基于LINUX策略路由的实现
基于LINUX策略路由的实现一、网络结构
eth0 10.43.128.10gw 10.43.0.254-->internel
eth1 61.144.64.106 gw 61.144.64.1-->internel
eth2 192.168.0.2 gw 192.168.0.1-->internel
二、实现目的:
1.不改变现有网络拓扑结构。
2.根据目的地址确定数据走向,所有到10.45.0.0/16、10.10.0.0/16的走10.43.0.254。
3.根据源地址确定数据走向,10.43.128.63走adsl路由,其它走默认main路由。
三、软件要求:
IPROUTE
# rpm -qa |grep iproute (查看是否有iproute软件包)
iproute-2.4.7-7.AS21.1
四、实现步骤:
# ip link (查看本地链路)
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:90:27:99:1d:fa brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:40:05:11:fe:78 brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:40:05:42:65:88 brd ff:ff:ff:ff:ff:ff
# ip add (查看本地地址)
1: lo: <LOOPBACK,UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:90:27:99:1d:fa brd ff:ff:ff:ff:ff:ff
inet 10.43.128.10/16 brd 10.43.255.255 scope global eth0
3: eth1: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:40:05:11:fe:78 brd ff:ff:ff:ff:ff:ff
inet 61.144.64.106/24 brd 61.144.64.255 scope global eth1
4: eth2: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast qlen 100
link/ether 00:40:05:42:65:88 brd ff:ff:ff:ff:ff:ff
inet 192.168.0.2/24 brd 192.168.0.255 scope global eth2
# ip route (查看本地路由和ip route ls table main 或route命令相等)
192.168.0.0/24 dev eth2 scope link
61.144.64.0/24 dev eth1 scope link
10.10.0.0/16 via 10.43.0.254 dev eth0
10.43.0.0/16 dev eth0 scope link
10.45.0.0/16 via 10.43.0.254 dev eth0
127.0.0.0/8 dev lo scope link
default via 61.144.64.1 dev eth1
# ip rule (查看本地路由策略)
0: from all lookup local (本地路由表系统默认id=255,优先级0)
32766: from all lookup main (默认的标准路由表id=254,优先级32766)
32767: from all lookup default (本地默认路由表系统默认id=253,优先级32767)
# echo "200 adsl" >>/etc/iproute2/rt_tables (添加一个新的路由表)
# ip route add 10.10.0.0/16 via 10.43.0.254 dev eth0 table adsl
# ip route add 10.45.0.0/16 via 10.43.0.254 dev eth0 table adsl
(为adsl路由表添加到HK AND QY的路由)
# ip route add 10.10.0.0/16 via 10.43.0.254 dev eth0 table adsl
(为adsl路由表添加一条默认路由)
# ip rule add from 10.43.128.63 table adsl pref 32765
(添加adsl路由表策略,这里添加10.43.128.63机器从adsl路由表走,而不是local,main,default表。设置adsl表优先级是32765,数值越小优先级别越高)
# ip route ls table adsl (查看adsl表路由设置)
10.10.0.0/16 via 10.43.0.254 dev eth0
10.45.0.0/16 via 10.43.0.254 dev eth0
default via 192.168.0.1 dev eth2
# ip rule (查看路由策略设置)
0: from all lookup local
32765: from 10.43.128.63 lookup adsl (新加id=200,优先级32765)
32766: from all lookup main
32767: from all lookup default
# ip route flush cache (使新路由生效)
# iptable -t nat -A POSTROUTING -s 10.43.128.63 -j SNAT –to 192.168.0.2 (让eth0 流向eth2)
五、验证:
C:\Documents and Settings\mis>tracert 10.10.0.14 (查看到hk的路由路径)
Tracing route to 10.10.0.14 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 10.43.128.10
2 1 ms <1 ms <1 ms 10.43.0.254
3 24 ms 12 ms 31 ms 10.255.0.170
4 31 ms 12 ms 10 ms 10.10.0.14
Trace complete.
C:\Documents and Settings\mis>tracert 10.45.0.254 (查看到qy的路由路径)
Tracing route to 10.45.0.254 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 10.43.128.10
2 1 ms 1 ms 1 ms 10.43.0.254
3 4 ms 4 ms 4 ms 10.45.0.254
Trace complete.
C:\Documents and Settings\mis>tracert www.163.com (测试外部路由路径)
Tracing route to www.cache.split.netease.com
over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 10.43.128.10
2 1 ms 1 ms 1 ms 192.168.0.1
3 11 ms 9 ms 10 ms 61.144.65.1
4 9 ms 8 ms 9 ms 218.19.169.244
5 10 ms 14 ms 8 ms 61.144.0.57
6 11 ms 10 ms 10 ms 61.140.17.6
7 13 ms 10 ms 10 ms 202.97.25.5
8 9 ms 9 ms 9 ms 202.97.40.113
9 42 ms 41 ms 40 ms 202.97.34.117
10 40 ms 41 ms 40 ms 218.30.25.49
11 41 ms 41 ms 46 ms 218.30.25.74
12 45 ms 50 ms 55 ms 220.181.16.14
13 52 ms 50 ms 50 ms 220.181.17.58
14 41 ms 43 ms 41 ms 220.181.28.42
Trace complete.
回复 #1 network 的帖子
孙老师看着这么的东西,一点也看不懂呀,感觉我们学的和你弄的那些东西差远了,以后真的不知道在怎么学了。本来这linux还晕晕忽忽的现在更晕了。:( :( 学了NP才能了解到什么叫策略路由,在路由器昨用。然后就是LINUX也能实现。别着急。知道不足不要急。
页:
[1]