gre隧道配置机房或者公司互通(服务器上面配置)
机房服务器:
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
[root@localhost ~]
# ip addr
1: lo:
link
/loopback
00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1
/8
scope host lo
valid_lft forever preferred_lft forever
inet6 ::1
/128
scope host
valid_lft forever preferred_lft forever
2: eth0:
link
/ether
00:0c:29:59:58:f6 brd ff:ff:ff:ff:ff:ff
inet 192.168.56.11
/24
brd 192.168.56.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe59:58f6
/64
scope link
valid_lft forever preferred_lft forever
3: eth1:
link
/ether
00:0c:29:59:58:00 brd ff:ff:ff:ff:ff:ff
inet 10.10.11.1
/24
brd 10.10.11.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fe59:5800
/64
scope link
valid_lft forever preferred_lft forever
[root@localhost ~]
#
|
公司
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
|
[root@localhost network-scripts]# ip addr
1: lo:
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0:
link/ether 00:0c:29:e3:29:23 brd ff:ff:ff:ff:ff:ff
inet 192.168.56.10/24 brd 192.168.56.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fee3:2923/64 scope link
valid_lft forever preferred_lft forever
3: eth1:
link/ether 00:0c:29:e3:29:2d brd ff:ff:ff:ff:ff:ff
inet 10.10.10.1/24 brd 10.10.10.255 scope global eth1
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fee3:292d/64 scope link
valid_lft forever preferred_lft forever
[root@localhost network-scripts]#
|
两台机器都开启路由转发的功能
|
1
2
3
4
|
[root@localhost network-scripts]
# echo "net.ipv4.ip_forward=1" >>/etc/sysctl.conf
[root@localhost network-scripts]
# sysctl -p
net.ipv4.ip_forward = 1
[root@localhost network-scripts]
#
|
公司服务器(192.168.56.10)
|
1
2
3
4
5
|
[root@localhost network-scripts]
# ip tunnel add tunnel2 mode gre local 192.168.56.10 remote 192.168.56.11 ttl 255 dev eth0
[root@localhost network-scripts]
# ip addr add 172.16.33.2 dev tunnel2 peer 172.16.33.1/24
[root@localhost network-scripts]
# ip link set dev tunnel2 up
[root@localhost network-scripts]
# ip route add 10.10.11.0/24 dev tunnel2
[root@localhost network-scripts]
#
|
机房(192.168.56.11)
|
1
2
3
4
5
|
[root@localhost network-scripts]
# ip tunnel add tunnel2 mode gre local 192.168.56.11 remote 192.168.56.10 ttl 255 dev eth0
[root@localhost network-scripts]
# ip addr add 172.16.33.1 dev tunnel2 peer 172.16.33.2/24
[root@localhost network-scripts]
# ip link set dev tunnel2 up
[root@localhost network-scripts]
# ip route add 10.10.10.0/24 dev tunnel2
[root@localhost network-scripts]
#
|
测试:在192.168.56.11
|
1
2
3
4
5
6
7
8
9
10
|
[root@localhost ~]
# ping 10.10.10.1
PING 10.10.10.1 (10.10.10.1) 56(84) bytes of data.
64 bytes from 10.10.10.1: icmp_seq=1 ttl=64
time
=0.461 ms
64 bytes from 10.10.10.1: icmp_seq=2 ttl=64
time
=0.630 ms
64 bytes from 10.10.10.1: icmp_seq=3 ttl=64
time
=0.410 ms
^C
--- 10.10.10.1
ping
statistics ---
3 packets transmitted, 3 received, 0% packet loss,
time
2002ms
rtt min
/avg/max/mdev
= 0.410
/0
.500
/0
.630
/0
.095 ms
[root@localhost ~]
#
|
测试在 192.168.56.10
|
1
2
3
4
5
6
7
8
9
10
|
[root@localhost network-scripts]
# ping 10.10.11.1
PING 10.10.11.1 (10.10.11.1) 56(84) bytes of data.
64 bytes from 10.10.11.1: icmp_seq=1 ttl=64
time
=1.08 ms
64 bytes from 10.10.11.1: icmp_seq=2 ttl=64
time
=0.766 ms
64 bytes from 10.10.11.1: icmp_seq=3 ttl=64
time
=0.439 ms
^C
--- 10.10.11.1
ping
statistics ---
3 packets transmitted, 3 received, 0% packet loss,
time
2002ms
rtt min
/avg/max/mdev
= 0.439
/0
.761
/1
.080
/0
.263 ms
[root@localhost network-scripts]
#
|
公司的另外一台服务器测试(10.10.10.2 ),可以看出测试额没问题
内网服务器的网关要指向
10.10.10.1
公司出口的外网服务器上的内网地址
|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
|
[root@localhost ~]
# ifconfig
eth0: flags=4163
inet 10.10.10.2 netmask 255.255.255.0 broadcast 10.10.10.255
inet6 fe80::20c:29ff:fe7d:4126 prefixlen 64 scopeid 0x20
ether 00:0c:29:7d:41:26 txqueuelen 1000 (Ethernet)
RX packets 46 bytes 6385 (6.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 62 bytes 8627 (8.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 0 (Local Loopback)
RX packets 2 bytes 200 (200.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2 bytes 200 (200.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@localhost ~]
# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.10.10.1 0.0.0.0 UG 0 0 0 eth0
10.10.10.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
[root@localhost ~]
# ping 10.10.11.1
PING 10.10.11.1 (10.10.11.1) 56(84) bytes of data.
64 bytes from 10.10.11.1: icmp_seq=1 ttl=63
time
=0.797 ms
64 bytes from 10.10.11.1: icmp_seq=2 ttl=63
time
=1.06 ms
64 bytes from 10.10.11.1: icmp_seq=3 ttl=63
time
=1.21 ms
64 bytes from 10.10.11.1: icmp_seq=4 ttl=63
time
=1.01 ms
64 bytes from 10.10.11.1: icmp_seq=5 ttl=63
time
=1.04 ms
^C
--- 10.10.11.1
ping
statistics ---
5 packets transmitted, 5 received, 0% packet loss,
time
4006ms
rtt min
/avg/max/mdev
= 0.797
/1
.024
/1
.211
/0
.138 ms
[root@localhost ~]
#
|
本文转自 小小三郎1 51CTO博客,原文链接:http://blog.51cto.com/wsxxsl/1941568,如需转载请自行联系原作者