====== Сервисы Gateway и routing ======

[[http://ru.wikipedia.org/wiki/Маршрутизатор]]

===== Gateway =====

==== Debian/Ubuntu ====
<code>
root@gate:~# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0

root@gate:~# sysctl net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1

root@gate:~# cat /etc/sysctl.d/20-my-forward.conf
</code><code>
net.ipv4.ip_forward=1
</code><code>
root@gate:~# sysctl -p --system 
</code>

==== FreeBSD ====
<code>
[gate:~] # sysctl net.inet.ip.forwarding

[gate:~] # sysctl net.inet.ip.forwarding=1

[gate:~] # cat /etc/rc.conf
</code><code>
...
gateway_enable="YES"
...
</code><code>
[gate:~] # /etc/rc.d/routing restart
</code>

===== Управление таблицей маршрутизации =====

==== Linux ====

=== iproute2 ===

<code>
# ip route help

gate.isp.un# ip r add 192.168.Y.0/24 via 172.16.1.Y

gate# 
ip r add 192.168.110.0/24 via 192.168.X.201
ip r add 192.168.120.0/24 via 192.168.X.202
ip r add 192.168.130.0/24 via 192.168.X.203

# ip r del 192.168.Y.0/24

ip route add|del blackhole|unreachable 192.168.100+X.201
</code>

=== Classic ===
<code>
root@gate:~# netstat -rn

root@gate:~# route -n

root@gate:~# route del default

root@gate:~# route add default gw 172.16.1.254

root@gate:~# route add -net 192.168.Y.0 netmask 255.255.255.0 gw 172.16.1.Y

root@gate:~# route del -net 192.168.Y.0 netmask 255.255.255.0

# route add -host 192.168.100+X.201 reject

# route del -host 192.168.100+X.201 reject
</code>

==== FreeBSD ====
<code>
[gate:~] # netstat -rn -f inet

[gate:~] # route delete default

[gate:~] # route add default 172.16.1.254

[gate:~] # route add 192.168.Y/24 172.16.1.Y

[gate:~] # route delete 192.168.Y/24
delete net 192.168.Y.0

[gate:~] # route -n flush
</code>

===== Добаление статических маршрутов на этапе загрузки =====

==== Debian/Ubuntu ====

  * [[https://linuxconfig.org/how-to-add-static-route-with-netplan-on-ubuntu-20-04-focal-fossa-linux|How to add static route with netplan]]

<code>
root@gate:~# cat /etc/network/interfaces
</code><code>
...
up route add -net 192.168.Y.0 netmask 255.255.255.0 gw 172.16.1.Y
up ip route add 192.168.Z.0/24 via 172.16.1.Z
</code>

==== CentOS ====
<code>
# cat /etc/sysconfig/network-scripts/route-eth1
</code><code>
192.168.Y.0/24 via 172.16.1.Y dev eth1
</code>
==== FreeBSD ====
<code>
[gate:~] # cat /etc/rc.conf
</code><code>
...
defaultrouter="172.16.1.254"
gateway_enable="YES"
static_routes="netY netZ"
route_netY="192.168.Y.0/24 172.16.1.Y"
route_netZ="192.168.Z.0/24 172.16.1.Z"
...
</code><code>
[gate:~] # /etc/rc.d/routing start
</code>

===== Динамические протоколы маршрутизации =====

[[http://ru.wikipedia.org/wiki/OSPF]]

==== Протокол OSPF ====

=== frr ===

  * [[https://docs.frrouting.org/en/latest/setup.html]]

<code>
# apt install frr

# cat /etc/frr/daemons
</code><code>
...
ospfd=yes
...
</code><code>
# systemctl restart frr

# ps ax | grep frr

# vtysh
...
# show run
</code>

=== quagga ===

=== Debian/Ubuntu ===
<code>
root@gate:~# apt install quagga

root@gate:~# cd /etc/quagga/
</code>

=== Настройка ===
<code>
gate# cat zebra.conf
</code><code>
hostname service_zebra
password zebra
enable password zebra
</code><code>
gate# cat ospfd.conf
</code><code>
hostname service_ospfd
password zebra
enable password zebra
</code>

=== FreeBSD ===
<code>
[gate:~] # pkg install quagga

[gate:~] # cd /usr/local/etc/quagga/
</code>

=== Запуск ===

=== Debian/Ubuntu ===
<code>
# service zebra start

# service ospfd start
</code>

=== FreeBSD ===
<code>
[gate:~] # cat /etc/rc.conf
</code><code>
...
quagga_enable="YES"
quagga_daemons="zebra ospfd"
</code><code>
[gate:~] # /usr/local/etc/rc.d/quagga start
</code>

=== Тестирование ===
<code>
gate# telnet localhost ospfd

gate_ospfd> en
gate_ospfd# conf term
gate_ospfd(config)# router ospf
gate_ospfd(config-router)# network 172.16.1.0/24 area 0
gate_ospfd(config-router)# redistribute connected
gate_ospfd(config-router)# end

gate_ospfd# show ip ospf neighbor

gate_ospfd# write

gate_ospfd# exit

gate# netstat -rn

gate# telnet localhost zebra

server_zebra> show ip route

server_zebra> exit

gate# netstat -rn
</code>

==== Протокол RIP ====

=== Демон routed (freebsd) ===

<code>
[gate:~] # cat /etc/rc.conf
</code><code>
...
router_enable="YES"
router_flags="-s"
...
</code><code>
[gate:~] # /etc/rc.d/routed start

[gate:~] # netstat -rn -f inet
...
192.168.Y         172.16.1.Y       UG          0        0   fxp0
...
</code>

===== PBR =====

  * em0 - LAN (net 192.168.X/24 gw 192.168.1.1)
  * em1 - ISP1 (net 172.16.1/24 gw 172.16.1.254)
  * em3 - ISP2 (net 172.16.2/24 gw 172.16.2.254)

==== PF (FreeBSD) ====

[[http://www.opennet.ru/openforum/vsluhforumID1/63044.html]]

<code>
# cat /etc/pf.conf
</code><code>
nat on em1 from 192.168.X/24 to any -> 172.16.1.X
nat on em3 from 192.168.X/24 to any -> 172.16.2.X

pass in quick on em0 from 192.168.X.0/24 to em0
pass in on em0 route-to (em1 172.16.1.254) from 192.168.X/25 to any
pass in on em0 route-to (em3 172.16.2.254) from 192.168.X.128/25 to any
</code>

==== NetFilter iproute2 (Linux) ====

  * [[https://habr.com/post/108690/|Роутинг и policy-routing в Linux при помощи iproute2]]

=== Управление таблицами iproute2 ===

<code>
# ip route show table all  #Записи таблицы main отображаются без имени

# ip route show
# ip route show table main  #Все пакеты, для которых нет правил, обрабатываются маршрутами таблицы main

# cat /etc/iproute2/rt_tables  #Таблицам можно давать имена

# ip route add default via 172.16.1.254 table 101
# ip route add default via 172.16.2.254 table 102

# ip route show table 101
# ip route show table 102

# ip route show table all | grep 'table 10[12]'

# ip rule show

# ip rule add prio 100 from 192.168.X.0/24 to 192.168.X.0/24 table main
# ip rule add prio 200 from 192.168.X.0/25 table 101
# ip rule add prio 300 from 192.168.X.128/25 table 102

# ip rule show

# ip rule del prio 300
# ip rule del prio 200
# ip rule del prio 100

# ip route del default via 172.16.1.254 table 101
# ip route del default via 172.16.2.254 table 102

# ip route flush table 101
# ip route flush table 102
</code>

=== Использование iproute2 для управления выбором ISP ===
<code>
# cat nat.sh
</code><code>
iptables -t nat --flush

iptables -t nat -A POSTROUTING -o eth1 -s 192.168.X.0/24 -j SNAT --to-source 172.16.1.X
iptables -t nat -A POSTROUTING -o eth2 -s 192.168.X.0/24 -j SNAT --to-source 172.16.2.X

conntrack -F
</code><code>
# iptables-save > /etc/iptables.rules
</code><code>
# cat /etc/network/interfaces
</code><code>
...
auto eth0
iface eth0 inet static

        pre-up iptables-restore < /etc/iptables.rules
        
        post-up ip rule add prio 100 from 192.168.X.0/24 to 192.168.X.0/24 table main
        post-up ip rule add prio 200 from 192.168.X.0/25 table 101
        post-up ip rule add prio 300 from 192.168.X.128/25 table 102
        
        address 192.168.X.1
        netmask 255.255.255.0

auto eth1
iface eth1 inet static

        post-up ip route add default via 172.16.1.254 table 101

        address 172.16.1.X
        netmask 255.255.255.0

auto eth2
iface eth2 inet static

        post-up ip route add default via 172.16.2.254 table 102

        address 172.16.2.X
        netmask 255.255.255.0
</code>