用linux配置路由

用linux配置路由

by：kvew www.smatrix.org/bbs

实验网络拓扑图如下:



首先，看看主机A上的路由表
<br>[root@localhost ~]# netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.23.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.230.141.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth0
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 eth0

另外一台路由也连接到该交换机的,其IP为192.168.1.1,所以多了些信息,我们的本地连接情况如下

[root@localhost ~]# ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:DF:2C:CE
inet addr:192.168.1.58 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fedf:2cce/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:6086 errors:0 dropped:0 overruns:0 frame:0
TX packets:1122 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:469560 (458.5 KiB) TX bytes:289113 (282.3 KiB)
Interrupt:10 Base address:0x1080

eth0:1 Link encap:Ethernet HWaddr 00:0C:29:DF:2C:CE
inet addr:10.230.141.88 Bcast:10.230.141.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:10 Base address:0x1080

eth0:2 Link encap:Ethernet HWaddr 00:0C:29:DF:2C:CE
inet addr:192.168.23.1 Bcast:192.168.23.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
Interrupt:10 Base address:0x1080

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2391 errors:0 dropped:0 overruns:0 frame:0
TX packets:2391 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2103452 (2.0 MiB) TX bytes:2103452 (2.0 MiB)

添加路由规则

[root@localhost ~]# route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.230.141.254

然后我们用traceroute来看看发送到10.230.215.51的数据包所经过的路径

[root@localhost ~]# traceroute 10.230.215.51
traceroute to 10.230.215.51 (10.230.215.51), 30 hops max, 38 byte packets
1 10.230.141.254 (10.230.141.254) 0.795 ms 0.680 ms 0.701 ms
2 10.230.215.51 (10.230.215.51) 8.037 ms 2.370 ms 5.230 ms

好的，现在我们在主机2上ping内网主机10.230.215.51

由于主机A上添加了路由规则
[root@localhost ~]# route add -net 10.0.0.0 netmask 255.0.0.0 gw 10.230.141.254

即所有目的地为10.0.0.0网络的数据包都将转发到10.230.141.254，由它去处理。下面我们就从另外一台winXP主机[192.168.23.20]发送数据包到10.230.215.51。看看能不能被主机A转发出去

C:/Documents and Settings/kvew>ping 10.230.215.51

Pinging 10.230.215.51 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 10.230.215.51:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

显然没有转发成功。

分析如下：

由192.168.23.20发送到10.230.215.51的数据包，其目的IP为10.230.215.51，当发送到主机A时，由于添加了对发往10.0.0.0网络的数据包进行转发，也就是该数据包将被转发到10.230.141.254。最后到达目的地10.230.215.51
但对于主机10.230.215.51，从接受的数据包中得到源IP地址192.168.23.20，然后向其发送数据包作为回应，在回应的数据包中目的地址是设置为192.168.23.20的，但在内网网络中的路由不知道将如何转发这个数据包，至少不会返回到我们的子网的。问题就在这里，也就是我们的网络只能接收到发往主机A的eth0:1地址的数据包。

解决方法：

由以上分析得出，我们的子网发出去的数据包如果在出网关前把源IP地址改为主机A的eth0:1地址，那么回应的数据包就会把目的地址设置为主机A的eth0:1地址，这样就能够返回到我们的网络了。

下面我们在主机A上用iptables修改来自子网192.168.23.0/24数据包的源IP地址为eth0:1地址

[root@localhost ~]# iptables -t nat -A POSTROUTING -s 192.168.23.0/24 -j SNAT --to 10.230.141.88

我们再来看看在winXP上是否能够ping通内网主机10.230.215.51

C:/Documents and Settings/kvew>ping 10.230.215.51

Pinging 10.230.215.51 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 10.230.215.51:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

还是不行，这个又是为什么呢？ 想起来了，在主机A上忘了设置IP转发了！！

在主机A上加上

[rout@localhost ~]#echo 1>/proc/sys/net/ipv4/ip_forward

然后再在winXP上ping下看看

C:/Documents and Settings/kvew>ping 10.230.215.51

Pinging 10.230.215.51 with 32 bytes of data:

Reply from 10.230.215.51: bytes=32 time=1ms TTL=126
Reply from 10.230.215.51: bytes=32 time=1ms TTL=126
Reply from 10.230.215.51: bytes=32 time=1ms TTL=126
Reply from 10.230.215.51: bytes=32 time=1ms TTL=126

Ping statistics for 10.230.215.51:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms

一切OK了，用tracert（注意：在linux下用traceroute）看看是不是先到192.168.23.1然后被转发到10.230.141.254，最后再到目的主机10.230.215.51

C:/Documents and Settings/kvew>tracert 10.230.215.51

Tracing route to 10.230.215.51 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms 192.168.23.1
2 1 ms 1 ms 1 ms 10.230.141.254
3 5 ms 1 ms 1 ms 10.230.215.51

Trace complete.

好了，一切都在预料之中，到此，该路由就已经设置好了，即实现了192.168.23.0/24网段访问10.0.0.0网段

================================================

附:主机A上路由表

[root@localhost ~]# route -FC
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
192.168.23.0 * 255.255.255.0 U 0 0 0 eth0
10.230.141.0 * 255.255.255.0 U 0 0 0 eth0
192.168.1.0 * 255.255.255.0 U 0 0 0 eth0
169.254.0.0 * 255.255.0.0 U 0 0 0 eth0
10.0.0.0 10.230.141.254 255.0.0.0 UG 0 0 0 eth0
default 192.168.1.1 0.0.0.0 UG 0 0 0 eth0
Kernel IP routing cache
Source Destination Gateway Flags Metric Ref Use Iface
192.168.23.20 10.230.215.51 10.230.141.254 ri 0 0 8 eth0
192.168.1.58 hzdns.zjnetcom. 192.168.1.1 0 0 4 eth0
10.230.196.4 10.230.141.88 10.230.141.88 l 0 0 1 lo
10.230.141.15 10.230.141.255 10.230.141.255 ibl 0 0 0 lo
192.168.1.101 255.255.255.255 255.255.255.255 ibl 0 0 1 lo
hzdns.zjnetcom. 192.168.1.58 192.168.1.58 l 0 0 4 lo
210.51.190.207 192.168.1.58 192.168.1.58 l 0 0 4 lo
hzdns.zjnetcom. 192.168.1.58 192.168.1.58 l 0 0 17 lo
210.51.190.207 192.168.1.58 192.168.1.58 l 0 0 4 lo
192.168.1.75 192.168.1.255 192.168.1.255 ibl 0 0 14 lo
192.168.1.66 192.168.1.255 192.168.1.255 ibl 0 0 1 lo
localhost.local localhost.local localhost.local l 0 0 13 lo
192.168.1.58 224.0.0.251 224.0.0.251 ml 0 0 8 eth0
10.230.141.7 10.230.141.255 10.230.141.255 ibl 0 0 1 lo
10.230.141.88 10.230.146.56 10.230.141.254 0 0 0 eth0
192.168.23.1 192.168.23.20 192.168.23.20 0 0 3 eth0
192.168.1.72 192.168.1.255 192.168.1.255 ibl 0 0 51 lo
10.230.141.14 10.230.141.255 10.230.141.255 ibl 0 0 0 lo
192.168.1.58 210.51.190.207 192.168.1.1 0 0 1 eth0
192.168.1.99 192.168.1.255 192.168.1.255 ibl 0 0 2 lo
192.168.1.58 192.168.1.255 192.168.1.255 bl 0 0 1 eth0
192.168.1.58 ns1.hzcnc.com 192.168.1.1 0 0 0 eth0
192.168.1.97 192.168.1.255 192.168.1.255 ibl 0 0 0 lo
localhost.local localhost.local localhost.local l 0 0 41 lo
192.168.1.79 192.168.1.255 192.168.1.255 ibl 0 0 0 lo
10.230.193.22 10.230.141.88 10.230.141.88 l 0 0 0 lo
192.168.1.58 ns1.hzcnc.com 192.168.1.1 0 0 1 eth0
10.7.0.181 ALL-SYSTEMS.MCA ALL-SYSTEMS.MCA ml 0 0 2 lo
192.168.23.20 10.0.0.1 10.230.141.254 ri 0 0 1 eth0
192.168.1.87 192.168.1.255 192.168.1.255 ibl 0 0 0 lo
10.230.141.88 10.230.141.255 10.230.141.255 bl 0 0 1 eth0
192.168.23.1 192.168.23.255 192.168.23.255 bl 0 0 1 eth0
192.168.1.92 192.168.1.255 192.168.1.255 ibl 0 0 0 lo
10.230.141.88 10.230.211.111 10.230.141.254 0 0 0 eth0
10.7.0.182 ALL-SYSTEMS.MCA ALL-SYSTEMS.MCA ml 0 0 2 lo
192.168.23.20 192.168.23.1 192.168.23.1 il 0 0 4 lo
10.230.141.88 10.230.196.4 10.230.141.254 0 0 1 eth0
10.230.211.111 10.230.141.88 10.230.141.88 l 0 0 0 lo
192.168.1.58 hzdns.zjnetcom. 192.168.1.1 0 0 34 eth0
10.230.141.254 192.168.23.20 192.168.23.20 ri 0 0 2 eth0
10.7.0.183 ALL-SYSTEMS.MCA ALL-SYSTEMS.MCA ml 0 0 2 lo
192.168.1.41 ALL-SYSTEMS.MCA ALL-SYSTEMS.MCA ml 0 0 2 lo
192.168.1.98 192.168.1.255 192.168.1.255 ibl 0 0 12 lo
192.168.1.32 192.168.1.255 192.168.1.255 ibl 0 0 5 lo
192.168.23.1 192.168.23.20 192.168.23.20 0 0 9 eth0
10.230.141.5 10.230.141.255 10.230.141.255 ibl 0 0 15 lo
10.230.215.51 192.168.23.20 192.168.23.20 0 0 2 eth0
192.168.1.92 255.255.255.255 255.255.255.255 ibl 0 0 53 lo
10.230.141.26 10.230.141.255 10.230.141.255 ibl 0 0 0 lo
192.168.1.41 192.168.1.255 192.168.1.255 ibl 0 0 0 lo
10.230.141.88 10.230.193.22 10.230.141.254 0 0 0 eth0
192.168.1.58 210.51.190.207 192.168.1.1 0 0 0 eth0
10.230.146.56 10.230.141.88 10.230.141.88 l 0 0 0 lo
192.168.1.1 192.168.1.58 192.168.1.58 il 0 0 17 lo
192.168.1.58 192.168.1.1 192.168.1.1 0 0 0 eth0
192.168.2.3 192.168.2.255 192.168.1.1 0 0 14 eth0
192.168.23.20 219.133.49.21 192.168.1.1 ri 0 0 2 eth0
192.168.1.101 192.168.1.255 192.168.1.255 ibl 0 0 0 lo
10.7.0.198 ALL-SYSTEMS.MCA ALL-SYSTEMS.MCA ml 0 0 2 lo