Tam*_*mas 6 networking freebsd ip-aliasing
我有一个 FreeBSD VPS,直到最近它在/29子网中分配了 3 个公共 IP 地址。在进行传出连接时,使用的 IP 地址始终是非别名的“ .20 ”,但是现在我在不同的/29子网中添加了另一个包含 3 个 ip 地址的块,并且传出 IP 更改为“ .44 ”。
以下是添加第二个子网别名之前和之后的rc.conf设置。
前:
ifconfig_em0="inet 70.70.70.20 netmask 255.255.255.248"
ifconfig_em0_alias0="inet 70.70.70.21 netmask 255.255.255.248"
ifconfig_em0_alias1="inet 70.70.70.22 netmask 255.255.255.248"
defaultrouter="70.70.70.17"
现在:
ifconfig_em0="inet 70.70.70.20 netmask 255.255.255.248"
ifconfig_em0_alias0="inet 70.70.70.21 netmask 255.255.255.248"
ifconfig_em0_alias1="inet 70.70.70.22 netmask 255.255.255.248"
ifconfig_em0_alias2="inet 60.60.60.44 netmask 255.255.255.248"
ifconfig_em0_alias3="inet 60.60.60.45 netmask 255.255.255.248"
ifconfig_em0_alias4="inet 60.60.60.46 netmask 255.255.255.248"
defaultrouter="70.70.70.17"
阅读 ifconfig 的手册条目,我不确定别名的正确网络掩码。手册条目说:
alias Establish an additional network address for this interface. This
is sometimes useful when changing network numbers, and one wishes
to accept packets addressed to the old interface. If the address
is on the same subnet as the first network address for this
interface, a non-conflicting netmask must be given. Usually
0xffffffff is most appropriate.
问题 1:这是正确的配置吗?(注意别名2)
ifconfig_em0="inet 70.70.70.20 netmask 255.255.255.248"
ifconfig_em0_alias0="inet 70.70.70.21 netmask 255.255.255.255"
ifconfig_em0_alias1="inet 70.70.70.22 netmask 255.255.255.255"
ifconfig_em0_alias2="inet 60.60.60.44 netmask 255.255.255.248"
ifconfig_em0_alias3="inet 60.60.60.45 netmask 255.255.255.255"
ifconfig_em0_alias4="inet 60.60.60.46 netmask 255.255.255.255"
defaultrouter="70.70.70.17"
当我尝试这种方法时,默认传出 IP 地址更改为“ .46 ”。
问题 2:如何定义用于传出连接的默认 IP 地址,例如,如果我希望它是 70.70.70.21?
以下是路由表和接口信息:
路由表
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 70.70.70.17 UGS 0 2000863 em0
60.60.60.40/29 link#1 U 0 12 em0
60.60.60.44 link#1 UHS 0 18291 lo0
60.60.60.45 link#1 UHS 0 0 lo0
60.60.60.46 link#1 UHS 0 5 lo0
70.70.70.16/29 link#1 U 0 0 em0
70.70.70.20 link#1 UHS 0 6 lo0
70.70.70.21 link#1 UHS 0 0 lo0
70.70.70.22 link#1 UHS 0 0 lo0
127.0.0.1 link#3 UH 0 203 lo0
路由表(使用网络掩码 .255)
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 70.70.70.17 UGS 0 2015436 em0
60.60.60.40/29 link#1 U 0 12 em0
60.60.60.44 link#1 UHS 0 18295 lo0
60.60.60.45 link#1 UHS 0 0 lo0 =>
60.60.60.45/32 link#1 U 0 0 em0
60.60.60.46 link#1 UHS 0 9 lo0 =>
60.60.60.46/32 link#1 U 0 0 em0
70.70.70.16/29 link#1 U 0 0 em0
70.70.70.20 link#1 UHS 0 6 lo0
70.70.70.21 link#1 UHS 0 0 lo0 =>
70.70.70.21/32 link#1 U 0 0 em0
70.70.70.22 link#1 UHS 0 0 lo0 =>
70.70.70.22/32 link#1 U 0 0 em0
127.0.0.1 link#3 UH 0 205 lo0
如果配置 em0
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
ether 00:11:22:33:44:55
inet 70.70.70.20 netmask 0xfffffff8 broadcast 70.70.70.23
inet 70.70.70.21 netmask 0xfffffff8 broadcast 70.70.70.23
inet 70.70.70.22 netmask 0xfffffff8 broadcast 70.70.70.23
inet 60.60.60.44 netmask 0xfffffff8 broadcast 60.60.60.47
inet 60.60.60.45 netmask 0xfffffff8 broadcast 60.60.60.47
inet 60.60.60.46 netmask 0xfffffff8 broadcast 60.60.60.47
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
ifconfig em0(使用网络掩码 .255)
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
ether 00:11:22:33:44:55
inet 70.70.70.20 netmask 0xfffffff8 broadcast 70.70.70.23
inet 60.60.60.44 netmask 0xfffffff8 broadcast 60.60.60.47
inet 70.70.70.21 netmask 0xffffffff broadcast 70.70.70.21
inet 70.70.70.22 netmask 0xffffffff broadcast 70.70.70.22
inet 60.60.60.45 netmask 0xffffffff broadcast 60.60.60.45
inet 60.60.60.46 netmask 0xffffffff broadcast 60.60.60.46
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
网易
00100 allow ip from any to any via lo0
00200 deny ip from any to 127.0.0.0/8
00300 deny ip from 127.0.0.0/8 to any
00400 deny tcp from any to any frag
00500 check-state
00600 allow tcp from any to any established
00700 allow ip from any to any out keep-state
00800 allow icmp from any to any
00900 allow tcp from any to any dst-port 80,443 in
01200 allow tcp from any to any dst-port 20-22,25,80,443 out
01300 allow udp from any to any dst-port 53 out
65535 deny ip from any to any
提前感谢您的任何提示!:)
小智 3
现有范围内的所有别名都应具有 /32 (255.255.255.255) 网络掩码。所以你举的这个例子是正确的——
ifconfig_em0="inet 70.70.70.20 netmask 255.255.255.248"
ifconfig_em0_alias0="inet 70.70.70.21 netmask 255.255.255.255"
ifconfig_em0_alias1="inet 70.70.70.22 netmask 255.255.255.255"
ifconfig_em0_alias2="inet 60.60.60.44 netmask 255.255.255.248"
ifconfig_em0_alias3="inet 60.60.60.45 netmask 255.255.255.255"
ifconfig_em0_alias4="inet 60.60.60.46 netmask 255.255.255.255"
defaultrouter="70.70.70.17"
70.70.70.20 应该用于正常的出站流量。您无法定义它,但它将始终使用卡上的主 IP 以及新子网别名集中的第一个 IP。
不过,为了进行测试,有很多工具可以提供源选项。例如“ping -S 70.70.70.22 xxxx”,telnet 也可以等。