开始之前先说明一下,EIP直通跟NAT网关冲突,需要配路由
First, please read the official document 首先请阅读EIP直通官方文档https://cloud.tencent.com/document/product/213/12540
新建辅助网卡的时候确保跟主网卡在同一个子网(不同子网的我没试)
1.If public ip is not eip, first convert it to eip
如果公网IP不是EIP,先转成EIP
2.Login CVM via VNC in management panel, then config ip on eth0 in static mode: wanip/mask/gateway/default vpc dns address,please don't config eth0's or eth1's private ip on eth0, alse please don't config eth0's private ip on eth1, and must ensure eth1's private ip on eth1;
通过CVM控制台的VNC登录到CVM
给主网卡配置静态外网IP、子网掩码(255.255.255.255)、网关(当前vpc的网关ip,一般是该网段第一个内网ip)以及默认的VPC DNS地址
请不要给主网卡配内网IP(不论是主网卡的内网IP还是辅助网卡的内网IP都不要配)
也请不要把主网卡的内网IP配给辅助网卡,必须确保辅助网卡上是辅助网卡的内网IP
3.Change route
修改路由
①cmd "route print" to get Eth0 and Eth1's ID number
首先,执行cmd命令route print得到主网卡和辅助网卡的ID
e.g., after executing as follow
②modify route
然后,调整路由
route delete 10.0.0.0/8
route -p add 10.0.0.0/8 $gwip IF $Eth1'sID
让内网网段10.0.0.0/8的流量走辅助网卡上辅助网卡的内网IP(非主网卡的内网IP)
route delete 100.64.0.0/10
route -p add 100.64.0.0/10 $gwip IF $Eth1'sID
让内网网段100.64.0.0/10的流量走辅助网卡上辅助网卡的内网IP(非主网卡的内网IP)
route delete 172.16.0.0/12
route -p add 172.16.0.0/12 $gwip IF $Eth1'sID
让内网网段172.16.0.0/12的流量走辅助网卡上辅助网卡的内网IP(非主网卡的内网IP)
route delete 192.168.0.0/16
route -p add 192.168.0.0/16 $gwip IF $Eth1'sID
让内网网段192.168.0.0/16的流量走辅助网卡上辅助网卡的内网IP(非主网卡的内网IP)
route delete 169.254.0.0
route -p add 169.254.0.0/16 $gwip IF $Eth1'sID
让内网网段169.254.0.0/16的流量走辅助网卡上辅助网卡的内网IP(非主网卡的内网IP)
route delete 183.60.83.19
route delete 183.60.82.98
route -p add 183.60.83.19 $gwip IF $Eth1'sID
route -p add 183.60.82.98 $gwip IF $Eth1'sID
让内网解析的流量走辅助网卡上辅助网卡的内网IP(非主网卡的内网IP)
route delete 255.255.255.255
route -p add 255.255.255.255 $gwip IF $Eth1'sID
让内网广播流量走辅助网卡上辅助网卡的内网IP(非主网卡的内网IP)
route delete 0.0.0.0/0
route -p add 0.0.0.0/0 $gwip IF $Eth0'sID
其他流量走主网卡上的外网IP
代码语言:javascript复制最后,把"%conname_eth0%"替换为主网卡名称用双引号引起来,然后把这2句存为.bat文件执行
for /f "tokens=2 delims=_" %%i in ('"getmac|findstr /i tcp"') do REG ADD "HKLMSYSTEMCurrentControlSetServicesTcpipParametersInterfaces%%i" /v DefaultGatewayMetric /t REG_MULTI_SZ /d "1�" /f
netsh interface ip set interface interface="%conname_eth0%" metric=1 2>nul 1>nul
4.Access https://console.cloud.tencent.com/cvm/eip click "direct connection"
访问EIP控制台对相应的EIP点"直通"
5.Test and verify result
验证直通效果是否符合预期
怎么把EIP直通还原到非直通状态?
①从控制台取消EIP直通后,把2个网卡在vnc里都手动设置dhcp获取网络
②执行route print查看主网卡interface号
route print|findstr /i "Tencent VirtIO Ethernet"
下面cmd代码里的%gwip%、%idx1%就是vpc网关IP和主网卡interface号,批量替换后在cmd命令行执行即可
http://windows-1251783334.cos.ap-shanghai.myzijiebao.com/resume.txt
代码语言:javascript复制route delete 10.0.0.0/8 2>nul 1>nul
route -p add 10.0.0.0/8 %gwip% IF %idx1% 2>nul 1>nul
route delete 100.64.0.0/10 2>nul 1>nul
route -p add 100.64.0.0/10 %gwip% IF %idx1% 2>nul 1>nul
route delete 172.16.0.0/12 2>nul 1>nul
route -p add 172.16.0.0/12 %gwip% IF %idx1% 2>nul 1>nul
route delete 192.168.0.0 2>nul 1>nul
route -p add 192.168.0.0/16 %gwip% IF %idx1% 2>nul 1>nul
route delete 169.254.0.0 2>nul 1>nul
route -p add 169.254.0.0/16 %gwip% IF %idx1% 2>nul 1>nul
route delete 183.60.83.19 2>nul 1>nul
route delete 183.60.82.98 2>nul 1>nul
route -p add 183.60.83.19 %gwip% IF %idx1% 2>nul 1>nul
route -p add 183.60.82.98 %gwip% IF %idx1% 2>nul 1>nul
route delete 255.255.255.255 2>nul 1>nul
route -p add 255.255.255.255 %gwip% IF %idx1% 2>nul 1>nul
route delete 0.0.0.0/0 2>nul 1>nul
route -p add 0.0.0.0/0 %gwip% IF %idx1% 2>nul 1>nul
