Differences

This shows you the differences between two versions of the page.

--- сервисы_gateway_и_routing [2016/04/26 10:48]
val [NetFilter iproute2 (Linux)]
+++ сервисы_gateway_и_routing [2024/06/24 05:41] (current)
val [Протокол OSPF]
@@ Line 5: / Line 5: @@
 ===== Gateway =====
-==== FreeBSD ====
+==== Debian/Ubuntu ====
 <code>
-[gate:~] # sysctl net.inet.ip.forwarding
+root@gate:~# sysctl net.ipv4.ip_forward
+net.ipv4.ip_forward = 0
-[gate:~] # sysctl net.inet.ip.forwarding=1
+root@gate:~# sysctl net.ipv4.ip_forward=1
+net.ipv4.ip_forward = 1
-[gate:~] # cat /etc/rc.conf
+root@gate:~# cat /etc/sysctl.d/20-my-forward.conf
 </code><code>
-...
+net.ipv4.ip_forward=1
-gateway_enable="YES"
-...
 </code><code>
-[gate:~] # /etc/rc.d/routing restart
+root@gate:~# sysctl -p --system
 </code>
-==== Ubuntu ====
+==== FreeBSD ====
 <code>
-root@gate:~# sysctl net.ipv4.ip_forward
+[gate:~] # sysctl net.inet.ip.forwarding
-net.ipv4.ip_forward = 0
-root@gate:~# sysctl net.ipv4.ip_forward=1
+[gate:~] # sysctl net.inet.ip.forwarding=1
-net.ipv4.ip_forward = 1
-root@gate:~# cat /etc/sysctl.conf
+[gate:~] # cat /etc/rc.conf
 </code><code>
 ...
-net.ipv4.ip_forward=1
+gateway_enable="YES"
 ...
 </code><code>
-root@gate:~# sysctl -f
+[gate:~] # /etc/rc.d/routing restart
 </code>
 ===== Управление таблицей маршрутизации =====
-==== FreeBSD ====
+==== Linux ====
+=== iproute2 ===
 <code>
-[gate:~] # netstat -rn -f inet
+# ip route help
-[gate:~] # route delete default
+gate.isp.un# ip r add 192.168.Y.0/24 via 172.16.1.Y
-[gate:~] # route add default 172.16.1.254
+gate#
+ip r add 192.168.110.0/24 via 192.168.X.201
+ip r add 192.168.120.0/24 via 192.168.X.202
+ip r add 192.168.130.0/24 via 192.168.X.203
-[gate:~] # route add 192.168.Y/24 172.16.1.Y
+# ip r del 192.168.Y.0/24
-[gate:~] # route delete 192.168.Y/24
+ip route add|del blackhole|unreachable 192.168.100+X.201
-delete net 192.168.Y.0
-[gate:~] # route -n flush
 </code>
-==== Ubuntu ====
+=== Classic ===
 <code>
 root@gate:~# netstat -rn
@@ Line 72: / Line 73: @@
 # route del -host 192.168.100+X.201 reject
+</code>
+==== FreeBSD ====
+<code>
+[gate:~] # netstat -rn -f inet
+[gate:~] # route delete default
+[gate:~] # route add default 172.16.1.254
+[gate:~] # route add 192.168.Y/24 172.16.1.Y
+[gate:~] # route delete 192.168.Y/24
+delete net 192.168.Y.0
+[gate:~] # route -n flush
 </code>
 ===== Добаление статических маршрутов на этапе загрузки =====
+==== Debian/Ubuntu ====
+  * [[https://linuxconfig.org/how-to-add-static-route-with-netplan-on-ubuntu-20-04-focal-fossa-linux|How to add static route with netplan]]
+<code>
+root@gate:~# cat /etc/network/interfaces
+</code><code>
+...
+up route add -net 192.168.Y.0 netmask 255.255.255.0 gw 172.16.1.Y
+up ip route add 192.168.Z.0/24 via 172.16.1.Z
+</code>
+==== CentOS ====
+<code>
+# cat /etc/sysconfig/network-scripts/route-eth1
+</code><code>
+.168.Y.0/24 via 172.16.1.Y dev eth1
+</code>
 ==== FreeBSD ====
 <code>
@@ Line 89: / Line 124: @@
 </code><code>
 [gate:~] # /etc/rc.d/routing start
-</code>
-==== Ubuntu ====
-<code>
-root@gate:~# cat /etc/network/interfaces
-</code><code>
-...
-up route add -net 192.168.Y.0 netmask 255.255.255.0 gw 172.16.1.Y
-up route add -net 192.168.Z.0 netmask 255.255.255.0 gw 172.16.1.Z
 </code>
@@ Line 106: / Line 132: @@
 ==== Протокол OSPF ====
-=== Установка ===
+=== frr ===
+  * [[https://docs.frrouting.org/en/latest/setup.html]]
-== FreeBSD ==
 <code>
-[gate:~] # pkg install quagga
+# apt install frr
-[gate:~] # cd /usr/local/etc/quagga/
+# cat /etc/frr/daemons
+</code><code>
+...
+ospfd=yes
+...
+</code><code>
+# systemctl restart frr
+# ps ax | grep frr
+# vtysh
+...
+# show run
 </code>
-== Ubuntu ==
+=== quagga ===
+=== Debian/Ubuntu ===
 <code>
-root@gate:~# apt-get install quagga
+root@gate:~# apt install quagga
 root@gate:~# cd /etc/quagga/
@@ Line 135: / Line 176: @@
 password zebra
 enable password zebra
+</code>
+=== FreeBSD ===
+<code>
+[gate:~] # pkg install quagga
+[gate:~] # cd /usr/local/etc/quagga/
 </code>
 === Запуск ===
-== FreeBSD ==
+=== Debian/Ubuntu ===
+<code>
+# service zebra start
+# service ospfd start
+</code>
+=== FreeBSD ===
 <code>
 [gate:~] # cat /etc/rc.conf
@@ Line 148: / Line 203: @@
 </code><code>
 [gate:~] # /usr/local/etc/rc.d/quagga start
-</code>
-== Ubuntu ==
-<code>
-root@gate:~# cat /etc/quagga/daemons
-</code><code>
-...
-zebra=yes
-...
-ospfd=yes
-...
-</code><code>
-root@gate:~# chown -R quagga /etc/quagga/
-root@gate:~# /etc/init.d/quagga start
 </code>
@@ Line 236: / Line 276: @@
 ==== NetFilter iproute2 (Linux) ====
-  * [[http://habrahabr.ru/post/108690/|Роутинг и policy-routing в Linux при помощи iproute2]]
+  * [[https://habr.com/post/108690/|Роутинг и policy-routing в Linux при помощи iproute2]]
 === Управление таблицами iproute2 ===
 <code>
-# cat /etc/iproute2/rt_tables
+# ip route show table all  #Записи таблицы main отображаются без имени
-# ip route show table local
+# ip route show
+# ip route show table main  #Все пакеты, для которых нет правил, обрабатываются маршрутами таблицы main
-# ip route show table main
+# cat /etc/iproute2/rt_tables  #Таблицам можно давать имена
 # ip route add default via 172.16.1.254 table 101
@@ Line 252: / Line 293: @@
 # ip route show table 101
 # ip route show table 102
-# ip route show table all
-# ip rule add from 192.168.X.0/24 to 192.168.X.0/24 table main
+# ip route show table all | grep 'table 10[12]'
-# ip rule add from 192.168.X.0/25 table 101
-# ip rule add from 192.168.X.128/25 table 102
+# ip rule show
+# ip rule add prio 100 from 192.168.X.0/24 to 192.168.X.0/24 table main
+# ip rule add prio 200 from 192.168.X.0/25 table 101
+# ip rule add prio 300 from 192.168.X.128/25 table 102
 # ip rule show
-# ip rule del from any table 101
+# ip rule del prio 300
-# ip rule del from any table 102
+# ip rule del prio 200
+# ip rule del prio 100
+# ip route del default via 172.16.1.254 table 101
+# ip route del default via 172.16.2.254 table 102
+# ip route flush table 101
+# ip route flush table 102
 </code>
@@ Line 272: / Line 322: @@
 iptables -t nat -A POSTROUTING -o eth1 -s 192.168.X.0/24 -j SNAT --to-source 172.16.1.X
-iptables -t nat -A POSTROUTING -o eth3 -s 192.168.X.0/24 -j SNAT --to-source 172.16.2.X
+iptables -t nat -A POSTROUTING -o eth2 -s 192.168.X.0/24 -j SNAT --to-source 172.16.2.X
 conntrack -F
 </code><code>
-# iptables-save -c > /etc/iptables.rules
+# iptables-save > /etc/iptables.rules
 </code><code>
-# cat /etc/rc.local
+# cat /etc/network/interfaces
 </code><code>
 ...
-# Create tables with specific routing
+auto eth0
-ip route add default via 172.16.1.254 table 101
+iface eth0 inet static
-ip route add default via 172.16.2.254 table 102
+        pre-up iptables-restore < /etc/iptables.rules
+        post-up ip rule add prio 100 from 192.168.X.0/24 to 192.168.X.0/24 table main
+        post-up ip rule add prio 200 from 192.168.X.0/25 table 101
+        post-up ip rule add prio 300 from 192.168.X.128/25 table 102
+        address 192.168.X.1
+        netmask 255.255.255.0
+auto eth1
+iface eth1 inet static
+        post-up ip route add default via 172.16.1.254 table 101
+        address 172.16.1.X
+        netmask 255.255.255.0
+auto eth2
+iface eth2 inet static
-# Insert rules for choosing traffic for tables
+        post-up ip route add default via 172.16.2.254 table 102
-ip rule add from 192.168.X.0/25 table 101
-ip rule add from 192.168.X.128/25 table 102
-ip rule add from 192.168.X.0/24 to 192.168.X.0/24 table main
-exit 0
+        address 172.16.2.X
+        netmask 255.255.255.0
 </code>

Методические материалы Лохтурова Вячеслава

User Tools

Site Tools

Differences

Page Tools