Akcije
Podrška #21295
Zatvoren
routing - networking - multiple rute
Početak:
09.10.2010
Završetak:
% završeno:
0%
Procjena vremena:
Fajlovi
Izmjenjeno od Ernad Husremović prije više od 15 godina
na mališi sam definisao na br0 bridgu dvije ip adrese: 192.168.45.7 i 10.0.200.7
pokušavam da requesti koji dođu na 10.0.200.7 "zavrću" na 10.0.200.251 (što je ustvari router-4.bring.out.ba)
Izmjenjeno od Ernad Husremović prije više od 15 godina
root@malisa:~# ip route show
77.239.26.5 via 10.0.200.251 dev br0 src 10.0.200.7 10.8.0.2 dev tun0 proto kernel scope link src 10.8.0.1 10.7.0.1 dev tun1 proto kernel scope link src 10.7.0.192 77.238.208.152 via 10.0.200.251 dev br0 src 10.0.200.7 77.238.208.153 via 10.0.200.251 dev br0 src 10.0.200.7 192.168.55.0/24 via 10.8.0.2 dev tun0 192.168.4.0/24 via 10.8.0.2 dev tun0 192.169.45.0/24 via 192.168.45.251 dev br0 192.168.65.0/24 via 10.8.0.2 dev tun0 10.10.50.0/24 via 10.8.0.2 dev tun0 10.8.0.0/24 via 10.8.0.2 dev tun0 192.168.48.0/24 via 10.8.0.2 dev tun0 10.8.1.0/24 dev tap0 proto kernel scope link src 10.8.1.1 192.168.99.0/24 via 10.8.0.2 dev tun0 192.168.66.0/24 via 10.8.0.2 dev tun0 192.168.46.0/24 via 10.8.0.2 dev tun0 192.168.77.0/24 via 10.8.0.2 dev tun0 192.168.47.0/24 via 10.8.0.2 dev tun0 192.168.14.0/24 via 10.8.0.2 dev tun0 192.168.44.0/24 via 10.8.0.2 dev tun0 10.0.200.0/24 dev br0 proto kernel scope link src 10.0.200.7 192.168.45.0/24 dev br0 proto kernel scope link src 192.168.45.7 192.168.11.0/24 via 10.8.0.2 dev tun0 192.168.58.0/24 via 10.8.0.2 dev tun0 10.7.0.0/24 via 10.7.0.1 dev tun1 169.254.0.0/16 dev br0 scope link metric 1000 default via 192.168.45.254 dev br0
definišem posebnu tabelu 201 za 10.0.200.0/24 mrežu, i kažem da je routiranje preko 10.0.200.251
root@malisa:~# ip rule add prio 201 from 10.0.200.0/24 table 201 root@malisa:~# ip route add default via 10.0.200.251 src 10.0.200.7 proto static table 201 root@malisa:~# ip route append prohibit default table 201 metric 1 proto static
dobro je, standardna ruta je preko 192.168.45.254
root@malisa:~# traceroute www.google.ba
traceroute to www.google.ba (209.85.227.99), 30 hops max, 40 byte packets 1 192.168.45.254 (192.168.45.254) 1.077 ms 1.360 ms 1.645 ms 2 92.36.128.1 (92.36.128.1) 26.836 ms 26.952 ms 26.893 ms 3 dlp-110.max2.sa-mlt.bih.net.ba (195.222.42.110) 36.589 ms 36.804 ms 41.139 ms
tabela 201 odnosno default ruta se i ne vidi na standardno ip route show
root@malisa:~# ip route show
77.239.26.5 via 10.0.200.251 dev br0 src 10.0.200.7 10.8.0.2 dev tun0 proto kernel scope link src 10.8.0.1 10.7.0.1 dev tun1 proto kernel scope link src 10.7.0.192 77.238.208.152 via 10.0.200.251 dev br0 src 10.0.200.7 77.238.208.153 via 10.0.200.251 dev br0 src 10.0.200.7 192.168.55.0/24 via 10.8.0.2 dev tun0 192.168.4.0/24 via 10.8.0.2 dev tun0 192.169.45.0/24 via 192.168.45.251 dev br0 192.168.65.0/24 via 10.8.0.2 dev tun0 10.10.50.0/24 via 10.8.0.2 dev tun0 10.8.0.0/24 via 10.8.0.2 dev tun0 192.168.48.0/24 via 10.8.0.2 dev tun0 10.8.1.0/24 dev tap0 proto kernel scope link src 10.8.1.1 192.168.99.0/24 via 10.8.0.2 dev tun0 192.168.66.0/24 via 10.8.0.2 dev tun0 192.168.46.0/24 via 10.8.0.2 dev tun0 192.168.77.0/24 via 10.8.0.2 dev tun0 192.168.47.0/24 via 10.8.0.2 dev tun0 192.168.14.0/24 via 10.8.0.2 dev tun0 192.168.44.0/24 via 10.8.0.2 dev tun0 10.0.200.0/24 dev br0 proto kernel scope link src 10.0.200.7 192.168.45.0/24 dev br0 proto kernel scope link src 192.168.45.7 192.168.11.0/24 via 10.8.0.2 dev tun0 192.168.58.0/24 via 10.8.0.2 dev tun0 10.7.0.0/24 via 10.7.0.1 dev tun1 169.254.0.0/16 dev br0 scope link metric 1000 default via 192.168.45.254 dev br0
Akcije
#3
Izmjenjeno od Ernad Husremović prije više od 15 godina
- Fajl firewall_traffic_redirection.png firewall_traffic_redirection.png dodano
- Fajl firewall_traffic_control.png firewall_traffic_control.png dodano
multiple ruta na openvz sesiji¶
sa eth0 (veth) interfejsom mogu uraditi sve što i na full hostu
našao sam da sesija 112 ima veth interfejs
na njemu sam ručno definisao dvije adrese: 10.0.200.27, 192.168.45.27
pa definisao opet tabelu 201
root@openvpn-2:/# ip rule add prio 201 from 10.0.200.0/24 table 201 root@openvpn-2:/# ip route add default via 10.0.200.251 src 10.0.200.27 proto static table 201 root@openvpn-2:/# ip route append prohibit default table 201 metric 1 proto static root@openvpn-2:/# ip route show table 201 default via 10.0.200.251 dev eth0 proto static src 10.0.200.27 prohibit default proto static metric 1
evo obične rute - main routing tabela
root@openvpn-2:~# ip route show
192.168.45.0/24 dev eth0 proto kernel scope link src 192.168.45.27 10.10.10.0/24 dev tap3 proto kernel scope link src 10.10.10.1 10.0.0.0/8 dev eth0 proto kernel scope link src 10.0.200.27 default via 192.168.45.254 dev eth0
root@openvpn-2:~# ip route show table 201
default via 10.0.200.251 dev eth0 proto static src 10.0.200.27 prohibit default proto static metric 1
na firewall-u router-4 definisao da ssh port 2222 od cable-2 adresse preslikava na
Izmjenjeno od Ernad Husremović prije više od 15 godina
inače ovo sam uradio na osnovu sljedećeg teksta http://www.ssi.bg/~ja/nano.txt
Izmjenjeno od Ernad Husremović prije više od 15 godina
- Status promijenjeno iz Dodijeljeno u Zatvoreno
Izmjenjeno od Ernad Husremović prije više od 15 godina
malisa 10.0.200.7 - /etc/rc.local¶
# adresa koju koristi cable.bring.out.ba za pristup malisi izvana ip addr add 10.0.200.7/24 dev br0 ip rule add prio 201 from 10.0.200.0/24 table 201 ip rule add prio 201 from 10.0.200.0/24 table 201 ip route add default via 10.0.200.251 src 10.0.200.7 proto static table 201 ip route append prohibit default table 201 metric 1 proto static
Akcije