sle*_*eur 5 networking routing ip
我有一台有两个互联网连接的 PC。第一个是以太网接口,用于连接到我的本地网络并通过我的路由器访问互联网。第二个使用 GSM 调制解调器与 ppp 连接。
我希望能够在指定接口时独立使用每个连接,例如:
ping -I eth0 www.google.com
ping -I ppp0 www.google.com
并且如果没有选择接口并且通过 eth0 的连接有效,则能够默认使用 eth0,但如果通过 eth0 的连接无效,则使用 ppp0。
我阅读了这篇文章并创建了以下规则:
# Main table
ip route add 10.0.0.0/24 dev eth0 src 10.0.0.100
ip route add 10.64.64.64 dev ppp0 src 10.123.122.101
ip route add default via 10.0.0.1
# Specific tables
ip route add 10.0.0.0/24 dev eth0 src 10.0.0.100 table eth0
ip route add default via 10.0.0.1 table eth0
ip route add 10.64.64.64 dev ppp0 src 10.123.122.101 table ppp0
ip route add default via 10.64.64.64 table ppp0
# Rules
ip rule add from 10.0.0.100 table eth0
ip rule add from 10.123.122.101 table ppp0
起初它似乎工作。然而 eth0 表似乎从未使用过。我预计会发生以下情况:
ping -I eth0 www.google.ch # Use default gateway in table eth0
ping -I ppp0 www.google.ch # Use default gateway in table ppp0
ping www.google.ch # Use default gateway (main)
但是,如果我删除默认网关(主),则 eth0 接口根本不起作用。显然有一些我不明白的地方。你能解释一下如何实现我想要的吗?
根据@derobert 的回答进行编辑:
我测试了以下配置,但仍然出现相同的错误(适用于 ppp0,但不适用于 eth0)。
路线:
# ip rule list
0: from all lookup local
1500: from 10.0.0.100 lookup eth0
1501: from 10.123.122.101 lookup ppp0
2000: from all fwmark 0x1 lookup eth0
2001: from all fwmark 0x2 lookup ppp0
32766: from all lookup main
32767: from all lookup default
# ip route list table eth0
10.0.0.0/24 dev eth0 src 10.0.0.100
default via 10.0.0.1 dev eth0
# ip route list table ppp0
10.64.64.64 dev ppp0 src 10.123.122.101
default via 10.64.64.64 dev ppp0
# ip route list table main
10.64.64.64 dev ppp0 src 10.123.122.101
192.168.1.0/24 dev eth1 src 192.168.1.1
10.0.0.0/24 dev eth0 src 10.0.0.100
防火墙:
# iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
# iptables -L -t mangle
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
CONNMARK all -- anywhere anywhere CONNMARK restore
RETURN all -- anywhere anywhere mark match !0x0
MARK all -- anywhere anywhere MARK set 0x1
MARK all -- anywhere anywhere MARK set 0x2
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MARK all -- anywhere anywhere MARK set 0x1
MARK all -- anywhere anywhere MARK set 0x2
CONNMARK all -- anywhere anywhere CONNMARK save
# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT all -- 10.0.0.1 anywhere to:10.0.0.100
SNAT all -- 10.64.64.64 anywhere to:10.123.122.101
我删除了所有其他防火墙规则以确保它们不会干扰。我得到这个结果:
# ip route get 8.2.1.1 from 10.0.0.100
8.2.1.1 from 10.0.0.100 via 10.0.0.1 dev eth0
# ip route get 8.2.1.1 from 10.123.122.101
8.2.1.1 from 10.123.122.101 via 10.64.64.64 dev ppp0
# ping -I ppp0 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
64 bytes from 8.8.8.8: seq=0 ttl=45 time=350.108 ms
64 bytes from 8.8.8.8: seq=1 ttl=45 time=349.768 ms
64 bytes from 8.8.8.8: seq=2 ttl=45 time=329.671 ms
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 329.671/343.182/350.108 ms
128# ping -I eth0 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
^C
--- 8.8.8.8 ping statistics ---
5 packets transmitted, 0 packets received, 100% packet loss
规则似乎没问题,但显然还有另一个问题。我不太明白 SNAT 在这里的作用。我添加了规则以反映答案的配置,如果它们可能是错误的。
小智 1
您需要将 eth0 设备的权重设置为比 ppp0 设备更高的优先级。
例子:
ip route append default scope global nexthop via 10.0.0.1 dev eth0 weight 2 nexthop via 10.64.64.65 dev ppp0 weight 3