ip route, ip rule

bitbot

已于 2022-06-28 15:16:47 修改

阅读量144

点赞数

分类专栏： Linux 文章标签： tcp/ip 网络网络协议

于 2022-06-27 09:10:26 首次发布

本文链接：https://blog.csdn.net/azenlijing/article/details/125470445

版权

Linux 专栏收录该内容

28 篇文章 0 订阅

订阅专栏

Beyond the two commonly used routing tables (the local and main routing tables), the kernel supports up to 252 additional routing tables.

The multiple routing table system provides a flexible infrastructure on top of which to implement policy routing. By allowing multiple traditional routing tables (keyed primarily to destination address) to be combined with the routing policy database (RPDB) (keyed primarily to source address), the kernel supports a well-known and well-understood interface while simultaneously expanding and extending its routing capabilities.

# vi /etc/iproute2/rt_tables
# add a new routing table and alias

[root@masq-gw]# ip route show table main
192.168.100.0/30 dev eth3  scope link
67.17.28.0/28 dev eth4  scope link
205.254.211.0/24 dev eth1  scope link
192.168.100.0/24 dev eth0  scope link
192.168.99.0/24 dev eth0  scope link
192.168.98.0/24 via 192.168.99.1 dev eth0
10.38.0.0/16 via 192.168.100.1 dev eth3
127.0.0.0/8 dev lo  scope link 
default via 205.254.211.254 dev eth1
[root@masq-gw]# ip route flush table 4
[root@masq-gw]# ip route show table main | grep -Ev ^default \
>   | while read ROUTE ; do
>     ip route add table 4 $ROUTE
> done
[root@masq-gw]# ip route add table 4 default via 67.17.28.14
[root@masq-gw]# ip route show table 4
192.168.100.0/30 dev eth3  scope link
67.17.28.0/28 dev eth4  scope link
205.254.211.0/24 dev eth1  scope link
192.168.100.0/24 dev eth0  scope link
192.168.99.0/24 dev eth0  scope link
192.168.98.0/24 via 192.168.99.1 dev eth0
10.38.0.0/16 via 192.168.100.1 dev eth3
127.0.0.0/8 dev lo  scope link 
default via 67.17.28.14 dev eth4

[root@masq-gw]# iptables -t mangle -A PREROUTING -p tcp --dport 80 -s 192.168.99.0/24 -j MARK --set-mark 4
[root@masq-gw]# iptables -t mangle -A PREROUTING -p tcp --dport 443 -s 192.168.99.0/24 -j MARK --set-mark 4
[root@masq-gw]# iptables -t mangle -nvL
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source                destination         
    0     0 MARK       tcp  --  *      *       192.168.99.0/24       0.0.0.0/0          tcp dpt:80 MARK set 0x4 
    0     0 MARK       tcp  --  *      *       192.168.99.0/24       0.0.0.0/0          tcp dpt:443 MARK set 0x4 

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
  pkts bytes target     prot opt in     out     source               destination
[root@masq-gw]# iptables -t nat -A POSTROUTING -o eth4 -j SNAT --to-source 67.17.28.12
[root@masq-gw]# iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source 205.254.211.179


[root@masq-gw]# ip rule add fwmark 4 table 4
[root@masq-gw]# ip rule show
0:      from all lookup local 
32765:  from all fwmark        4 lookup 4 
32766:  from all lookup main 
32767:  from all lookup 253
[root@masq-gw]# ip route flush cache

Routing Selection Algorithm in Pseudo-code

if packet.routeCacheLookupKey in routeCache :
    route = routeCache[ packet.routeCacheLookupKey ]
else
    for rule in rpdb :
        if packet.rpdbLookupKey in rule :
            routeTable = rule[ lookupTable ]
            if packet.routeLookupKey in routeTable :
                route = route_table[ packet.routeLookup_key ]