====== Сервисы Gateway и routing ======
[[http://ru.wikipedia.org/wiki/Маршрутизатор]]
===== Gateway =====
==== Debian/Ubuntu ====
root@gate:~# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0
root@gate:~# sysctl net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1
root@gate:~# cat /etc/sysctl.d/20-my-forward.conf
net.ipv4.ip_forward=1
root@gate:~# sysctl -p --system
==== FreeBSD ====
[gate:~] # sysctl net.inet.ip.forwarding
[gate:~] # sysctl net.inet.ip.forwarding=1
[gate:~] # cat /etc/rc.conf
...
gateway_enable="YES"
...
[gate:~] # /etc/rc.d/routing restart
===== Управление таблицей маршрутизации =====
==== Linux ====
=== iproute2 ===
# ip route help
gate.isp.un# ip r add 192.168.Y.0/24 via 172.16.1.Y
gate#
ip r add 192.168.110.0/24 via 192.168.X.201
ip r add 192.168.120.0/24 via 192.168.X.202
ip r add 192.168.130.0/24 via 192.168.X.203
# ip r del 192.168.Y.0/24
ip route add|del blackhole|unreachable 192.168.100+X.201
=== Classic ===
root@gate:~# netstat -rn
root@gate:~# route -n
root@gate:~# route del default
root@gate:~# route add default gw 172.16.1.254
root@gate:~# route add -net 192.168.Y.0 netmask 255.255.255.0 gw 172.16.1.Y
root@gate:~# route del -net 192.168.Y.0 netmask 255.255.255.0
# route add -host 192.168.100+X.201 reject
# route del -host 192.168.100+X.201 reject
==== FreeBSD ====
[gate:~] # netstat -rn -f inet
[gate:~] # route delete default
[gate:~] # route add default 172.16.1.254
[gate:~] # route add 192.168.Y/24 172.16.1.Y
[gate:~] # route delete 192.168.Y/24
delete net 192.168.Y.0
[gate:~] # route -n flush
===== Добаление статических маршрутов на этапе загрузки =====
==== Debian/Ubuntu ====
* [[https://linuxconfig.org/how-to-add-static-route-with-netplan-on-ubuntu-20-04-focal-fossa-linux|How to add static route with netplan]]
root@gate:~# cat /etc/network/interfaces
...
up route add -net 192.168.Y.0 netmask 255.255.255.0 gw 172.16.1.Y
up ip route add 192.168.Z.0/24 via 172.16.1.Z
==== CentOS ====
# cat /etc/sysconfig/network-scripts/route-eth1
192.168.Y.0/24 via 172.16.1.Y dev eth1
==== FreeBSD ====
[gate:~] # cat /etc/rc.conf
...
defaultrouter="172.16.1.254"
gateway_enable="YES"
static_routes="netY netZ"
route_netY="192.168.Y.0/24 172.16.1.Y"
route_netZ="192.168.Z.0/24 172.16.1.Z"
...
[gate:~] # /etc/rc.d/routing start
===== Динамические протоколы маршрутизации =====
[[http://ru.wikipedia.org/wiki/OSPF]]
==== Протокол OSPF ====
=== Установка ===
=== Debian/Ubuntu ===
root@gate:~# apt install quagga
root@gate:~# cd /etc/quagga/
=== Настройка ===
gate# cat zebra.conf
hostname service_zebra
password zebra
enable password zebra
gate# cat ospfd.conf
hostname service_ospfd
password zebra
enable password zebra
=== FreeBSD ===
[gate:~] # pkg install quagga
[gate:~] # cd /usr/local/etc/quagga/
=== Запуск ===
=== Debian/Ubuntu ===
# service zebra start
# service ospfd start
=== FreeBSD ===
[gate:~] # cat /etc/rc.conf
...
quagga_enable="YES"
quagga_daemons="zebra ospfd"
[gate:~] # /usr/local/etc/rc.d/quagga start
=== Тестирование ===
gate# telnet localhost ospfd
gate_ospfd> en
gate_ospfd# conf term
gate_ospfd(config)# router ospf
gate_ospfd(config-router)# network 172.16.1.0/24 area 0
gate_ospfd(config-router)# redistribute connected
gate_ospfd(config-router)# end
gate_ospfd# show ip ospf neighbor
gate_ospfd# write
gate_ospfd# exit
gate# netstat -rn
gate# telnet localhost zebra
server_zebra> show ip route
server_zebra> exit
gate# netstat -rn
==== Протокол RIP ====
=== Демон routed (freebsd) ===
[gate:~] # cat /etc/rc.conf
...
router_enable="YES"
router_flags="-s"
...
[gate:~] # /etc/rc.d/routed start
[gate:~] # netstat -rn -f inet
...
192.168.Y 172.16.1.Y UG 0 0 fxp0
...
===== PBR =====
* em0 - LAN (net 192.168.X/24 gw 192.168.1.1)
* em1 - ISP1 (net 172.16.1/24 gw 172.16.1.254)
* em3 - ISP2 (net 172.16.2/24 gw 172.16.2.254)
==== PF (FreeBSD) ====
[[http://www.opennet.ru/openforum/vsluhforumID1/63044.html]]
# cat /etc/pf.conf
nat on em1 from 192.168.X/24 to any -> 172.16.1.X
nat on em3 from 192.168.X/24 to any -> 172.16.2.X
pass in quick on em0 from 192.168.X.0/24 to em0
pass in on em0 route-to (em1 172.16.1.254) from 192.168.X/25 to any
pass in on em0 route-to (em3 172.16.2.254) from 192.168.X.128/25 to any
==== NetFilter iproute2 (Linux) ====
* [[https://habr.com/post/108690/|Роутинг и policy-routing в Linux при помощи iproute2]]
=== Управление таблицами iproute2 ===
# ip route show table all #Записи таблицы main отображаются без имени
# ip route show
# ip route show table main #Все пакеты, для которых нет правил, обрабатываются маршрутами таблицы main
# cat /etc/iproute2/rt_tables #Таблицам можно давать имена
# ip route add default via 172.16.1.254 table 101
# ip route add default via 172.16.2.254 table 102
# ip route show table 101
# ip route show table 102
# ip route show table all | grep 'table 10[12]'
# ip rule show
# ip rule add prio 100 from 192.168.X.0/24 to 192.168.X.0/24 table main
# ip rule add prio 200 from 192.168.X.0/25 table 101
# ip rule add prio 300 from 192.168.X.128/25 table 102
# ip rule show
# ip rule del prio 300
# ip rule del prio 200
# ip rule del prio 100
# ip route del default via 172.16.1.254 table 101
# ip route del default via 172.16.2.254 table 102
# ip route flush table 101
# ip route flush table 102
=== Использование iproute2 для управления выбором ISP ===
# cat nat.sh
iptables -t nat --flush
iptables -t nat -A POSTROUTING -o eth1 -s 192.168.X.0/24 -j SNAT --to-source 172.16.1.X
iptables -t nat -A POSTROUTING -o eth2 -s 192.168.X.0/24 -j SNAT --to-source 172.16.2.X
conntrack -F
# iptables-save > /etc/iptables.rules
# cat /etc/network/interfaces
...
auto eth0
iface eth0 inet static
pre-up iptables-restore < /etc/iptables.rules
post-up ip rule add prio 100 from 192.168.X.0/24 to 192.168.X.0/24 table main
post-up ip rule add prio 200 from 192.168.X.0/25 table 101
post-up ip rule add prio 300 from 192.168.X.128/25 table 102
address 192.168.X.1
netmask 255.255.255.0
auto eth1
iface eth1 inet static
post-up ip route add default via 172.16.1.254 table 101
address 172.16.1.X
netmask 255.255.255.0
auto eth2
iface eth2 inet static
post-up ip route add default via 172.16.2.254 table 102
address 172.16.2.X
netmask 255.255.255.0