This shows you the differences between two versions of the page.
Both sides previous revision Previous revision Next revision | Previous revision Next revision Both sides next revision | ||
сервисы_gateway_и_routing [2020/01/22 16:03] val [NetFilter iproute2 (Linux)] |
сервисы_gateway_и_routing [2022/01/29 16:28] val [NetFilter iproute2 (Linux)] |
||
---|---|---|---|
Line 4: | Line 4: | ||
===== Gateway ===== | ===== Gateway ===== | ||
- | |||
- | ==== FreeBSD ==== | ||
- | <code> | ||
- | [gate:~] # sysctl net.inet.ip.forwarding | ||
- | |||
- | [gate:~] # sysctl net.inet.ip.forwarding=1 | ||
- | |||
- | [gate:~] # cat /etc/rc.conf | ||
- | </code><code> | ||
- | ... | ||
- | gateway_enable="YES" | ||
- | ... | ||
- | </code><code> | ||
- | [gate:~] # /etc/rc.d/routing restart | ||
- | </code> | ||
==== Debian/Ubuntu ==== | ==== Debian/Ubuntu ==== | ||
Line 36: | Line 21: | ||
root@gate:~# sysctl -f | root@gate:~# sysctl -f | ||
</code> | </code> | ||
- | |||
- | ===== Управление таблицей маршрутизации ===== | ||
==== FreeBSD ==== | ==== FreeBSD ==== | ||
<code> | <code> | ||
- | [gate:~] # netstat -rn -f inet | + | [gate:~] # sysctl net.inet.ip.forwarding |
- | [gate:~] # route delete default | + | [gate:~] # sysctl net.inet.ip.forwarding=1 |
- | + | ||
- | [gate:~] # route add default 172.16.1.254 | + | |
- | [gate:~] # route add 192.168.Y/24 172.16.1.Y | + | [gate:~] # cat /etc/rc.conf |
- | + | </code><code> | |
- | [gate:~] # route delete 192.168.Y/24 | + | ... |
- | delete net 192.168.Y.0 | + | gateway_enable="YES" |
- | + | ... | |
- | [gate:~] # route -n flush | + | </code><code> |
+ | [gate:~] # /etc/rc.d/routing restart | ||
</code> | </code> | ||
+ | |||
+ | ===== Управление таблицей маршрутизации ===== | ||
==== Linux ==== | ==== Linux ==== | ||
Line 63: | Line 47: | ||
# ip r add 192.168.Y.0/24 via 172.16.1.Y | # ip r add 192.168.Y.0/24 via 172.16.1.Y | ||
+ | |||
+ | # ip r del 192.168.Y.0/24 | ||
</code> | </code> | ||
Line 83: | Line 69: | ||
# route del -host 192.168.100+X.201 reject | # route del -host 192.168.100+X.201 reject | ||
</code> | </code> | ||
- | |||
- | ===== Добаление статических маршрутов на этапе загрузки ===== | ||
==== FreeBSD ==== | ==== FreeBSD ==== | ||
<code> | <code> | ||
- | [gate:~] # cat /etc/rc.conf | + | [gate:~] # netstat -rn -f inet |
- | </code><code> | + | |
- | ... | + | [gate:~] # route delete default |
- | defaultrouter="172.16.1.254" | + | |
- | gateway_enable="YES" | + | [gate:~] # route add default 172.16.1.254 |
- | static_routes="netY netZ" | + | |
- | route_netY="192.168.Y.0/24 172.16.1.Y" | + | [gate:~] # route add 192.168.Y/24 172.16.1.Y |
- | route_netZ="192.168.Z.0/24 172.16.1.Z" | + | |
- | ... | + | [gate:~] # route delete 192.168.Y/24 |
- | </code><code> | + | delete net 192.168.Y.0 |
- | [gate:~] # /etc/rc.d/routing start | + | |
+ | [gate:~] # route -n flush | ||
</code> | </code> | ||
+ | |||
+ | ===== Добаление статических маршрутов на этапе загрузки ===== | ||
==== Debian/Ubuntu ==== | ==== Debian/Ubuntu ==== | ||
Line 116: | Line 103: | ||
192.168.Y.0/24 via 172.16.1.Y dev eth1 | 192.168.Y.0/24 via 172.16.1.Y dev eth1 | ||
</code> | </code> | ||
+ | ==== FreeBSD ==== | ||
+ | <code> | ||
+ | [gate:~] # cat /etc/rc.conf | ||
+ | </code><code> | ||
+ | ... | ||
+ | defaultrouter="172.16.1.254" | ||
+ | gateway_enable="YES" | ||
+ | static_routes="netY netZ" | ||
+ | route_netY="192.168.Y.0/24 172.16.1.Y" | ||
+ | route_netZ="192.168.Z.0/24 172.16.1.Z" | ||
+ | ... | ||
+ | </code><code> | ||
+ | [gate:~] # /etc/rc.d/routing start | ||
+ | </code> | ||
+ | |||
===== Динамические протоколы маршрутизации ===== | ===== Динамические протоколы маршрутизации ===== | ||
Line 266: | Line 268: | ||
# ip route show table all #Записи таблицы main отображаются без имени | # ip route show table all #Записи таблицы main отображаются без имени | ||
+ | # ip route show | ||
# ip route show table main #Все пакеты, для которых нет правил, обрабатываются маршрутами таблицы main | # ip route show table main #Все пакеты, для которых нет правил, обрабатываются маршрутами таблицы main | ||
Line 278: | Line 281: | ||
# ip route show table all | grep 'table 10[12]' | # ip route show table all | grep 'table 10[12]' | ||
- | # ip rule add from 192.168.X.0/25 table 101 | + | # ip rule show |
- | # ip rule add from 192.168.X.128/25 table 102 | + | |
- | # ip rule add from 192.168.X.0/24 to 192.168.X.0/24 table main | + | # ip rule add prio 100 from 192.168.X.0/24 to 192.168.X.0/24 table main |
+ | # ip rule add prio 200 from 192.168.X.0/25 table 101 | ||
+ | # ip rule add prio 300 from 192.168.X.128/25 table 102 | ||
# ip rule show | # ip rule show | ||
- | # ip rule del from 192.168.X.0/24 to 192.168.X.0/24 table main | + | # ip rule del prio 300 |
- | # ip rule del from any table 101 | + | # ip rule del prio 200 |
- | # ip rule del from any table 102 | + | # ip rule del prio 100 |
+ | |||
+ | # ip route del default via 172.16.1.254 table 101 | ||
+ | # ip route del default via 172.16.2.254 table 102 | ||
+ | |||
+ | # ip route flush table 101 | ||
+ | # ip route flush table 102 | ||
</code> | </code> | ||
Line 302: | Line 313: | ||
# iptables-save > /etc/iptables.rules | # iptables-save > /etc/iptables.rules | ||
</code><code> | </code><code> | ||
- | # cat cat /etc/network/interfaces | + | # cat /etc/network/interfaces |
</code><code> | </code><code> | ||
... | ... | ||
Line 309: | Line 320: | ||
pre-up iptables-restore < /etc/iptables.rules | pre-up iptables-restore < /etc/iptables.rules | ||
+ | | ||
post-up ip rule add prio 100 from 192.168.X.0/24 to 192.168.X.0/24 table main | post-up ip rule add prio 100 from 192.168.X.0/24 to 192.168.X.0/24 table main | ||
- | |||
post-up ip rule add prio 200 from 192.168.X.0/25 table 101 | post-up ip rule add prio 200 from 192.168.X.0/25 table 101 | ||
- | post-up ip rule add prio 200 from 192.168.X.128/25 table 102 | + | post-up ip rule add prio 300 from 192.168.X.128/25 table 102 |
- | address 192.168.13.1 | + | |
+ | address 192.168.X.1 | ||
netmask 255.255.255.0 | netmask 255.255.255.0 | ||
auto eth1 | auto eth1 | ||
iface eth1 inet static | iface eth1 inet static | ||
+ | |||
post-up ip route add default via 172.16.1.254 table 101 | post-up ip route add default via 172.16.1.254 table 101 | ||
- | address 172.16.1.13 | + | |
+ | address 172.16.1.X | ||
netmask 255.255.255.0 | netmask 255.255.255.0 | ||
auto eth2 | auto eth2 | ||
iface eth2 inet static | iface eth2 inet static | ||
+ | |||
post-up ip route add default via 172.16.2.254 table 102 | post-up ip route add default via 172.16.2.254 table 102 | ||
- | address 172.16.2.13 | + | |
+ | address 172.16.2.X | ||
netmask 255.255.255.0 | netmask 255.255.255.0 | ||
</code> | </code> |