.png)
我的电脑有两个物理网卡,eth0用于访问互联网并eth1作为 dhcp 服务器,以使几个无线路由器可以访问互联网。
我已经启用内核 ip 转发并使用 iptable 添加了一些规则:
net.ipv4.ip_forward = 1 iptables -A FORWARD -i eth1 -j ACCEPT iptables -A FORWARD -o eth1 -j ACCEPT iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
一切正常。
现在,我想让所有流量都eth1通过隧道传输tun0(使用创建的第三个虚拟网络接口SSH_VPN)
这是我的 ifconfig 输出:
eth0 Link encap:Ethernet HWaddr b8:27:eb:dd:56:bb
inet addr:10.1.0.212 Bcast:10.1.0.255 Mask:255.255.255.0
inet6 addr: fe80::ba27:ebff:fedd:56bb/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:25131918 errors:0 dropped:0 overruns:0 frame:0
TX packets:2234134 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1527934819 (1.5 GB) TX bytes:342049206 (342.0 MB)
eth1 Link encap:Ethernet HWaddr 00:0e:c6:b2:60:90
inet addr:192.168.50.1 Bcast:192.168.50.255 Mask:255.255.255.0
inet6 addr: fe80::20e:c6ff:feb2:6090/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1919359 errors:0 dropped:1 overruns:0 frame:0
TX packets:321412 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:135557477 (135.5 MB) TX bytes:338750947 (338.7 MB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.11.0.212 P-t-P:10.11.0.226 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:8 errors:0 dropped:3 overruns:0 frame:0
TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:492 (492.0 B) TX bytes:252 (252.0 B)
我该如何转发?我试过几种方法,但都没有成功 :(
提前致谢。
答案1
问题出在默认路由上。
解决方案如下:
1. bring up ssh tunnel interface (10.11.0.212)
2. replace the default route using tunnel interface (10.11.0.1 over 10.1.0.1)
3. add a route for the tunnel remote to passthrough eth0 gateway (e.g. x.x.x.x via 10.1.0.1)
4. ip forward for eth1