LVS-NAT模式集群构建 _NAT模式

冲天香阵透长安，满城尽带黄金甲。这篇文章主要讲述LVS-NAT模式集群构建相关的知识，希望能为你提供帮助。
实验示意图：

文章图片

如上图，其中D为负载均衡器，RS1和RS2均为两台服务器
一、配置D负载均衡器：

内网网卡配置

[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# vim ifcfg-eth1
DEVICE=eth1
HWADDR=00:0C:29:17:90:36
TYPE=Ethernet
UUID=d10ecf55-8f3f-4e55-b8ed-b3a3f02efa55
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=100.100.100.11
NETMASK=255.255.255.0

外网网卡配置

[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# vim ifcfg-eth0
DEVICE=eth0
HWADDR=00:0C:29:17:90:2C
TYPE=Ethernet
UUID=43d227b6-7108-46e8-bf78-aa170c65334b
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=200.200.200.11
NETMASK=255.255.255.0

关闭NetworkManager服务及开机自启动

[root@localhost ~]# service NetworkManager stop
Stopping NetworkManager daemon:[OK]
[root@localhost ~]# service NetworkManager stop
Stopping NetworkManager daemon:[OK]
[root@localhost ~]# chkconfig NetworkManager off

安装ipvsadm命令行管理工具

[root@localhost ~]# mount -t iso9660 /dev/cdrom /mnt/cdrom/
mount: block device /dev/sr0 is write-protected, mounting read-only
[root@localhost ~]# yum -y install ipvsadm

开启路由转发并刷新内核配置

[root@localhost ~]# vi /etc/sysctl.conf
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
[root@localhost ~]# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.default.accept_source_route = 0
kernel.sysrq = 0
kernel.core_uses_pid = 1
net.ipv4.tcp_syncookies = 1
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
kernel.msgmnb = 65536
kernel.msgmax = 65536
kernel.shmmax = 68719476736
kernel.shmall = 4294967296

添加防火墙规则

添加防火墙记录，当源地址是内网网段并且出口网卡为 eth0 的时候进行 SNAT 转换，转换源地址为外网卡地址

[root@localhost ~]# service iptables start
iptables: Applying firewall rules:[OK]
[root@localhost ~]# iptables -F
[root@localhost ~]# iptables -t nat -A POSTROUTING -s 100.100.100.0/24 -o eth0 -j SNAT --to-source 200.200.200.11
# 删除iptables规则
[root@localhost ~]# iptables -t nat -D POSTROUTING -s 100.100.100.0/24 -o eth0 -j SNAT --to-source 200.200.200.11
?
# 查看记录是否保存成功
[root@localhost ~]# iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
targetprot opt sourcedestination
?
Chain POSTROUTING (policy ACCEPT)
targetprot opt sourcedestination
SNATall--100.100.100.0/24anywhereto:200.200.200.11
Chain OUTPUT (policy ACCEPT)
targetprot opt sourcedestination
# 保存iptables规则
[root@localhost ~]# service iptables save
iptables: Saving firewall rules to /etc/sysconfig/iptables:[OK]
[root@localhost ~]# chkconfig iptables on

配置ipvs集群

# 添加ipvsadm TCP集群
[root@localhost ~]# ipvsadm -A -t 200.200.200.11:80 -s rr
?
# 添加ipvsadm节点
[root@localhost ~]# ipvsadm -a -t 200.200.200.11:80 -r 100.100.100.12:80 -m
[root@localhost ~]# ipvsadm -a -t 200.200.200.11:80 -r 100.100.100.13:8080 -m
?
# 查看连接的地址和端口列表
[root@localhost ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:PortForward Weight ActiveConn InActConn
TCP200.200.200.11:80 rr
-> 100.100.100.12:80Masq100
-> 100.100.100.13:8080Masq100
# 保存ipvsadm配置
[root@localhost ~]# service ipvsadm save
ipvsadm: Saving IPVS table to /etc/sysconfig/ipvsadm:[OK]
# 配置ipvsadm开启自启
[root@localhost ~]# chkconfig ipvsadm on
?

二、配置真实服务器RS1

网卡IP配置

[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# vim ifcfg-eth0
DEVICE=eth0
HWADDR=00:0C:29:E2:0C:14
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=100.100.100.12
NETMASK=255.255.255.0

关闭NetworkManager服务及开启自启动：

[root@localhost ~]# service NetworkManager stop
Stopping NetworkManager daemon:[OK]
[root@localhost ~]# chkconfig NetworkManager off

添加网关

[root@localhost ~]# echo "GATEWAY=100.100.100.11" > > /etc/sysconfig/network-scripts/ifcfg-eth0
[root@localhost ~]# service network restart
Shutting down loopback interface:[OK]
Bringing up loopback interface:[OK]
Bringing up interface eth0:Device eth0 does not seem to be present, delaying initialization.
[FAILED]
[root@localhost ~]# shutdown -h now
[root@localhost ~]# route -n
Kernel IP routing table
DestinationGatewayGenmaskFlags Metric RefUse Iface
100.100.100.00.0.0.0255.255.255.0U000 eth0
169.254.0.00.0.0.0255.255.0.0U100200 eth0
0.0.0.0100.100.100.110.0.0.0UG000 eth0
?
[root@localhost ~]# echo "111111111111111" > > /var/www/html/index.html
[root@localhost ~]# service httpd restart
Stopping httpd:[FAILED]
Starting httpd: httpd: Could not reliably determine the server\'s fully qualified domain name, using localhost.localdomain for ServerName
[OK]
[root@localhost ~]# chkconfig httpd on
[root@localhost ~]# curl localhost
111111111111111

三、配置服务器RS2

网卡IP配置

[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# vim ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
HDADDR=00:0c:29:a7:7a:ad
IPADDR=100.100.100.13
NETMASK=255.255.255.0

关闭NetworkManager服务及开启自启动：

[root@localhost ~]# service NetworkManager stop
Stopping NetworkManager daemon:[OK]
[root@localhost ~]# chkconfig NetworkManager off

添加网关

[root@localhost ~]# echo "GATEWAY=100.100.100.11" > > /etc/sysconfig/network-scripts/ifcfg-eth0
[root@localhost ~]# service network restart
Shutting down loopback interface:[OK]
Bringing up loopback interface:[OK]
Bringing up interface eth0:Device eth0 does not seem to be present, delaying initialization.
[FAILED]
[root@localhost ~]# shutdown -h now
[root@localhost ~]# route -n
Kernel IP routing table
DestinationGatewayGenmaskFlags Metric RefUse Iface
100.100.100.00.0.0.0255.255.255.0U000 eth0
169.254.0.00.0.0.0255.255.0.0U100200 eth0
0.0.0.0100.100.100.110.0.0.0UG000 eth0
?
[root@localhost ~]# echo "222222222222" > > /var/www/html/index.html
[root@localhost ~]# service httpd restart
Stopping httpd:[FAILED]
Starting httpd: httpd: Could not reliably determine the server\'s fully qualified domain name, using localhost.localdomain for ServerName
[OK]
[root@localhost ~]# chkconfig httpd on
[root@localhost ~]#curl localhost:8080
222222222222

四、查看负载调度器D状态

[root@localhost ~]# ipvsadm -Ln --stats
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:PortConnsInPktsOutPktsInBytes OutBytes
-> RemoteAddress:Port
TCP200.200.200.11:804315368134726741
-> 100.100.100.12:8021763364883114
-> 100.100.100.13:808022773569843627
[root@localhost ~]#

从InPkts和OutPkts的数量不为0可知，负载调度器NAT转换已起作用。

【LVS-NAT模式集群构建】