This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
сервисы_gateway_и_routing [2017/10/10 08:53] val [NetFilter iproute2 (Linux)] |
сервисы_gateway_и_routing [2022/09/06 16:26] val [Debian/Ubuntu] |
||
---|---|---|---|
Line 5: | Line 5: | ||
===== Gateway ===== | ===== Gateway ===== | ||
- | ==== FreeBSD ==== | + | ==== Debian/Ubuntu ==== |
<code> | <code> | ||
- | [gate:~] # sysctl net.inet.ip.forwarding | + | root@gate:~# sysctl net.ipv4.ip_forward |
+ | net.ipv4.ip_forward = 0 | ||
- | [gate:~] # sysctl net.inet.ip.forwarding=1 | + | root@gate:~# sysctl net.ipv4.ip_forward=1 |
+ | net.ipv4.ip_forward = 1 | ||
- | [gate:~] # cat /etc/rc.conf | + | root@gate:~# cat /etc/sysctl.d/20-my-forward.conf |
</code><code> | </code><code> | ||
- | ... | + | net.ipv4.ip_forward=1 |
- | gateway_enable="YES" | + | |
- | ... | + | |
</code><code> | </code><code> | ||
- | [gate:~] # /etc/rc.d/routing restart | + | root@gate:~# sysctl -p --system |
</code> | </code> | ||
- | ==== Ubuntu ==== | + | ==== FreeBSD ==== |
<code> | <code> | ||
- | root@gate:~# sysctl net.ipv4.ip_forward | + | [gate:~] # sysctl net.inet.ip.forwarding |
- | net.ipv4.ip_forward = 0 | + | |
- | root@gate:~# sysctl net.ipv4.ip_forward=1 | + | [gate:~] # sysctl net.inet.ip.forwarding=1 |
- | net.ipv4.ip_forward = 1 | + | |
- | root@gate:~# cat /etc/sysctl.conf | + | [gate:~] # cat /etc/rc.conf |
</code><code> | </code><code> | ||
... | ... | ||
- | net.ipv4.ip_forward=1 | + | gateway_enable="YES" |
... | ... | ||
</code><code> | </code><code> | ||
- | root@gate:~# sysctl -f | + | [gate:~] # /etc/rc.d/routing restart |
</code> | </code> | ||
===== Управление таблицей маршрутизации ===== | ===== Управление таблицей маршрутизации ===== | ||
- | ==== FreeBSD ==== | + | ==== Linux ==== |
- | <code> | + | |
- | [gate:~] # netstat -rn -f inet | + | |
- | [gate:~] # route delete default | + | === iproute2 === |
- | [gate:~] # route add default 172.16.1.254 | + | <code> |
+ | # ip route help | ||
- | [gate:~] # route add 192.168.Y/24 172.16.1.Y | + | # ip r add 192.168.Y.0/24 via 172.16.1.Y |
- | [gate:~] # route delete 192.168.Y/24 | + | # ip r del 192.168.Y.0/24 |
- | delete net 192.168.Y.0 | + | |
- | + | ||
- | [gate:~] # route -n flush | + | |
</code> | </code> | ||
- | ==== Ubuntu ==== | + | === Classic === |
<code> | <code> | ||
root@gate:~# netstat -rn | root@gate:~# netstat -rn | ||
Line 72: | Line 66: | ||
# route del -host 192.168.100+X.201 reject | # route del -host 192.168.100+X.201 reject | ||
+ | </code> | ||
+ | |||
+ | ==== FreeBSD ==== | ||
+ | <code> | ||
+ | [gate:~] # netstat -rn -f inet | ||
+ | |||
+ | [gate:~] # route delete default | ||
+ | |||
+ | [gate:~] # route add default 172.16.1.254 | ||
+ | |||
+ | [gate:~] # route add 192.168.Y/24 172.16.1.Y | ||
+ | |||
+ | [gate:~] # route delete 192.168.Y/24 | ||
+ | delete net 192.168.Y.0 | ||
+ | |||
+ | [gate:~] # route -n flush | ||
</code> | </code> | ||
===== Добаление статических маршрутов на этапе загрузки ===== | ===== Добаление статических маршрутов на этапе загрузки ===== | ||
+ | ==== Debian/Ubuntu ==== | ||
+ | |||
+ | * [[https://linuxconfig.org/how-to-add-static-route-with-netplan-on-ubuntu-20-04-focal-fossa-linux|How to add static route with netplan]] | ||
+ | |||
+ | <code> | ||
+ | root@gate:~# cat /etc/network/interfaces | ||
+ | </code><code> | ||
+ | ... | ||
+ | up route add -net 192.168.Y.0 netmask 255.255.255.0 gw 172.16.1.Y | ||
+ | up ip route add 192.168.Z.0/24 via 172.16.1.Z | ||
+ | </code> | ||
+ | |||
+ | ==== CentOS ==== | ||
+ | <code> | ||
+ | # cat /etc/sysconfig/network-scripts/route-eth1 | ||
+ | </code><code> | ||
+ | 192.168.Y.0/24 via 172.16.1.Y dev eth1 | ||
+ | </code> | ||
==== FreeBSD ==== | ==== FreeBSD ==== | ||
<code> | <code> | ||
Line 89: | Line 117: | ||
</code><code> | </code><code> | ||
[gate:~] # /etc/rc.d/routing start | [gate:~] # /etc/rc.d/routing start | ||
- | </code> | ||
- | |||
- | ==== Ubuntu ==== | ||
- | <code> | ||
- | root@gate:~# cat /etc/network/interfaces | ||
- | </code><code> | ||
- | ... | ||
- | up route add -net 192.168.Y.0 netmask 255.255.255.0 gw 172.16.1.Y | ||
- | up route add -net 192.168.Z.0 netmask 255.255.255.0 gw 172.16.1.Z | ||
</code> | </code> | ||
Line 108: | Line 127: | ||
=== Установка === | === Установка === | ||
- | == FreeBSD == | + | === Debian/Ubuntu === |
<code> | <code> | ||
- | [gate:~] # pkg install quagga | + | root@gate:~# apt install quagga |
- | + | ||
- | [gate:~] # cd /usr/local/etc/quagga/ | + | |
- | </code> | + | |
- | + | ||
- | == Ubuntu == | + | |
- | <code> | + | |
- | root@gate:~# apt-get install quagga | + | |
root@gate:~# cd /etc/quagga/ | root@gate:~# cd /etc/quagga/ | ||
Line 135: | Line 147: | ||
password zebra | password zebra | ||
enable password zebra | enable password zebra | ||
+ | </code> | ||
+ | |||
+ | === FreeBSD === | ||
+ | <code> | ||
+ | [gate:~] # pkg install quagga | ||
+ | |||
+ | [gate:~] # cd /usr/local/etc/quagga/ | ||
</code> | </code> | ||
=== Запуск === | === Запуск === | ||
- | == FreeBSD == | + | === Debian/Ubuntu === |
+ | <code> | ||
+ | # service zebra start | ||
+ | |||
+ | # service ospfd start | ||
+ | </code> | ||
+ | |||
+ | === FreeBSD === | ||
<code> | <code> | ||
[gate:~] # cat /etc/rc.conf | [gate:~] # cat /etc/rc.conf | ||
Line 148: | Line 174: | ||
</code><code> | </code><code> | ||
[gate:~] # /usr/local/etc/rc.d/quagga start | [gate:~] # /usr/local/etc/rc.d/quagga start | ||
- | </code> | ||
- | |||
- | == Ubuntu == | ||
- | <code> | ||
- | root@gate:~# cat /etc/quagga/daemons | ||
- | </code><code> | ||
- | ... | ||
- | zebra=yes | ||
- | ... | ||
- | ospfd=yes | ||
- | ... | ||
- | </code><code> | ||
- | root@gate:~# chown -R quagga /etc/quagga/ | ||
- | |||
- | root@gate:~# /etc/init.d/quagga start | ||
</code> | </code> | ||
Line 236: | Line 247: | ||
==== NetFilter iproute2 (Linux) ==== | ==== NetFilter iproute2 (Linux) ==== | ||
- | * [[http://habrahabr.ru/post/108690/|Роутинг и policy-routing в Linux при помощи iproute2]] | + | * [[https://habr.com/post/108690/|Роутинг и policy-routing в Linux при помощи iproute2]] |
=== Управление таблицами iproute2 === | === Управление таблицами iproute2 === | ||
<code> | <code> | ||
- | # cat /etc/iproute2/rt_tables | + | # ip route show table all #Записи таблицы main отображаются без имени |
- | # ip route show table all | + | |
- | # ip route show table main | + | # ip route show |
+ | # ip route show table main #Все пакеты, для которых нет правил, обрабатываются маршрутами таблицы main | ||
+ | |||
+ | # cat /etc/iproute2/rt_tables #Таблицам можно давать имена | ||
# ip route add default via 172.16.1.254 table 101 | # ip route add default via 172.16.1.254 table 101 | ||
Line 251: | Line 264: | ||
# ip route show table 101 | # ip route show table 101 | ||
# ip route show table 102 | # ip route show table 102 | ||
- | # ip route show table all | ||
- | # ip rule add from 192.168.X.0/24 to 192.168.X.0/24 table main | + | # ip route show table all | grep 'table 10[12]' |
- | # ip rule add from 192.168.X.0/25 table 101 | + | |
- | # ip rule add from 192.168.X.128/25 table 102 | + | |
+ | # ip rule show | ||
+ | |||
+ | # ip rule add prio 100 from 192.168.X.0/24 to 192.168.X.0/24 table main | ||
+ | # ip rule add prio 200 from 192.168.X.0/25 table 101 | ||
+ | # ip rule add prio 300 from 192.168.X.128/25 table 102 | ||
# ip rule show | # ip rule show | ||
- | # ip rule del from any table 101 | + | # ip rule del prio 300 |
- | # ip rule del from any table 102 | + | # ip rule del prio 200 |
+ | # ip rule del prio 100 | ||
+ | |||
+ | # ip route del default via 172.16.1.254 table 101 | ||
+ | # ip route del default via 172.16.2.254 table 102 | ||
+ | |||
+ | # ip route flush table 101 | ||
+ | # ip route flush table 102 | ||
</code> | </code> | ||
Line 271: | Line 293: | ||
iptables -t nat -A POSTROUTING -o eth1 -s 192.168.X.0/24 -j SNAT --to-source 172.16.1.X | iptables -t nat -A POSTROUTING -o eth1 -s 192.168.X.0/24 -j SNAT --to-source 172.16.1.X | ||
- | iptables -t nat -A POSTROUTING -o eth3 -s 192.168.X.0/24 -j SNAT --to-source 172.16.2.X | + | iptables -t nat -A POSTROUTING -o eth2 -s 192.168.X.0/24 -j SNAT --to-source 172.16.2.X |
conntrack -F | conntrack -F | ||
</code><code> | </code><code> | ||
- | # iptables-save -c > /etc/iptables.rules | + | # iptables-save > /etc/iptables.rules |
</code><code> | </code><code> | ||
- | # cat /etc/rc.local | + | # cat /etc/network/interfaces |
</code><code> | </code><code> | ||
... | ... | ||
- | # Create tables with specific routing | + | auto eth0 |
- | ip route add default via 172.16.1.254 table 101 | + | iface eth0 inet static |
- | ip route add default via 172.16.2.254 table 102 | + | |
+ | pre-up iptables-restore < /etc/iptables.rules | ||
+ | |||
+ | post-up ip rule add prio 100 from 192.168.X.0/24 to 192.168.X.0/24 table main | ||
+ | post-up ip rule add prio 200 from 192.168.X.0/25 table 101 | ||
+ | post-up ip rule add prio 300 from 192.168.X.128/25 table 102 | ||
+ | |||
+ | address 192.168.X.1 | ||
+ | netmask 255.255.255.0 | ||
+ | |||
+ | auto eth1 | ||
+ | iface eth1 inet static | ||
+ | |||
+ | post-up ip route add default via 172.16.1.254 table 101 | ||
+ | |||
+ | address 172.16.1.X | ||
+ | netmask 255.255.255.0 | ||
+ | |||
+ | auto eth2 | ||
+ | iface eth2 inet static | ||
- | # Insert rules for choosing traffic for tables | + | post-up ip route add default via 172.16.2.254 table 102 |
- | ip rule add from 192.168.X.0/25 table 101 | + | |
- | ip rule add from 192.168.X.128/25 table 102 | + | |
- | ip rule add from 192.168.X.0/24 to 192.168.X.0/24 table main | + | |
- | exit 0 | + | address 172.16.2.X |
+ | netmask 255.255.255.0 | ||
</code> | </code> |