用linux配置路由
by:kvew www.smatrix.org/bbs
实验网络拓扑图如下:
首先,看看主机A上的路由表
<br>[root@localhost ~]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.23.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.230.141.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
另外一台路由也连接到该交换机的,其IP为192.168.1.1,所以多了些信息,我们的本地连接情况如下
[root@localhost ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:DF:2C:CE
inet addr:192.168.1.58 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fedf:2cce/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6086 errors:0 dropped:0 overruns:0 frame:0
TX packets:1122 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:469560 (458.5 KiB) TX bytes:289113 (282.3 KiB)
Interrupt:10 Base address:0x1080
eth0:1 Link encap:Ethernet HWaddr 00:0C:29:DF:2C:CE
inet addr:10.230.141.88 Bcast:10.230.141.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:10 Base address:0x1080
eth0:2 Link encap:Ethernet HWaddr 00:0C:29:DF:2C:CE
inet addr:192.168.23.1 Bcast:192.168.23.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:10 Base address:0x1080
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2391 errors:0 dropped:0 overruns:0 frame:0
TX packets:2391 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2103452 (2.0 MiB) TX bytes:2103452 (2.0 MiB)
添加路由规则
[root@localhost ~]# route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.230.141.254
然后我们用traceroute来看看发送到10.230.215.51的数据包所经过的路径
[root@localhost ~]# traceroute 10.230.215.51
traceroute to 10.230.215.51 (10.230.215.51), 30 hops max, 38 byte packets
1 10.230.141.254 (10.230.141.254) 0.795 ms 0.680 ms 0.701 ms
2 10.230.215.51 (10.230.215.51) 8.037 ms 2.370 ms 5.230 ms
好的,现在我们在主机2上ping内网主机10.230.215.51
由于主机A上添加了路由规则
[root@localhost ~]# route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.230.141.254
即所有目的地为10.0.0.0网络的数据包都将转发到10.230.141.254,由它去处理。下面我们就从另外一台winXP主机[192.168.23.20]发送数据包到10.230.215.51。看看能不能被主机A转发出去
C:/Documents and Settings/kvew>ping 10.230.215.51
Pinging 10.230.215.51 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 10.230.215.51:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
显然没有转发成功。
分析如下:
由192.168.23.20发送到10.230.215.51的数据包,其目的IP为10.230.215.51,当发送到主机A时,由于添加了对发往10.0.0.0网络的数据包进行转发,也就是该数据包将被转发到10.230.141.254。最后到达目的地10.230.215.51
但对于主机10.230.215.51,从接受的数据包中得到源IP地址192.168.23.20,然后向其发送数据包作为回应,在回应的数据包中目的地址是设置为192.168.23.20的,但在内网网络中的路由不知道将如何转发这个数据包,至少不会返回到我们的子网的。问题就在这里,也就是我们的网络只能接收到发往主机A的eth0:1地址的数据包。
解决方法:
由以上分析得出,我们的子网发出去的数据包如果在出网关前把源IP地址改为主机A的eth0:1地址,那么回应的数据包就会把目的地址设置为主机A的eth0:1地址,这样就能够返回到我们的网络了。
下面我们在主机A上用iptables修改来自子网192.168.23.0/24数据包的源IP地址为eth0:1地址
[root@localhost ~]# iptables -t nat -A POSTROUTING -s 192.168.23.0/24 -j SNAT --to 10.230.141.88
我们再来看看在winXP上是否能够ping通内网主机10.230.215.51
C:/Documents and Settings/kvew>ping 10.230.215.51
Pinging 10.230.215.51 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 10.230.215.51:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
还是不行,这个又是为什么呢? 想起来了,在主机A上忘了设置IP转发了!!
在主机A上加上
[rout@localhost ~]#echo 1>/proc/sys/net/ipv4/ip_forward
然后再在winXP上ping下看看
C:/Documents and Settings/kvew>ping 10.230.215.51
Pinging 10.230.215.51 with 32 bytes of data:
Reply from 10.230.215.51: bytes=32 time=1ms TTL=126
Reply from 10.230.215.51: bytes=32 time=1ms TTL=126
Reply from 10.230.215.51: bytes=32 time=1ms TTL=126
Reply from 10.230.215.51: bytes=32 time=1ms TTL=126
Ping statistics for 10.230.215.51:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms
一切OK了,用tracert(注意:在linux下用traceroute)看看是不是先到192.168.23.1然后被转发到10.230.141.254,最后再到目的主机10.230.215.51
C:/Documents and Settings/kvew>tracert 10.230.215.51
Tracing route to 10.230.215.51 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.23.1
2 1 ms 1 ms 1 ms 10.230.141.254
3 5 ms 1 ms 1 ms 10.230.215.51
Trace complete.
好了,一切都在预料之中,到此,该路由就已经设置好了,即实现了192.168.23.0/24网段访问10.0.0.0网段
================================================
附:主机A上路由表
[root@localhost ~]# route -FC
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.23.0 * 255.255.255.0 U 0 0 0 eth0
10.230.141.0 * 255.255.255.0 U 0 0 0 eth0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
10.0.0.0 10.230.141.254 255.0.0.0 UG 0 0 0 eth0
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
Kernel IP routing cache
Source Destination Gateway Flags Metric Ref Use Iface
192.168.23.20 10.230.215.51 10.230.141.254 ri 0 0 8 eth0
192.168.1.58 hzdns.zjnetcom. 192.168.1.1 0 0 4 eth0
10.230.196.4 10.230.141.88 10.230.141.88 l 0 0 1 lo
10.230.141.15 10.230.141.255 10.230.141.255 ibl 0 0 0 lo
192.168.1.101 255.255.255.255 255.255.255.255 ibl 0 0 1 lo
hzdns.zjnetcom. 192.168.1.58 192.168.1.58 l 0 0 4 lo
210.51.190.207 192.168.1.58 192.168.1.58 l 0 0 4 lo
hzdns.zjnetcom. 192.168.1.58 192.168.1.58 l 0 0 17 lo
210.51.190.207 192.168.1.58 192.168.1.58 l 0 0 4 lo
192.168.1.75 192.168.1.255 192.168.1.255 ibl 0 0 14 lo
192.168.1.66 192.168.1.255 192.168.1.255 ibl 0 0 1 lo
localhost.local localhost.local localhost.local l 0 0 13 lo
192.168.1.58 224.0.0.251 224.0.0.251 ml 0 0 8 eth0
10.230.141.7 10.230.141.255 10.230.141.255 ibl 0 0 1 lo
10.230.141.88 10.230.146.56 10.230.141.254 0 0 0 eth0
192.168.23.1 192.168.23.20 192.168.23.20 0 0 3 eth0
192.168.1.72 192.168.1.255 192.168.1.255 ibl 0 0 51 lo
10.230.141.14 10.230.141.255 10.230.141.255 ibl 0 0 0 lo
192.168.1.58 210.51.190.207 192.168.1.1 0 0 1 eth0
192.168.1.99 192.168.1.255 192.168.1.255 ibl 0 0 2 lo
192.168.1.58 192.168.1.255 192.168.1.255 bl 0 0 1 eth0
192.168.1.58 ns1.hzcnc.com 192.168.1.1 0 0 0 eth0
192.168.1.97 192.168.1.255 192.168.1.255 ibl 0 0 0 lo
localhost.local localhost.local localhost.local l 0 0 41 lo
192.168.1.79 192.168.1.255 192.168.1.255 ibl 0 0 0 lo
10.230.193.22 10.230.141.88 10.230.141.88 l 0 0 0 lo
192.168.1.58 ns1.hzcnc.com 192.168.1.1 0 0 1 eth0
10.7.0.181 ALL-SYSTEMS.MCA ALL-SYSTEMS.MCA ml 0 0 2 lo
192.168.23.20 10.0.0.1 10.230.141.254 ri 0 0 1 eth0
192.168.1.87 192.168.1.255 192.168.1.255 ibl 0 0 0 lo
10.230.141.88 10.230.141.255 10.230.141.255 bl 0 0 1 eth0
192.168.23.1 192.168.23.255 192.168.23.255 bl 0 0 1 eth0
192.168.1.92 192.168.1.255 192.168.1.255 ibl 0 0 0 lo
10.230.141.88 10.230.211.111 10.230.141.254 0 0 0 eth0
10.7.0.182 ALL-SYSTEMS.MCA ALL-SYSTEMS.MCA ml 0 0 2 lo
192.168.23.20 192.168.23.1 192.168.23.1 il 0 0 4 lo
10.230.141.88 10.230.196.4 10.230.141.254 0 0 1 eth0
10.230.211.111 10.230.141.88 10.230.141.88 l 0 0 0 lo
192.168.1.58 hzdns.zjnetcom. 192.168.1.1 0 0 34 eth0
10.230.141.254 192.168.23.20 192.168.23.20 ri 0 0 2 eth0
10.7.0.183 ALL-SYSTEMS.MCA ALL-SYSTEMS.MCA ml 0 0 2 lo
192.168.1.41 ALL-SYSTEMS.MCA ALL-SYSTEMS.MCA ml 0 0 2 lo
192.168.1.98 192.168.1.255 192.168.1.255 ibl 0 0 12 lo
192.168.1.32 192.168.1.255 192.168.1.255 ibl 0 0 5 lo
192.168.23.1 192.168.23.20 192.168.23.20 0 0 9 eth0
10.230.141.5 10.230.141.255 10.230.141.255 ibl 0 0 15 lo
10.230.215.51 192.168.23.20 192.168.23.20 0 0 2 eth0
192.168.1.92 255.255.255.255 255.255.255.255 ibl 0 0 53 lo
10.230.141.26 10.230.141.255 10.230.141.255 ibl 0 0 0 lo
192.168.1.41 192.168.1.255 192.168.1.255 ibl 0 0 0 lo
10.230.141.88 10.230.193.22 10.230.141.254 0 0 0 eth0
192.168.1.58 210.51.190.207 192.168.1.1 0 0 0 eth0
10.230.146.56 10.230.141.88 10.230.141.88 l 0 0 0 lo
192.168.1.1 192.168.1.58 192.168.1.58 il 0 0 17 lo
192.168.1.58 192.168.1.1 192.168.1.1 0 0 0 eth0
192.168.2.3 192.168.2.255 192.168.1.1 0 0 14 eth0
192.168.23.20 219.133.49.21 192.168.1.1 ri 0 0 2 eth0
192.168.1.101 192.168.1.255 192.168.1.255 ibl 0 0 0 lo
10.7.0.198 ALL-SYSTEMS.MCA ALL-SYSTEMS.MCA ml 0 0 2 lo
903
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
