit0: <NOARP> mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0 4: gre0: <NOARP> mtu 1476 qdisc noop link/gre 0.0.0.0 brd 0.0.0.0 5: tunnel0@NONE: <POINTOPOINT,NOARP,UP> mtu 1400 qdisc noqueue link/gre 192.168.10.1 peer 192.168.20.2 inet 172.16.1.1 peer 172.16.1.2/30 scope global tunnel0[root@Linux2 ~]# ip addr show 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000 link/ether 00:0c:29:08:48:63 brd ff:ff:ff:ff:ff:ff inet 192.168.20.2/24 brd 192.168.20.255 scope global eth0 inet 202.100.2.2/30 brd 202.100.2.3 scope global eth0:0 inet6 fe80::20c:29ff:fe08:4863/64 scope link valid_lft forever preferred_lft forever 3: sit0: <NOARP> mtu 1480 qdisc noop link/sit 0.0.0.0 brd 0.0.0.0 4: gre0: <NOARP> mtu 1476 qdisc noop link/gre 0.0.0.0 brd 0.0.0.0 5: tunnel0@NONE: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1400 qdisc noqueue link/gre 192.168.20.2 peer 192.168.10.1 inet 172.16.1.2 peer 172.16.1.1/30 scope global tunnel05.效果测试:
[root@linux1 ~]# ping 202.100.2.2
PING 202.100.2.2 (202.100.2.2) 56(84) bytes of data. 64 bytes from 202.100.2.2: icmp_seq=0 ttl=64 time=82.4 ms 64 bytes from 202.100.2.2: icmp_seq=1 ttl=64 time=48.7 ms --- 202.100.2.2 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1002ms rtt min/avg/max/mdev = 48.784/65.633/82.482/16.849 ms, pipe 2转载地址:http://stzio.baihongyu.com/