(OK) CORE nodes access Internet—虚拟节点访问互联网—commands
来源:互联网 发布:淘宝助理导出图片 编辑:程序博客网 时间:2024/04/29 13:56
[root@localhost core]# systemctl start core-daemon.service
---------------------------------------------------------------------------
[root@localhost core]# core-gui
----------------------
/root/.core/configs/m-MPE-manet.imn
----------------------
Under the Session Menu, the Options... dialog has an option to set a control network prefix.
This can be set to a network prefix such as 172.16.0.0/24. A bridge will be created on the host machine having the last address in the prefix range (e.g. 172.16.0.254), and each node will have an extra ctrl0 control interface configured with an address corresponding to its node number (e.g. 172.16.0.3 for n3.)
----------------------
[root@localhost core]# ifconfig
enp13s0: flags=4163 mtu 1500
inet 192.168.0.100 netmask 255.255.255.0 broadcast 192.168.0.255
inet6 fe80::3e97:eff:fef0:b5bb prefixlen 64 scopeid 0x20
ether 3c:97:0e:f0:b5:bb txqueuelen 1000 (Ethernet)
RX packets 424786 bytes 474479916 (452.4 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 402854 bytes 46953257 (44.7 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
b.ctrl0net.6a: flags=4163 mtu 1500
inet 172.16.0.254 netmask 255.255.255.0 broadcast 0.0.0.0
inet6 fe80::bc49:1ff:fe27:a95 prefixlen 64 scopeid 0x20
ether 16:32:81:19:ca:43 txqueuelen 1000 (Ethernet)
RX packets 149 bytes 12753 (12.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 84 bytes 8808 (8.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
----------------------
[root@localhost core]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.0.1 0.0.0.0 UG 100 0 0 enp13s0
172.16.0.0 0.0.0.0 255.255.255.0 U 0 0 0 b.ctrl0net.6a
192.168.0.0 0.0.0.0 255.255.255.0 U 100 0 0 enp13s0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
----------------------
[root@localhost 桌面]# . iptables_core.sh
[root@localhost 桌面]# cat iptables_core.sh
点击(此处)折叠或打开
- #!/bin/bash
- echo 1 > /proc/sys/net/ipv4/ip_forward
- echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
- echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_all
- echo 1 > /proc/sys/net/ipv4/tcp_syncookies
- #网卡:上外、下内
- #上外 192.168.0.100
- #下内 172.16.0.254
- #INET_IF="ppp0"
- INET_IF="enp13s0"
- LAN_IF="b.ctrl0net.6a"
- INET_IP="192.168.0.100"
- LAN_IP="172.16.0.254"
- LAN_IP_RANGE="172.16.0.0/24"
- #LAN_WWW="172.16.0.6"
- IPT="/sbin/iptables"
- #TC="/sbin/tc"
- MODPROBE="/sbin/modprobe"
- $MODPROBE ip_tables
- $MODPROBE iptable_nat
- $MODPROBE ip_nat_ftp
- $MODPROBE ip_nat_irc
- $MODPROBE ipt_mark
- $MODPROBE ip_conntrack
- $MODPROBE ip_conntrack_ftp
- $MODPROBE ip_conntrack_irc
- $MODPROBE ipt_MASQUERADE
- for TABLE in filter nat mangle ; do
- $IPT -t $TABLE -F
- $IPT -t $TABLE -X
- $IPT -t $TABLE -Z
- done
- $IPT -P INPUT DROP
- $IPT -P OUTPUT ACCEPT
- $IPT -P FORWARD DROP
- $IPT -t nat -P PREROUTING ACCEPT
- $IPT -t nat -P OUTPUT ACCEPT
- $IPT -t nat -P POSTROUTING ACCEPT
- # 拒绝INTERNET客户访问
- #$IPT -A INPUT -i $INET_IF -m state --state RELATED,ESTABLISHED -j ACCEPT
- $IPT -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
- #$IPT -A INPUT -i $INET_IF -p tcp -s 123.5.0.0/16 --dport 22 -j ACCEPT
- $IPT -A INPUT -p tcp --dport 22 -j ACCEPT
- $IPT -A INPUT -i $INET_IF -m state --state NEW,INVALID -j DROP
- for DNS in $(grep ^n /etc/resolv.conf|awk '{print $2}'); do
- $IPT -A INPUT -p tcp -s $DNS --sport domain -j ACCEPT
- $IPT -A INPUT -p udp -s $DNS --sport domain -j ACCEPT
- done
- # anti bad scaning
- $IPT -A INPUT -i $INET_IF -p tcp --tcp-flags ALL FIN,URG,PSH -j DROP
- $IPT -A INPUT -i $INET_IF -p tcp --tcp-flags ALL ALL -j DROP
- $IPT -A INPUT -i $INET_IF -p tcp --tcp-flags ALL SYN,RST,ACK,FIN,URG -j DROP
- $IPT -A INPUT -i $INET_IF -p tcp --tcp-flags ALL NONE -j DROP
- $IPT -A INPUT -i $INET_IF -p tcp --tcp-flags SYN,RST SYN,RST -j DROP
- $IPT -A INPUT -i $INET_IF -p tcp --tcp-flags SYN,FIN SYN,FIN -j DROP
- #$IPT -t nat -A PREROUTING -d $INET_IP -p tcp --dport 8008 -j DNAT --to-destination $LAN_WWW:8008
- #$IPT -t nat -A PREROUTING -d $INET_IP -p tcp --dport 22 -j DNAT --to-destination $LAN_WWW:22
- if [ $INET_IF = "ppp0" ] ; then
- $IPT -t nat -A POSTROUTING -o $INET_IF -s $LAN_IP_RANGE -j MASQUERADE
- else
- $IPT -t nat -A POSTROUTING -o $INET_IF -s $LAN_IP_RANGE -j SNAT --to-source $INET_IP
- fi
- #no limit
- #$IPT -A FORWARD -s 192.168.1.216 -m mac --mac-source 00:15:17:F7:AB:84 -j ACCEPT
- #$IPT -A FORWARD -d 192.168.1.216 -j ACCEPT
- #$IPT -A FORWARD -p tcp -d ! $LAN_IP_RANGE -m multiport --dports ! 20,21,22,25,53,80,110,443,8080 -j DROP
- #$IPT -A FORWARD -p udp -d ! $LAN_IP_RANGE -m multiport --dports ! 20,21,22,25,53,80,110,443,8080 -j DROP
- #MAC、IP地址绑定
- #$IPT -A FORWARD -s 192.168.1.11 -m mac --mac-source 44-87-FC-44-B9-6E -j ACCEPT
- $IPT -A FORWARD -s 172.16.0.1 -j ACCEPT
- $IPT -A FORWARD -s 172.16.0.2 -j ACCEPT
- $IPT -A FORWARD -s 172.16.0.3 -j ACCEPT
- $IPT -A FORWARD -s 172.16.0.4 -j ACCEPT
- $IPT -A FORWARD -s 172.16.0.5 -j ACCEPT
- $IPT -A FORWARD -s 172.16.0.6 -j ACCEPT
- $IPT -A FORWARD -s 172.16.0.7 -j ACCEPT
- $IPT -A FORWARD -s 172.16.0.8 -j ACCEPT
- $IPT -A FORWARD -s 172.16.0.9 -j ACCEPT
- $IPT -A FORWARD -s 172.16.0.10 -j ACCEPT
- $IPT -A FORWARD -s 172.16.0.11 -j ACCEPT
- $IPT -A FORWARD -s 172.16.0.12 -j ACCEPT
- $IPT -A FORWARD -d 172.16.0.1 -j ACCEPT
- $IPT -A FORWARD -d 172.16.0.2 -j ACCEPT
- $IPT -A FORWARD -d 172.16.0.3 -j ACCEPT
- $IPT -A FORWARD -d 172.16.0.4 -j ACCEPT
- $IPT -A FORWARD -d 172.16.0.5 -j ACCEPT
- $IPT -A FORWARD -d 172.16.0.6 -j ACCEPT
- $IPT -A FORWARD -d 172.16.0.7 -j ACCEPT
- $IPT -A FORWARD -d 172.16.0.8 -j ACCEPT
- $IPT -A FORWARD -d 172.16.0.9 -j ACCEPT
- $IPT -A FORWARD -d 172.16.0.10 -j ACCEPT
- $IPT -A FORWARD -d 172.16.0.11 -j ACCEPT
- $IPT -A FORWARD -d 172.16.0.12 -j ACCEPT
---------------------------------------------------------------------------
下面在 CORE虚拟节点 中操作
---------------------------------------------------------------------------
[root@n6 n6.conf]# ifconfig
ctrl0: flags=4163 mtu 1500
inet 172.16.0.6 netmask 255.255.255.0 broadcast 0.0.0.0
inet6 fe80::216:3eff:fec0:b7a4 prefixlen 64 scopeid 0x20
ether 00:16:3e:c0:b7:a4 txqueuelen 1000 (Ethernet)
RX packets 143 bytes 15449 (15.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 60 bytes 5273 (5.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163 mtu 1500
inet 10.0.0.6 netmask 255.255.255.255 broadcast 0.0.0.0
inet6 a::6 prefixlen 128 scopeid 0x0
inet6 fe80::200:ff:feaa:5 prefixlen 64 scopeid 0x20
ether 00:00:00:aa:00:05 txqueuelen 1000 (Ethernet)
RX packets 8182 bytes 904248 (883.0 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2735 bytes 301738 (294.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
----------------------
[root@n6 n6.conf]# route add default gw 172.16.0.254
[root@n6 n6.conf]# route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 172.16.0.254 0.0.0.0 UG 0 0 0 ctrl0
10.0.0.1 10.0.0.5 255.255.255.255 UGH 4 0 0 eth0
10.0.0.2 10.0.0.5 255.255.255.255 UGH 4 0 0 eth0
10.0.0.3 10.0.0.5 255.255.255.255 UGH 3 0 0 eth0
10.0.0.4 10.0.0.5 255.255.255.255 UGH 3 0 0 eth0
10.0.0.5 0.0.0.0 255.255.255.255 UH 1 0 0 eth0
10.0.0.7 0.0.0.0 255.255.255.255 UH 1 0 0 eth0
10.0.0.8 10.0.0.5 255.255.255.255 UGH 4 0 0 eth0
10.0.0.9 0.0.0.0 255.255.255.255 UH 1 0 0 eth0
10.0.0.10 10.0.0.5 255.255.255.255 UGH 2 0 0 eth0
10.0.0.11 10.0.0.5 255.255.255.255 UGH 5 0 0 eth0
172.16.0.0 0.0.0.0 255.255.255.0 U 0 0 0 ctrl0
[root@n6 n6.conf]# cat /etc/resolv.conf
# Generated by NetworkManager
nameserver 10.3.9.4
nameserver 10.3.9.5
nameserver 10.3.9.6
[root@n6 n6.conf]# ping www.bupt.edu.cn
PING www.bupt.edu.cn (10.3.9.254) 56(84) bytes of data.
64 bytes from 10.3.9.254: icmp_seq=1 ttl=58 time=0.751 ms
64 bytes from 10.3.9.254: icmp_seq=2 ttl=58 time=0.727 ms
64 bytes from 10.3.9.254: icmp_seq=3 ttl=58 time=0.936 ms
^C
--- www.bupt.edu.cn ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 0.727/0.804/0.936/0.098 ms
[root@n6 n6.conf]#
---------------------------------------------------------------------------
至此,CORE虚拟节点访问互联网 成功
0
上一篇:Open VSwitch—离开VMware的SDN之父Martin Casado是神马大神
下一篇:Docker—PaaS—微服务
相关热门文章
- cl社区最新地址
- vm虚拟机怎么访问本地硬盘...
- 使用libvirt管理kvm虚拟机...
- Linux下kvm和xen的区别
- vSphere 初体验一ESXi5的安装...
- linux dhcp peizhi roc
- 关于Unix文件的软链接
- 求教这个命令什么意思,我是新...
- sed -e "/grep/d" 是什么意思...
- 谁能够帮我解决LINUX 2.6 10...
给主人留下些什么吧!~~
评论热议
0 0
- (OK) CORE nodes access Internet—虚拟节点访问互联网—commands
- (OK) CORE nodes access Internet—虚拟节点访问互联网—commands
- (OK) use—install—IMUNES—commands
- (OK) running CORE & docker on Fedora 23 server - all commands
- (OK)(OK) Android CLI commands
- (OK) cBPM-CentOS—wrapped by fastcgi—files—executing commands
- (OK) cBPM-CentOS—wrapped by fastcgi—files—executing commands
- (OK) Fedora23——Docker——CORE—testing
- (OK) Fedora23——Docker——CORE—testing
- (OK) running CORE—Common Open Research Emulator—docker
- (OK) running CORE—Common Open Research Emulator—docker
- (OK) Fedora 23——CORE——docker——(5)——> install-core
- 互联网数据中心——IDC(Internet Data Center)
- Access Internet
- 互联网(internet)
- IMAP(Internet Message Access Protocol, 交互邮件访问协议)简介
- SOLR Admin Core Commands
- internet中网络终端如何访问tinyos节点
- Driver端如何正确取消Spark中的job
- Open VSwitch—离开VMware的SDN之父Martin Casado是神马大神
- pyspider创建淘女郎图片爬虫任务--出师不利
- Android5.x Notification应用解析
- 记录一次阿里云服务器ubuntu14.04 lts升级
- (OK) CORE nodes access Internet—虚拟节点访问互联网—commands
- viewpage setOnPageChangeListener 监听的详解
- 1055. 集体照
- Docker—PaaS—微服务
- 共享设置的凭据问题
- Docker容器和镜像存储机制—images—目录树结构
- Fedora 23 上安装搜狗输入法——sogoupinyin
- CSDN——CTO讲堂
- 【poj 2479】Maximum sum 题意&题解&代码(C++)
原创粉丝点击
热门IT博客
热门问题
老师的惩罚
人脸识别
我在镇武司摸鱼那些年
重生之率土为王
我在大康的咸鱼生活
盘龙之生命进化
天生仙种
凡人之先天五行
春回大明朝
姑娘不必设防,我是瞎子
锦鳞游泳
锡纸锦鳞作品
锦鳞游泳上一句
快穿女配不认怂锡纸锦鳞
锦鸿公寓
锦鸿花园
锦鸿
锦鹏
锦鹏物流
锦鹏物流单号查询
锦龙
600362股票
000712
锦龙股份股吧
000712锦龙股份行情
000712锦龙股份
锦龙股份股票
锦龙股份
000712股票
000712股吧
000712锦龙股份股吧
普邦股份股
锭子
锭子加油机
金锭子怎么叠图解
农家小福女凡间小妖32银锭子
win键
顿号在键盘上怎么打
home键
回车键
共价键
shift键
delete键
enter是什么键
delete键在哪
键kagi
键 kagi
鍵
88键电子琴
罗技无线键鼠套装mk270
鼠标右键教程