User Tools

Site Tools


сервисы_gateway_и_routing

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
сервисы_gateway_и_routing [2018/03/16 16:21]
val [Ubuntu]
сервисы_gateway_и_routing [2023/09/15 12:01] (current)
val [Linux]
Line 5: Line 5:
 ===== Gateway ===== ===== Gateway =====
  
-==== FreeBSD ​====+==== Debian/​Ubuntu ​====
 <​code>​ <​code>​
-[gate:~# sysctl net.inet.ip.forwarding+root@gate:~# sysctl net.ipv4.ip_forward 
 +net.ipv4.ip_forward = 0
  
-[gate:~# sysctl net.inet.ip.forwarding=1+root@gate:~# sysctl net.ipv4.ip_forward=1 
 +net.ipv4.ip_forward ​= 1
  
-[gate:~# cat /etc/rc.conf+root@gate:~# cat /etc/sysctl.d/​20-my-forward.conf
 </​code><​code>​ </​code><​code>​
-..+net.ipv4.ip_forward=1
-gateway_enable="​YES"​ +
-...+
 </​code><​code>​ </​code><​code>​
-[gate:~/​etc/​rc.d/​routing restart+root@gate:​~# ​sysctl -p --system ​
 </​code>​ </​code>​
  
-==== Debian/​Ubuntu ​====+==== FreeBSD ​====
 <​code>​ <​code>​
-root@gate:~# sysctl net.ipv4.ip_forward +[gate:~# sysctl net.inet.ip.forwarding
-net.ipv4.ip_forward = 0+
  
-root@gate:~# sysctl net.ipv4.ip_forward=1 +[gate:~# sysctl net.inet.ip.forwarding=1
-net.ipv4.ip_forward ​= 1+
  
-root@gate:~# cat /etc/sysctl.conf+[gate:~# cat /etc/rc.conf
 </​code><​code>​ </​code><​code>​
 ... ...
-net.ipv4.ip_forward=1+gateway_enable="​YES"​
 ... ...
 </​code><​code>​ </​code><​code>​
-root@gate:​~# ​sysctl -f+[gate:~/​etc/​rc.d/​routing restart
 </​code>​ </​code>​
  
 ===== Управление таблицей маршрутизации ===== ===== Управление таблицей маршрутизации =====
  
-==== FreeBSD ​====+==== Linux ==== 
 + 
 +=== iproute2 === 
 <​code>​ <​code>​
-[gate:​~] ​netstat -rn -f inet+ip route help
  
-[gate:~] route delete default+gate.isp.unip r add 192.168.Y.0/​24 via 172.16.1.Y
  
-[gate:~] route add default 172.16.1.254+gate#  
 +ip r add 192.168.110.0/24 via 192.168.X.201 
 +ip r add 192.168.120.0/​24 via 192.168.X.202 
 +ip r add 192.168.130.0/​24 via 192.168.X.203
  
-[gate:​~] ​route add 192.168.Y/​24 ​172.16.1.Y+ip r del 192.168.Y.0/24
  
-[gate:~] # route delete ​192.168.Y/24 +ip route add|del blackhole|unreachable ​192.168.100+X.201
-delete net 192.168.Y.0 +
- +
-[gate:~] # route -n flush+
 </​code>​ </​code>​
- 
-==== Linux ==== 
- 
-=== iproute2 === 
  
 === Classic === === Classic ===
Line 76: Line 73:
  
 # route del -host 192.168.100+X.201 reject # route del -host 192.168.100+X.201 reject
 +</​code>​
 +
 +==== FreeBSD ====
 +<​code>​
 +[gate:~] # netstat -rn -f inet
 +
 +[gate:~] # route delete default
 +
 +[gate:~] # route add default 172.16.1.254
 +
 +[gate:~] # route add 192.168.Y/​24 172.16.1.Y
 +
 +[gate:~] # route delete 192.168.Y/​24
 +delete net 192.168.Y.0
 +
 +[gate:~] # route -n flush
 </​code>​ </​code>​
  
 ===== Добаление статических маршрутов на этапе загрузки ===== ===== Добаление статических маршрутов на этапе загрузки =====
  
 +==== Debian/​Ubuntu ====
 +
 +  * [[https://​linuxconfig.org/​how-to-add-static-route-with-netplan-on-ubuntu-20-04-focal-fossa-linux|How to add static route with netplan]]
 +
 +<​code>​
 +root@gate:​~#​ cat /​etc/​network/​interfaces
 +</​code><​code>​
 +...
 +up route add -net 192.168.Y.0 netmask 255.255.255.0 gw 172.16.1.Y
 +up ip route add 192.168.Z.0/​24 via 172.16.1.Z
 +</​code>​
 +
 +==== CentOS ====
 +<​code>​
 +# cat /​etc/​sysconfig/​network-scripts/​route-eth1
 +</​code><​code>​
 +192.168.Y.0/​24 via 172.16.1.Y dev eth1
 +</​code>​
 ==== FreeBSD ==== ==== FreeBSD ====
 <​code>​ <​code>​
Line 93: Line 124:
 </​code><​code>​ </​code><​code>​
 [gate:~] # /​etc/​rc.d/​routing start [gate:~] # /​etc/​rc.d/​routing start
-</​code>​ 
- 
-==== Ubuntu ==== 
-<​code>​ 
-root@gate:​~#​ cat /​etc/​network/​interfaces 
-</​code><​code>​ 
-... 
-up route add -net 192.168.Y.0 netmask 255.255.255.0 gw 172.16.1.Y 
-up route add -net 192.168.Z.0 netmask 255.255.255.0 gw 172.16.1.Z 
 </​code>​ </​code>​
  
Line 112: Line 134:
 === Установка === === Установка ===
  
-== FreeBSD ​==+=== Debian/​Ubuntu ===
 <​code>​ <​code>​
-[gate:~] # pkg install quagga +root@gate:​~#​ apt install quagga
- +
-[gate:~] # cd /​usr/​local/​etc/​quagga/​ +
-</​code>​ +
- +
-== Ubuntu == +
-<​code>​ +
-root@gate:​~#​ apt-get install quagga+
  
 root@gate:​~#​ cd /​etc/​quagga/​ root@gate:​~#​ cd /​etc/​quagga/​
Line 139: Line 154:
 password zebra password zebra
 enable password zebra enable password zebra
 +</​code>​
 +
 +=== FreeBSD ===
 +<​code>​
 +[gate:~] # pkg install quagga
 +
 +[gate:~] # cd /​usr/​local/​etc/​quagga/​
 </​code>​ </​code>​
  
 === Запуск === === Запуск ===
  
-== FreeBSD ==+=== Debian/​Ubuntu === 
 +<​code>​ 
 +# service zebra start 
 + 
 +# service ospfd start 
 +</​code>​ 
 + 
 +=== FreeBSD ​===
 <​code>​ <​code>​
 [gate:~] # cat /​etc/​rc.conf [gate:~] # cat /​etc/​rc.conf
Line 152: Line 181:
 </​code><​code>​ </​code><​code>​
 [gate:~] # /​usr/​local/​etc/​rc.d/​quagga start [gate:~] # /​usr/​local/​etc/​rc.d/​quagga start
-</​code>​ 
- 
-== Ubuntu == 
-<​code>​ 
-root@gate:​~#​ cat /​etc/​quagga/​daemons 
-</​code><​code>​ 
-... 
-zebra=yes 
-... 
-ospfd=yes 
-... 
-</​code><​code>​ 
-root@gate:​~#​ chown -R quagga /​etc/​quagga/​ 
- 
-root@gate:​~#​ /​etc/​init.d/​quagga start 
 </​code>​ </​code>​
  
Line 240: Line 254:
 ==== NetFilter iproute2 (Linux) ==== ==== NetFilter iproute2 (Linux) ====
  
-  * [[http://habrahabr.ru/​post/​108690/​|Роутинг и policy-routing в Linux при помощи iproute2]]+  * [[https://habr.com/​post/​108690/​|Роутинг и policy-routing в Linux при помощи iproute2]]
  
 === Управление таблицами iproute2 === === Управление таблицами iproute2 ===
  
 <​code>​ <​code>​
-# cat /​etc/​iproute2/​rt_tables +# ip route show table all  #​Записи таблицы main отображаются без имени
-# ip route show table all+
  
-# ip route show table main+# ip route show 
 +# ip route show table main  #​Все пакеты,​ для которых нет правил,​ обрабатываются маршрутами таблицы main 
 + 
 +# cat /​etc/​iproute2/​rt_tables ​ #​Таблицам можно давать имена
  
 # ip route add default via 172.16.1.254 table 101 # ip route add default via 172.16.1.254 table 101
Line 255: Line 271:
 # ip route show table 101 # ip route show table 101
 # ip route show table 102 # ip route show table 102
-# ip route show table all 
  
-# ip rule add from 192.168.X.0/​25 ​table 101 +# ip route show table all | grep 'table 10[12]'​
-# ip rule add from 192.168.X.128/​25 ​table 102 +
-# ip rule add from 192.168.X.0/​24 to 192.168.X.0/​24 table main+
  
 +# ip rule show
 +
 +# ip rule add prio 100 from 192.168.X.0/​24 to 192.168.X.0/​24 table main
 +# ip rule add prio 200 from 192.168.X.0/​25 table 101
 +# ip rule add prio 300 from 192.168.X.128/​25 table 102
  
 # ip rule show # ip rule show
  
-# ip rule del from any table 101 +# ip rule del prio 300 
-# ip rule del from any table 102+# ip rule del prio 200 
 +# ip rule del prio 100 
 + 
 +# ip route del default via 172.16.1.254 ​table 101 
 +# ip route del default via 172.16.2.254 table 102 
 + 
 +# ip route flush table 101 
 +# ip route flush table 102
 </​code>​ </​code>​
  
Line 275: Line 300:
  
 iptables -t nat -A POSTROUTING -o eth1 -s 192.168.X.0/​24 -j SNAT --to-source 172.16.1.X iptables -t nat -A POSTROUTING -o eth1 -s 192.168.X.0/​24 -j SNAT --to-source 172.16.1.X
-iptables -t nat -A POSTROUTING -o eth3 -s 192.168.X.0/​24 -j SNAT --to-source 172.16.2.X+iptables -t nat -A POSTROUTING -o eth2 -s 192.168.X.0/​24 -j SNAT --to-source 172.16.2.X
  
 conntrack -F conntrack -F
 </​code><​code>​ </​code><​code>​
-# iptables-save ​-c > /​etc/​iptables.rules+# iptables-save > /​etc/​iptables.rules
 </​code><​code>​ </​code><​code>​
-# cat /etc/rc.local+# cat /etc/network/​interfaces
 </​code><​code>​ </​code><​code>​
 ... ...
-# Create tables with specific routing +auto eth0 
-ip route add default via 172.16.1.254 table 101 +iface eth0 inet static 
-ip route add default via 172.16.2.254 table 102+ 
 +        pre-up iptables-restore < /​etc/​iptables.rules 
 +         
 +        post-up ​ip rule add prio 100 from 192.168.X.0/24 to 192.168.X.0/​24 table main 
 +        post-up ip rule add prio 200 from 192.168.X.0/​25 ​table 101 
 +        ​post-up ip rule add prio 300 from 192.168.X.128/​25 table 102 
 +         
 +        address 192.168.X.1 
 +        netmask 255.255.255.0 
 + 
 +auto eth1 
 +iface eth1 inet static 
 + 
 +        post-up ​ip route add default via 172.16.1.254 table 101 
 + 
 +        address 172.16.1.X 
 +        netmask 255.255.255.0 
 + 
 +auto eth2 
 +iface eth2 inet static
  
-# Insert rules for choosing traffic for tables +        post-up ​ip route add default via 172.16.2.254 table 102
-ip rule add from 192.168.X.0/25 table 101 +
-ip rule add from 192.168.X.128/​25 ​table 102 +
-ip rule add from 192.168.X.0/​24 to 192.168.X.0/​24 table main+
  
-exit 0+        address 172.16.2.X 
 +        netmask 255.255.255.0
 </​code>​ </​code>​
сервисы_gateway_и_routing.1521206466.txt.gz · Last modified: 2018/03/16 16:21 by val