用linux配置路由
by:kvew www.smatrix.org/bbs
實驗網絡拓撲圖如下:
首先,看看主機A上的路由表
<br>[root@localhost ~]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.23.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.230.141.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
另外一臺路由也連接到該交換機的,其IP爲192.168.1.1,所以多了些信息,我們的本地連接情況如下
[root@localhost ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:DF:2C:CE
inet addr:192.168.1.58 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fedf:2cce/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6086 errors:0 dropped:0 overruns:0 frame:0
TX packets:1122 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:469560 (458.5 KiB) TX bytes:289113 (282.3 KiB)
Interrupt:10 Base address:0x1080
eth0:1 Link encap:Ethernet HWaddr 00:0C:29:DF:2C:CE
inet addr:10.230.141.88 Bcast:10.230.141.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:10 Base address:0x1080
eth0:2 Link encap:Ethernet HWaddr 00:0C:29:DF:2C:CE
inet addr:192.168.23.1 Bcast:192.168.23.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:10 Base address:0x1080
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2391 errors:0 dropped:0 overruns:0 frame:0
TX packets:2391 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2103452 (2.0 MiB) TX bytes:2103452 (2.0 MiB)
添加路由規則
[root@localhost ~]# route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.230.141.254
然後我們用traceroute來看看發送到10.230.215.51的數據包所經過的路徑
[root@localhost ~]# traceroute 10.230.215.51
traceroute to 10.230.215.51 (10.230.215.51), 30 hops max, 38 byte packets
1 10.230.141.254 (10.230.141.254) 0.795 ms 0.680 ms 0.701 ms
2 10.230.215.51 (10.230.215.51) 8.037 ms 2.370 ms 5.230 ms
好的,現在我們在主機2上ping內網主機10.230.215.51
由於主機A上添加了路由規則
[root@localhost ~]# route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.230.141.254
即所有目的地爲10.0.0.0網絡的數據包都將轉發到10.230.141.254,由它去處理。下面我們就從另外一臺winXP主機[192.168.23.20]發送數據包到10.230.215.51。看看能不能被主機A轉發出去
C:/Documents and Settings/kvew>ping 10.230.215.51
Pinging 10.230.215.51 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 10.230.215.51:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
顯然沒有轉發成功。
分析如下:
由192.168.23.20發送到10.230.215.51的數據包,其目的IP爲10.230.215.51,當發送到主機A時,由於添加了對發往10.0.0.0網絡的數據包進行轉發,也就是該數據包將被轉發到10.230.141.254。最後到達目的地10.230.215.51
但對於主機10.230.215.51,從接受的數據包中得到源IP地址192.168.23.20,然後向其發送數據包作爲迴應,在迴應的數據包中目的地址是設置爲192.168.23.20的,但在內網網絡中的路由不知道將如何轉發這個數據包,至少不會返回到我們的子網的。問題就在這裏,也就是我們的網絡只能接收到發往主機A的eth0:1地址的數據包。
解決方法:
由以上分析得出,我們的子網發出去的數據包如果在出網關前把源IP地址改爲主機A的eth0:1地址,那麼迴應的數據包就會把目的地址設置爲主機A的eth0:1地址,這樣就能夠返回到我們的網絡了。
下面我們在主機A上用iptables修改來自子網192.168.23.0/24數據包的源IP地址爲eth0:1地址
[root@localhost ~]# iptables -t nat -A POSTROUTING -s 192.168.23.0/24 -j SNAT --to 10.230.141.88
我們再來看看在winXP上是否能夠ping通內網主機10.230.215.51
C:/Documents and Settings/kvew>ping 10.230.215.51
Pinging 10.230.215.51 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 10.230.215.51:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
還是不行,這個又是爲什麼呢? 想起來了,在主機A上忘了設置IP轉發了!!
在主機A上加上
[rout@localhost ~]#echo 1>/proc/sys/net/ipv4/ip_forward
然後再在winXP上ping下看看
C:/Documents and Settings/kvew>ping 10.230.215.51
Pinging 10.230.215.51 with 32 bytes of data:
Reply from 10.230.215.51: bytes=32 time=1ms TTL=126
Reply from 10.230.215.51: bytes=32 time=1ms TTL=126
Reply from 10.230.215.51: bytes=32 time=1ms TTL=126
Reply from 10.230.215.51: bytes=32 time=1ms TTL=126
Ping statistics for 10.230.215.51:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms
一切OK了,用tracert(注意:在linux下用traceroute)看看是不是先到192.168.23.1然後被轉發到10.230.141.254,最後再到目的主機10.230.215.51
C:/Documents and Settings/kvew>tracert 10.230.215.51
Tracing route to 10.230.215.51 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.23.1
2 1 ms 1 ms 1 ms 10.230.141.254
3 5 ms 1 ms 1 ms 10.230.215.51
Trace complete.
好了,一切都在預料之中,到此,該路由就已經設置好了,即實現了192.168.23.0/24網段訪問10.0.0.0網段
================================================
附:主機A上路由表
[root@localhost ~]# route -FC
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.23.0 * 255.255.255.0 U 0 0 0 eth0
10.230.141.0 * 255.255.255.0 U 0 0 0 eth0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
10.0.0.0 10.230.141.254 255.0.0.0 UG 0 0 0 eth0
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
Kernel IP routing cache
Source Destination Gateway Flags Metric Ref Use Iface
192.168.23.20 10.230.215.51 10.230.141.254 ri 0 0 8 eth0
192.168.1.58 hzdns.zjnetcom. 192.168.1.1 0 0 4 eth0
10.230.196.4 10.230.141.88 10.230.141.88 l 0 0 1 lo
10.230.141.15 10.230.141.255 10.230.141.255 ibl 0 0 0 lo
192.168.1.101 255.255.255.255 255.255.255.255 ibl 0 0 1 lo
hzdns.zjnetcom. 192.168.1.58 192.168.1.58 l 0 0 4 lo
210.51.190.207 192.168.1.58 192.168.1.58 l 0 0 4 lo
hzdns.zjnetcom. 192.168.1.58 192.168.1.58 l 0 0 17 lo
210.51.190.207 192.168.1.58 192.168.1.58 l 0 0 4 lo
192.168.1.75 192.168.1.255 192.168.1.255 ibl 0 0 14 lo
192.168.1.66 192.168.1.255 192.168.1.255 ibl 0 0 1 lo
localhost.local localhost.local localhost.local l 0 0 13 lo
192.168.1.58 224.0.0.251 224.0.0.251 ml 0 0 8 eth0
10.230.141.7 10.230.141.255 10.230.141.255 ibl 0 0 1 lo
10.230.141.88 10.230.146.56 10.230.141.254 0 0 0 eth0
192.168.23.1 192.168.23.20 192.168.23.20 0 0 3 eth0
192.168.1.72 192.168.1.255 192.168.1.255 ibl 0 0 51 lo
10.230.141.14 10.230.141.255 10.230.141.255 ibl 0 0 0 lo
192.168.1.58 210.51.190.207 192.168.1.1 0 0 1 eth0
192.168.1.99 192.168.1.255 192.168.1.255 ibl 0 0 2 lo
192.168.1.58 192.168.1.255 192.168.1.255 bl 0 0 1 eth0
192.168.1.58 ns1.hzcnc.com 192.168.1.1 0 0 0 eth0
192.168.1.97 192.168.1.255 192.168.1.255 ibl 0 0 0 lo
localhost.local localhost.local localhost.local l 0 0 41 lo
192.168.1.79 192.168.1.255 192.168.1.255 ibl 0 0 0 lo
10.230.193.22 10.230.141.88 10.230.141.88 l 0 0 0 lo
192.168.1.58 ns1.hzcnc.com 192.168.1.1 0 0 1 eth0
10.7.0.181 ALL-SYSTEMS.MCA ALL-SYSTEMS.MCA ml 0 0 2 lo
192.168.23.20 10.0.0.1 10.230.141.254 ri 0 0 1 eth0
192.168.1.87 192.168.1.255 192.168.1.255 ibl 0 0 0 lo
10.230.141.88 10.230.141.255 10.230.141.255 bl 0 0 1 eth0
192.168.23.1 192.168.23.255 192.168.23.255 bl 0 0 1 eth0
192.168.1.92 192.168.1.255 192.168.1.255 ibl 0 0 0 lo
10.230.141.88 10.230.211.111 10.230.141.254 0 0 0 eth0
10.7.0.182 ALL-SYSTEMS.MCA ALL-SYSTEMS.MCA ml 0 0 2 lo
192.168.23.20 192.168.23.1 192.168.23.1 il 0 0 4 lo
10.230.141.88 10.230.196.4 10.230.141.254 0 0 1 eth0
10.230.211.111 10.230.141.88 10.230.141.88 l 0 0 0 lo
192.168.1.58 hzdns.zjnetcom. 192.168.1.1 0 0 34 eth0
10.230.141.254 192.168.23.20 192.168.23.20 ri 0 0 2 eth0
10.7.0.183 ALL-SYSTEMS.MCA ALL-SYSTEMS.MCA ml 0 0 2 lo
192.168.1.41 ALL-SYSTEMS.MCA ALL-SYSTEMS.MCA ml 0 0 2 lo
192.168.1.98 192.168.1.255 192.168.1.255 ibl 0 0 12 lo
192.168.1.32 192.168.1.255 192.168.1.255 ibl 0 0 5 lo
192.168.23.1 192.168.23.20 192.168.23.20 0 0 9 eth0
10.230.141.5 10.230.141.255 10.230.141.255 ibl 0 0 15 lo
10.230.215.51 192.168.23.20 192.168.23.20 0 0 2 eth0
192.168.1.92 255.255.255.255 255.255.255.255 ibl 0 0 53 lo
10.230.141.26 10.230.141.255 10.230.141.255 ibl 0 0 0 lo
192.168.1.41 192.168.1.255 192.168.1.255 ibl 0 0 0 lo
10.230.141.88 10.230.193.22 10.230.141.254 0 0 0 eth0
192.168.1.58 210.51.190.207 192.168.1.1 0 0 0 eth0
10.230.146.56 10.230.141.88 10.230.141.88 l 0 0 0 lo
192.168.1.1 192.168.1.58 192.168.1.58 il 0 0 17 lo
192.168.1.58 192.168.1.1 192.168.1.1 0 0 0 eth0
192.168.2.3 192.168.2.255 192.168.1.1 0 0 14 eth0
192.168.23.20 219.133.49.21 192.168.1.1 ri 0 0 2 eth0
192.168.1.101 192.168.1.255 192.168.1.255 ibl 0 0 0 lo
10.7.0.198 ALL-SYSTEMS.MCA ALL-SYSTEMS.MCA ml 0 0 2 lo