LVS-NAT模式【案例实验】

1.所需环境

LVS调度器作为Web服务器池的网关，LVS两块网卡，分别连接内外网，使用轮询(rr)调度算法

LVS负载均衡调节器： ens33:192.168.36.10 (Vment 8 NAT模式)

​ ens35:12.0.0.1（Vmnet 2 仅主机模式）

Web1 节点服务器：192.168.36.20 网关：192.168.36.2

Web2 节点服务器：192.168.36.30 网关：192.168.36.2

NFS服务器：192.168.36.40

客户端 win10：12.0.0.12 网关：12.0.0.1 （Vmnet 2 仅主机模式）

#所有机器都关闭防火墙和核心防护
[[email protected] ~]# systemctl stop firewalld
[[email protected] ~]# systemctl disable firewalld
[[email protected] ~]# setenforce 0

2.部署LVS负载均衡器

2.1添加网络适配器，自定义VMnet2

2.2编辑ens35

[[email protected] ~]# cd /etc/sysconfig/network-scripts/
[[email protected] network-scripts]# cp ifcfg-ens33 ifcfg-ens35
[[email protected] network-scripts]# vim ifcfg-ens35

2.3重启网卡并查看

3.部署共享存储

3.1安装共享环境

两台节点服务器和NFS服务器都要安装

[[email protected] ~]# yum install -y nfs-utils rpcbind

[[email protected] ~]# yum install -y nfs-utils rpcbind

[[email protected] ~]# yum install -y nfs-utils rpcbind

3.2开启并开机自启动共享服务

[[email protected] ~]# systemctl start rpcbind
[[email protected] ~]# systemctl enable rpcbind
[[email protected] ~]# systemctl start nfs
[[email protected] ~]# systemctl enable nfs

[[email protected] ~]# systemctl start rpcbind
[[email protected] ~]# systemctl enable rpcbind
[[email protected] ~]# systemctl start nfs
[[email protected] ~]# systemctl enable nfs

[[email protected] ~]# systemctl start rpcbind
[[email protected] ~]# systemctl enable rpcbind
[[email protected] ~]# systemctl start nfs
[[email protected] ~]# systemctl enable nfs

3.3创建共享目录

#添加给予共享的目录和网段地址，和权限
[[email protected] ~]# mkdir /opt/lwb /opt/hj
[[email protected] ~]# chmod 777 /opt/lwb /opt/hj

[[email protected] ~]# vim /etc/exports
opt/lwb 192.168.36.0/24(rw,sync)
opt/hj 192.168.36.0/24(rw,sync)

#发布共享
[[email protected] ~]# exportfs -rv
exporting 192.168.36.0/24:/opt/hj
exporting 192.168.36.0/24:/opt/lwb

#查看共享列表是否发布
[[email protected] ~]# showmount -e
Export list for nfs:
/opt/hj  192.168.36.0/24
/opt/lwb 192.168.36.0/24

3.4挂载共享目录

#测试是否能共享
[[email protected] ~]# showmount -e 192.168.36.40
Export list for 192.168.36.40:
/opt/hj  192.168.36.0/24
/opt/lwb 192.168.36.0/24

[[email protected] ~]# showmount -e 192.168.36.40
Export list for 192.168.36.40:
/opt/hj  192.168.36.0/24
/opt/lwb 192.168.36.0/24

#安装httpd
[[email protected] ~]# yum install -y httpd

[[email protected] ~]# yum install -y httpd

#挂载共享目录
[[email protected] ~]# mount.nfs 192.168.36.40:/opt/lwb /var/www/html

#查看挂载
[[email protected] ~]# df -h
192.168.36.40:/opt/lwb    37G  5.0G   33G   14% /var/www/html

#设置个页面在共享目录下，稍后测试是否共享
[[email protected] ~]# echo 'this is lwb' > /var/www/html/index.html

#挂载共享目录
[[email protected] ~]# mount.nfs 192.168.36.40:/opt/hj /var/www/html


#在server2上对/opt/hj进行同样操作
[[email protected] ~]# mount.nfs 192.168.36.40:/opt/hj /var/www/html
[[email protected] ~]# df -h
192.168.36.40:/opt/hj     37G  5.0G   33G   14% /var/www/html
[[email protected] ~]# echo 'this is hj' > /var/www/html/index.html

#NFS服务器查看
[[email protected] ~]# cat /opt/lwb/index.html
this is lwb
[[email protected] ~]# cat /opt/hj/index.html
this is hj

3.5启动服务，浏览器访问测试

[[email protected] ~]# systemctl start httpd

[[email protected] ~]# systemctl start httpd

3.6配置更改web1 web2 的网关

将网关改成负载均衡器的IP地址：192.168.36.10

[[email protected] ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
[[email protected] ~]# systemctl restart network

[[email protected] ~]# vim /etc/sysconfig/network-scripts/ifcfg-ens33
[[email protected] ~]# systemctl restart network

4.配置SNAT转发规则

4.1进入配置文件添加规则

[[email protected] ~]# vim /etc/sysctl.conf
#添加内容
net.ipv4.ip_forward=1

#查看
[[email protected] ~]# sysctl -p
net.ipv4.ip_forward = 1

4.2安装iptables，并添加规则

[[email protected] ~]# yum install -y iptables*
[[email protected] ~]# systemctl start iptables.service

#清空所有规则
[[email protected] ~]# iptables -F

#添加规则
[[email protected] ~]# iptables -t nat -A POSTROUTING -s 192.168.36.0/24 -o ens35 -j SNAT --to-source 12.0.0.1

#解释
nat表：修改数据包中的源、日标IP地址或湍口
POSTROUTING:在进行路由判断之"后"所要进行的规则(SNAT/MASQUERADE)
PREROUTING:在进行路由判断之"前"所要进行的规则(DNAT/REDIRECT)
-A:  在规则链的末尾加入新规则
-s:  匹配来源地址IP/MASK.
-o：K网卡名称匹配从这块网卡流出的数据
-i：网卡名称匹配从这块网卡流入的数据
-j：控制类型


#查看
[[email protected] ~]# iptables -t nat -vnL

4.3加载LVS内核模块

#手动加载ip_vs模块
[[email protected] ~]# modprobe ip_vs

#查看ip_vs版本信息
[[email protected] ~]# cat /proc/net/ip_vs
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port Forward Weight ActiveConn InActConn

4.4安装ipvsadm管理工具

[[email protected] ~]# yum install -y ipvsadm

#启动服务前必须保存负载分配策略，否则将会报错
[[email protected] ~]# ipvsadm-save > /etc/sysconfig/ipvsadm
或
[[email protected] ~]# ipvsadm --save > /etc/sysconfig/ipvsadm
或
touch /etc/sysconfig/ipvsadm

#启动服务
[[email protected] ~]# systemctl start ipvsadm.service

4.5配置负载分配策略

NAT模式只要在调度器上配置

#清空原有策略
[[email protected] ~]# ipvsadm -C

#添加新策略
[[email protected] ~]# ipvsadm -a -t 12.0.0.1:80 -r 192.168.36.20:80 -m -w 1
[[email protected] ~]# ipvsadm -a -t 12.0.0.1:80 -r 192.168.36.30:80 -m -w 1

#解释
-A 添加虚拟服务器
-S  指定负载调度算法（轮询：rr、加权轮询：wrr、最少连接：1c、加权最少连接：w1c)
-a  表示添加真实服务器（后端节点服务器）
-t  指定VIP地址及TCP端口
-m  表示使用NAT群集模式
-W  设置权重（权重为0时表示暂停节点）


#启动服务
[[email protected] ~]# ipvsadm

#保存负载分配策略，防止重启机器策略丢失
[[email protected] ~]# ipvsadm-save > /etc/sysconfig/ipvsadm

5.浏览器访问测试

虚拟的win10，VM2地址不要和本机的VM2地址冲突，否则会访问不到

浏览器输入12.0.0.1查看

在地址栏重新回车，可以看到内容更改了