1.拓扑图： 

备注：因为应用原因，需要在linux2上添加一个公网地址，并且在中间路由设备不受控制的情况下，Linux1能访问到linux2上面的公网地址。

2.基本接口配置：

linux1:192.168.10.1/24

linux2:192.168.20.2/24

R1:

interface FastEthernet0/0

ip address 192.168.10.10 255.255.255.0

no shutdown

!

interface FastEthernet0/1

ip address 192.168.20.10 255.255.255.0

no shutdown

3.路由配置：

linux1网关:192.168.10.10

linux2网关:192.168.20.10

R1：只有直连路由

4.Linux2单网卡多地址配置：

[root@Linux1 ~]# cp /etc/sysconfig/network-scripts/ifcfg-eth0 /etc/sysconfig/network-scripts/ifcfg-eth0:0

[root@Linux1 ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0:0

# Advanced Micro Devices [AMD] 79c970 [PCnet32 LANCE]

DEVICE=eth0:0

BOOTPROTO=none

ONBOOT=yes

HWADDR=00:0c:29:08:48:63

NETMASK=255.255.255.252

IPADDR=202.100.2.2

TYPE=Ethernet

USERCTL=no

IPV6INIT=no

PEERDNS=yes

[root@Linux1 ~]# service network restart

[root@Linux1 ~]# ping 202.100.2.2

PING 202.100.2.2 (202.100.2.2) 56(84) bytes of data.

64 bytes from 202.100.2.2: icmp_seq=1 ttl=64 time=0.124 ms

--- 202.100.2.2 ping statistics ---

1 packets transmitted, 1 received, 0% packet loss, time 0ms

rtt min/avg/max/mdev = 0.124/0.124/0.124/0.000 ms

[root@ams ~]# ping 192.168.10.10

PING 192.168.10.10 (192.168.10.10) 56(84) bytes of data.

64 bytes from 192.168.10.10: icmp_seq=1 ttl=255 time=70.6 ms

--- 192.168.10.10 ping statistics ---

1 packets transmitted, 1 received, 0% packet loss, time 0ms

rtt min/avg/max/mdev = 70.629/70.629/70.629/0.000 ms

5.GRE tunnel配置：

A.确定是否加载了GRE模块

[root@Linux1 ~]# lsmod |grep ip_gre

[root@Linux2 ~]# lsmod |grep ip_gre

B.加载GRE模块

[root@linux1 ~]# uname -an

Linux linux1 2.6.9-78.EL#1 Wed Jul 9 15:27:01 EDT 2008 i686 i686 i386 GNU/Linux

[root@linux1 ~]# insmod /lib/modules/2.6.9-78.EL/kernel/net/ipv4/ip_gre.ko

[root@linux2 ~]# uname -an

Linux linux2 2.6.18-164.el5 #1 SMP Thu Sep 3 03:33:56 EDT 2009 i686 i686 i386 GNU/Linux

[root@linux2 ~]# insmod /lib/modules/2.6.18-164.el5/kernel/net/ipv4/ip_gre.ko

C.GRE tunnel接口配置

Linux1:

ip tunnel add tunnel0 mode gre remote 192.168.20.2 local 192.168.10.1 ttl 255

ip link set tunnel0 up mtu 1400

ip addr add 172.16.1.1/30  dev tunnel0

ip addr add 172.16.1.1/30 peer 172.16.1.2/30 dev tunnel0

ip route add 202.100.2.2/32 dev tunnel0

Linux2:

ip tunnel add tunnel0 mode gre remote 192.168.10.1 local 192.168.20.2 ttl 255

ip link set tunnel0 up mtu 1400

ip addr add 172.16.1.2/30  dev tunnel0

ip addr add 172.16.1.2/30 peer 172.16.1.1/30 dev tunnel0

D.将tunnel配置开机运行：

linux1:

vi /etc/init.d/gre.sh   ##内容如下：

insmod /lib/modules/2.6.9-78.EL/kernel/net/ipv4/ip_gre.ko

ip tunnel add tunnel0 mode gre remote 192.168.20.2 local 192.168.10.1 ttl 255

ip link set tunnel0 up mtu 1400

ip addr add 172.16.1.1/30  dev tunnel0

ip addr del 172.16.1.1/30 peer 172.16.1.2/30 dev tunnel0

ip addr add 172.16.1.1/30 peer 172.16.1.2/30 dev tunnel0

ip route add 202.100.2.2/32 dev tunnel0

chmod +x /etc/init.d/gre.sh

echo "/etc/init.d/gre.sh" >> /etc/rc.d/rc.local

linux2:

vi /etc/init.d/gre.sh ##内容如下：

insmod /lib/modules/2.6.18-164.el5/kernel/net/ipv4/ip_gre.ko

ip tunnel add tunnel0 mode gre remote 192.168.10.1 local 192.168.20.2 ttl 255

ip link set tunnel0 up mtu 1400

ip addr add 172.16.1.2/30  dev tunnel0

ip addr del 172.16.1.2/30 peer 172.16.1.1/30 dev tunnel0

ip addr add 172.16.1.2/30 peer 172.16.1.1/30 dev tunnel0

chmod +x /etc/init.d/gre.sh

echo "/etc/init.d/gre.sh" >> /etc/rc.d/rc.local

D.验证GRE接口

[root@Linux1 ~]#ip addr show

1: lo: mtu 16436 qdisc noqueue

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 brd 127.255.255.255 scope host lo

inet6 ::1/128 scope host

valid_lft forever preferred_lft forever

2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000

link/ether 00:0c:29:e4:65:78 brd ff:ff:ff:ff:ff:ff

inet 192.168.10.1/24 brd 192.168.10.255 scope global eth0

inet6 fe80::20c:29ff:fee4:6578/64 scope link

valid_lft forever preferred_lft forever

3: sit0: mtu 1480 qdisc noop

link/sit 0.0.0.0 brd 0.0.0.0

4: gre0: mtu 1476 qdisc noop

link/gre 0.0.0.0 brd 0.0.0.0

5: tunnel0@NONE: mtu 1400 qdisc noqueue

link/gre 192.168.10.1 peer 192.168.20.2

inet 172.16.1.1 peer 172.16.1.2/30 scope global tunnel0

[root@Linux2 ~]#ip addr show

1: lo: mtu 16436 qdisc noqueue

link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

inet 127.0.0.1/8 scope host lo

inet6 ::1/128 scope host

valid_lft forever preferred_lft forever

2: eth0: mtu 1500 qdisc pfifo_fast qlen 1000

link/ether 00:0c:29:08:48:63 brd ff:ff:ff:ff:ff:ff

inet 192.168.20.2/24 brd 192.168.20.255 scope global eth0

inet 202.100.2.2/30 brd 202.100.2.3 scope global eth0:0

inet6 fe80::20c:29ff:fe08:4863/64 scope link

valid_lft forever preferred_lft forever

3: sit0: mtu 1480 qdisc noop

link/sit 0.0.0.0 brd 0.0.0.0

4: gre0: mtu 1476 qdisc noop

link/gre 0.0.0.0 brd 0.0.0.0

5: tunnel0@NONE: mtu 1400 qdisc noqueue

link/gre 192.168.20.2 peer 192.168.10.1

inet 172.16.1.2 peer 172.16.1.1/30 scope global tunnel0

5.效果测试：

[root@linux1 ~]#  ping 202.100.2.2

PING 202.100.2.2 (202.100.2.2) 56(84) bytes of data.

64 bytes from 202.100.2.2: icmp_seq=0 ttl=64 time=82.4 ms

64 bytes from 202.100.2.2: icmp_seq=1 ttl=64 time=48.7 ms

--- 202.100.2.2 ping statistics ---

2 packets transmitted, 2 received, 0% packet loss, time 1002ms

rtt min/avg/max/mdev = 48.784/65.633/82.482/16.849 ms, pipe 2