Recently, an Esxi server needs to be hosted, only one public network ip, but all virtual machines need to access the public network. I haven't found a NAT network model similar to Vmware workstation in Esxi, so I want to use a virtual machine as a NAT server. My virtual machine system has Win2008 and entOS7. Considering the stability, I chose to implement it on Linux. Following is my simulation experiment with Vmware WorkStation on my notebook:
- First, introduce the experimental environment.
- Physical Machine: Windows 10 + Vmware WorkStation 12
- Virtual Machine 1:windows 7, Virtual Single Network Card NAT
- Virtual Machine 2: CentOS7 Minimizing Installation, Dual Virtual Network Card NAT
Since the network cards of both virtual machines are configured in NAT mode, it can be assumed that they can access each other under the same switch. - Start configuring CentOS 7
1. Preparations (Updating System, Installing Network Tools)
yum -y update
yum -y install net-tools.x86_64
2. Configuring IP Address
[root@test ~]# ifconfig
eno16777736: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.32.130 netmask 255.255.255.0 broadcast 192.168.32.255
inet6 fe80::20c:29ff:fe4c:4213 prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:4c:42:13 txqueuelen 1000 (Ethernet)
RX packets 6525 bytes 2334108 (2.2 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4816 bytes 2671369 (2.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eno33554984: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.10.1 netmask 255.255.255.0 broadcast 192.168.10.255
inet6 fe80::20c:29ff:fe4c:421d prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:4c:42:1d txqueuelen 1000 (Ethernet)
RX packets 5656 bytes 1625792 (1.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 3596 bytes 3461007 (3.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
My two network cards are eno16777736 and eno33554984, respectively. I intend to use eno16777736 as an external network access, so IP will remain the default DHCP automatic allocation, and the IP allocated here is 192.168.32.130. Eno33554984 as an intranet access, the IP settings are static 192.168.10.1, the specific methods of IP settings are no longer described.
3. Enabling IP Forwarding
Modify the / etc/sysctl.conf file and add the following lines
net.ipv4.ip_forward = 1
Use the sysctl-p command to take effect
4. Modify the interface area
By default, the zone s of the two network cards are public. Now you need to set eno16777736 to external and eno33554984 to internal.
firewall-cmd --zone=external --change-interface=eno16777736 --permanent
firewall-cmd --zone=internal --change-interface=eno33554984 --permanent
Permanent means permanent.
5. Setting IP Address Camouflage
firewall-cmd --zone=external --add-masquerade --permanent
6. Setting NAT Rules
firewall-cmd --permanent --direct --passthrough ipv4 -t nat -I POSTROUTING -o eno16777736 -j MASQUERADE -s 192.168.10.0/24
7. Effective Establishment
firewall-cmd --reload
8. Verification
Configure ip 192.168.10.10 and gateway 192.168.10.1 in win7 virtual machine, as shown in Figure
ping Baidu Test Network Connectivity
At this point, the NAT server configuration is complete.
- Start configuring port mapping
Because I need to access the win virtual machine from the outside network to the inside network, so I need port mapping. Take remote desktop access as an example, the remote desktop port of windows is tcp 3389, so I just need to map the port of the outside network to the inside network 3389. The commands are as follows:
firewall-cmd --zone=external --add-forward-port=port=3389:proto=tcp:toport=3389:toaddr=192.168.10.10 --permanent
firewall-cmd --reload
Looking at the settings, I have set up two ports here.
[root@test ~]# firewall-cmd --zone=external --list-forward-ports
port=3389:proto=tcp:toport=3389:toaddr=192.168.10.10
port=5000:proto=udp:toport=5000:toaddr=192.168.10.10
Verify port mapping:
Using the mstsc tool on the physical machine to connect the external IP of CentOS, 192.168.32.130 was mentioned at the beginning.
All right, the experiment is over. Because all my virtual machines are static ip, there is no DHCP service installed.
Reference connection:
http://blog.redbranch.net/2015/07/30/centos-7-as-nat-gateway-for-private-network/
https://havee.me/linux/2015-01/using-firewalls-on-centos-7.html
http://xylbk.blog.51cto.com/10543671/1757535