Вы находитесь на странице: 1из 2

# Gán địa chỉ IP cho các Interface

cd /etc/sysconfig/network-scripts
cp ifcfg-ens33 ifcfg-eth0
cp ifcfg-eth0 ifcfg-eth1
vi ifcfg-eth0
eth0
eth0
IPADDR=192.168.52.154
NETMASK=255.255.255.0
GATEWAY=192.168.52.1
DNS1=8.8.8.8
DNS2=8.8.4.4
systemctl restart network
ip link set eth0 up
# Tạo VLAN
nmcli service NetworkManager start
nmcli con add type vlan con-name KETOAN id 10 dev eth1 ip4 192.168.10.1/24
nmcli con add type vlan con-name HCNS id 20 dev eth1 ip4 192.168.20.1/24
nmcli con add type vlan con-name KYTHUAT id 30 dev eth1 ip4 192.168.30.1/24
nmcli con add type vlan con-name SEP id 40 dev eth1 ip4 192.168.40.1/24
service network restart
nmcli con show
nmcli connection delete KETOAN
# Cấu hình static route
yum install net-tools -y
route –n
cd /etc/sysconfig/network-scripts/
vi route-eth2
NETMASK0=255.255.255.0
ADDRESS0=172.16.0.0
NETMASK1=255.255.255.252
ADDRESS1=10.10.10.0
cd /etc/sysconfig/network-scripts/
vi route-eth3
NETMASK0=255.255.255.0
ADDRESS0=172.16.0.0
NETMASK1=255.255.255.252
ADDRESS1=10.10.20.0

service network restart


Cách dùng bằng lệnh
route add -net 172.16.0.0 netmask 255.255.0.0 dev eth2
route add -net 172.16.0.0 netmask 255.255.0.0 dev eth3
# Các lệnh với iptables
systemctl stop firewalld
systemctl disable firewalld

yum install iptables-services -y


iptables --version

systemctl start iptables


systemctl enable iptables
systemctl status iptables
systemctl save iptables
systemctl restart iptables
systemctl stop iptables
systemctl disable iptables

service iptables save


service iptables restart
# Cấu hình NAT với iptables
echo '1' > /proc/sys/net/ipv4/ip_forward
or
cd /etc/sysctl.d
vi 99-sysctl.conf
sửa:
net.ipv4.ip_forward = 1
lệnh kiểm tra:
cat /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -s 192.168.10.0/24 -o eth2 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.20.0/24 -o eth3 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.30.0/24 -o eth2 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.30.0/24 -o eth3 -j MASQUERADE
iptables -t nat -A POSTROUTING -s 192.168.40.0/24 -o eth2 -j MASQUERADE
iptables -A FORWARD -i eth1 -j ACCEPT
service iptables save
service iptables restart
iptables -t nat -nvL
iptables -t nat -F POSTROUTING # Xóa iptables