How to configure dual network card under linux while using intranet and extranet?

Routing configuration commands under Linux

1. Add host routes

route add -host 192.168.1.11 dev eth0
route add -host 192.168.1.12 gw 192.168.1.1

2. Add network routing

route add -net 192.168.1.11 netmask 255.255.255.0 eth0
route add -net 192.168.1.11 netmask 255.255.255.0 gw 192.168.1.1
route add -net 192.168.1.0/24 eth0
route add -net 192.168.1.0/24 gw 192.168.1.1

3. Add a default gateway

route add default gw 192.168.1.1

4. Delete the route

route del -host 192.168.1.11 dev eth0

5. Delete the default route

route del default gw 192.168.1.1

Several ways to configure permanent routes under Linux

1. /etc/rc.localAdd routing information to it

route add -net 192.168.1.0/24 dev eth0
# or
route add -net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1

2. /etc/sysconfig/network Append

GATEWAY=[gateway IP or network card name]

3. /etc/sysconfig/static-routes

any net 192.168.1.0/24 gw 192.168.1.1
# or
any net 192.168.1.0 netmask 255.255.255.0 gw 192.168.1.1

4. Enable IP forwarding

Temporary opening

echo "1" > /proc/sys/net/ipv4/ip_forward

2. Permanently open

vim /etc/sysctl.conf

modifynet.ipv4.ip_forward=1

Lab: Configuring dual network cards to use both intranet and extranet

The background of this experiment is a problem that the author encountered in practice. This experiment tries to restore the network environment at that time.

Use VMware Workstation and eNSP to simulate the experimental environment.

Problem background

As shown in the topology below, if the clientnode is removed , the internal network and the external network are isolated networks.

However, the actual situation is that the clientnode needs to access the external network resources and access the internal network resources, and clientonly one default route can be configured. If the default route is configured on the external network card, clientyou can access 172.16.2.0/24the resources of the network and the resources of the external network, but the rest of the internal network resources cannot be accessed. If the default route is configured on the internal network card, clientalthough the internal network resources can be completely accessed, Access external network resources.
How to solve it?

lab environment

1. VMware Workstation Pro
2. 4 minimally installed CentOS 7.3 virtual machines
3. Huawei eNSP simulator

Experimental topology

Remove the clientnode, the internal network and the external network are isolated networks.
The external network is 10.0.0.0/16the access network representing the operator; the
internal network is the 172.16.0.0/16representative of the internal network (this part is for security and does not allow direct access to the Internet).
Where :

• clientDouble the host card, two cards are network 10.0.0.0/16, 172.16.2.0/24;
• server2172.16.2.0/24a server for the network segment;
• server3172.16.3.0/24a server for the network segment;
• server4172.16.4.0/24The server for the network segment.

network layout

IP allocation

Node name	IP address	Subnet mask	Remarks
Client	10.0.0.101	255.255.0.0	Client’s external network card
	172.16.2.101	255.255.255.0	Client’s internal network card
Server2	172.16.2.11	255.255.255.0	A server on the network segment 172.16.2.0/24
Server3	172.16.3.11	255.255.255.0	A server on the network segment 172.16.3.0/24
Server4	172.16.4.11	255.255.255.0	A server on the network segment 172.16.4.0/24
Intranet router	172.16.2.254	255.255.255.0	172.16.2.0/24 gateway
	172.16.3.254	255.255.255.0	172.16.3.0/24 gateway
	172.16.4.254	255.255.255.0	172.16.4.0/24 gateway

Virtual machine network card type

Network name	VMware NIC type	Network range
Operator network	bridging	10.0.0.0/16
VMnet2	Host only	172.16.2.0/24
VMnet3	Host only	172.16.3.0/24
VMnet4	Host only	172.16.4.0/24

How to implement the intranet router? 
VMnet2, VMnet3, and VMnet4 are all host-only modes. Under normal circumstances, only computers in their networks can communicate with each other. How can we achieve communication between three networks?
The answer is to use Cloud in the Huawei eNSP simulator . Use the Cloud device to connect the routers in the eNSP to the NICs of the VMware virtual machine.

Configuring the intranet environment

Configure the eNSP router

interface	IP address	Subnet mask
G0/0/0	172.16.2.254	255.255.255.0
G0/0/1	172.16.3.254	255.255.255.0
G0/0/2	172.16.4.254	255.255.255.0

<huawei>system-view
[huawei]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 172.16.2.254 255.255.255.0
[Huawei-GigabitEthernet0/0/0]quit
[huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 172.16.3.254 255.255.255.0
[Huawei-GigabitEthernet0/0/1]quit
[huawei]int g0/0/2
[Huawei-GigabitEthernet0/0/2]ip address 172.16.4.254 255.255.255.0
[Huawei-GigabitEthernet0/0/2]quit
[huawei]

Modify the virtual machine’s IP address

Client

Network card name	IP address	Subnet mask	Default gateway	Remarks
Ens33	10.0.0.101	255.255.0.0	10.0.0.1	External network card
Ens37	172.16.2.101	255.255.255.0		Intranet card

Server2

Network card name	IP address	Subnet mask	Default gateway	Remarks
Ens33	172.16.2.11	255.255.255.0	172.16.2.254

Server3

Network card name	IP address	Subnet mask	Default gateway	Remarks
Ens33	172.16.3.11	255.255.255.0	172.16.3.254

Server4

Network card name	IP address	Subnet mask	Default gateway	Remarks
Ens33	172.16.4.11	255.255.255.0	172.16.4.254

Build an HTTP service on the server

For server2example:
Create a simple HTTP service using Python

cd ~
echo "server2" > index.html
python -m SimpleHTTPServer 8080

Control experiment

In the clientoff-net access on

ping www.google.com -c 4

In clientthe visitserver2

ping 172.16.2.11 -c 4

In clientthe visitserver3

ping 172.16.3.11 -c 4

In clientthe visitserver4

ping 172.16.4.11 -c 4

In the comparison test, it can be seen that in clientthe case where the default gateway is configured in the external network NIC, the dual NIC clientcan normally access the part of the external network and the internal network 172.16.2.0/24, and the 172.16.3.0/24sum 172.16.4.0/24cannot be accessed.

Why clientcan I access the 172.16.2.0/24network but not 172.16.0.0/16the rest of the network? 
Because it clientis located 172.16.2.0/24in the network and communicates within the network, the data packets are not sent to other networks. Of course, the default gateway will not work.
When communicating clientwith 172.16.0.0/16the rest of the network, clientthe routing table does not record the path to the destination address, so it clientcan only be silly to send the packet to the default gateway, from which the packet and the real destination address are “southern.” Of course, the result of ping is that the network is unreachable.

Routing configuration

In clientview the routing table on

route

In clientadd routes on

route add -net 172.16.0.0/16 gw 172.16.2.254

Permanent configuration, /etc/rc.localadd routing information

route add -net 172.16.0.0/16 gw 172.16.2.254

View routing table

route

Experimental result

Detect connectivity

ping www.goole.com -c 4

 

ping 172.16.2.11 -c 4

ping 172.16.3.11 -c 4

ping 172.16.4.11 -c 4

Access internal and external network resources

curl http://www.google.com/

curl http://172.16.2.11:8080/index.html

curl http://172.16.3.11:8080/index.html

curl http://172.16.4.11:8080/index.html

The solution is simple, just one command. 
But the principles, concepts, and theories behind this order require us to delve into it!

 

Reference:https://www.cnblogs.com/connect/p/linux-static-route.html