User Tools

Site Tools


сервисы_gateway_и_routing

This is an old revision of the document!


Сервисы Gateway и routing

Gateway

FreeBSD

[gate:~] # sysctl net.inet.ip.forwarding

[gate:~] # sysctl net.inet.ip.forwarding=1

[gate:~] # cat /etc/rc.conf
...
gateway_enable="YES"
...
[gate:~] # /etc/rc.d/routing restart

Debian/Ubuntu

root@gate:~# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0

root@gate:~# sysctl net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1

root@gate:~# cat /etc/sysctl.conf
...
net.ipv4.ip_forward=1
...
root@gate:~# sysctl -f

Управление таблицей маршрутизации

FreeBSD

[gate:~] # netstat -rn -f inet

[gate:~] # route delete default

[gate:~] # route add default 172.16.1.254

[gate:~] # route add 192.168.Y/24 172.16.1.Y

[gate:~] # route delete 192.168.Y/24
delete net 192.168.Y.0

[gate:~] # route -n flush

Linux

iproute2

# ip r help

Classic

root@gate:~# netstat -rn

root@gate:~# route -n

root@gate:~# route del default

root@gate:~# route add default gw 172.16.1.254

root@gate:~# route add -net 192.168.Y.0 netmask 255.255.255.0 gw 172.16.1.Y

root@gate:~# route del -net 192.168.Y.0 netmask 255.255.255.0

# route add -host 192.168.100+X.201 reject

# route del -host 192.168.100+X.201 reject

Добаление статических маршрутов на этапе загрузки

FreeBSD

[gate:~] # cat /etc/rc.conf
...
defaultrouter="172.16.1.254"
gateway_enable="YES"
static_routes="netY netZ"
route_netY="192.168.Y.0/24 172.16.1.Y"
route_netZ="192.168.Z.0/24 172.16.1.Z"
...
[gate:~] # /etc/rc.d/routing start

Ubuntu

root@gate:~# cat /etc/network/interfaces
...
up route add -net 192.168.Y.0 netmask 255.255.255.0 gw 172.16.1.Y
up route add -net 192.168.Z.0 netmask 255.255.255.0 gw 172.16.1.Z

Динамические протоколы маршрутизации

Протокол OSPF

Установка

FreeBSD
[gate:~] # pkg install quagga

[gate:~] # cd /usr/local/etc/quagga/
Ubuntu
root@gate:~# apt-get install quagga

root@gate:~# cd /etc/quagga/

Настройка

gate# cat zebra.conf
hostname service_zebra
password zebra
enable password zebra
gate# cat ospfd.conf
hostname service_ospfd
password zebra
enable password zebra

Запуск

FreeBSD
[gate:~] # cat /etc/rc.conf
...
quagga_enable="YES"
quagga_daemons="zebra ospfd"
[gate:~] # /usr/local/etc/rc.d/quagga start
Ubuntu
root@gate:~# cat /etc/quagga/daemons
...
zebra=yes
...
ospfd=yes
...
root@gate:~# chown -R quagga /etc/quagga/

root@gate:~# /etc/init.d/quagga start

Тестирование

gate# telnet localhost ospfd

gate_ospfd> en
gate_ospfd# conf term
gate_ospfd(config)# router ospf
gate_ospfd(config-router)# network 172.16.1.0/24 area 0
gate_ospfd(config-router)# redistribute connected
gate_ospfd(config-router)# end

gate_ospfd# show ip ospf neighbor

gate_ospfd# write

gate_ospfd# exit

gate# netstat -rn

gate# telnet localhost zebra

server_zebra> show ip route

server_zebra> exit

gate# netstat -rn

Протокол RIP

Демон routed (freebsd)

[gate:~] # cat /etc/rc.conf
...
router_enable="YES"
router_flags="-s"
...
[gate:~] # /etc/rc.d/routed start

[gate:~] # netstat -rn -f inet
...
192.168.Y         172.16.1.Y       UG          0        0   fxp0
...

PBR

  • em0 - LAN (net 192.168.X/24 gw 192.168.1.1)
  • em1 - ISP1 (net 172.16.1/24 gw 172.16.1.254)
  • em3 - ISP2 (net 172.16.2/24 gw 172.16.2.254)

PF (FreeBSD)

http://www.opennet.ru/openforum/vsluhforumID1/63044.html

# cat /etc/pf.conf
nat on em1 from 192.168.X/24 to any -> 172.16.1.X
nat on em3 from 192.168.X/24 to any -> 172.16.2.X

pass in quick on em0 from 192.168.X.0/24 to em0
pass in on em0 route-to (em1 172.16.1.254) from 192.168.X/25 to any
pass in on em0 route-to (em3 172.16.2.254) from 192.168.X.128/25 to any

NetFilter iproute2 (Linux)

Управление таблицами iproute2

# cat /etc/iproute2/rt_tables
# ip route show table all

# ip route show table main

# ip route add default via 172.16.1.254 table 101
# ip route add default via 172.16.2.254 table 102

# ip route show table 101
# ip route show table 102
# ip route show table all

# ip rule add from 192.168.X.0/25 table 101
# ip rule add from 192.168.X.128/25 table 102
# ip rule add from 192.168.X.0/24 to 192.168.X.0/24 table main


# ip rule show

# ip rule del from any table 101
# ip rule del from any table 102

Использование iproute2 для управления выбором ISP

# cat nat.sh
iptables -t nat --flush

iptables -t nat -A POSTROUTING -o eth1 -s 192.168.X.0/24 -j SNAT --to-source 172.16.1.X
iptables -t nat -A POSTROUTING -o eth3 -s 192.168.X.0/24 -j SNAT --to-source 172.16.2.X

conntrack -F
# iptables-save -c > /etc/iptables.rules
# cat /etc/rc.local
...
# Create tables with specific routing
ip route add default via 172.16.1.254 table 101
ip route add default via 172.16.2.254 table 102

# Insert rules for choosing traffic for tables
ip rule add from 192.168.X.0/25 table 101
ip rule add from 192.168.X.128/25 table 102
ip rule add from 192.168.X.0/24 to 192.168.X.0/24 table main

exit 0
сервисы_gateway_и_routing.1521206565.txt.gz · Last modified: 2018/03/16 16:22 by val