我解释一下这个假设:
我有一个本地网络,其中路由器功能由连接到互联网和 VPN 的工业 Linux PC 完成;这些是 PC 数据:
# sysctl -p
net.ipv4.ip_forward = 1
# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP group default qlen 1000
link/ether 00:60:e0:88:82:44 brd ff:ff:ff:ff:ff:ff
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:60:e0:88:82:44 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.1/24 brd 192.168.100.255 scope global br0
valid_lft forever preferred_lft forever
inet 10.2.55.1/24 brd 10.2.55.255 scope global br0
valid_lft forever preferred_lft forever
inet 192.168.0.131/24 brd 192.168.0.255 scope global dynamic br0
valid_lft 42358sec preferred_lft 42358sec
inet6 fdd9:cbf6:173c::5e4/128 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fdd9:cbf6:173c:0:260:e0ff:fe88:8244/64 scope global mngtmpaddr noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::260:e0ff:fe88:8244/64 scope link
valid_lft forever preferred_lft forever
4: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 100
link/none
inet 10.2.0.44/16 brd 10.2.255.255 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::3c21:dab6:295d:15a9/64 scope link stable-privacy
valid_lft forever preferred_lft forever
5: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:95:01:f1:39 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
我们在 PC 上用于通过 VPN 连接以及连接到本地网络的本地地址是10.2.55.1(br0)。
在网络上,我有一个 Ippower (SmartDEN IP-Watchdog),可以根据情况重启计算机。它们的地址是10.2.55.11。
两者之间的 ping 是正确的,并且在其配置中,通过不ippower与 PC 进行 ping,它会重新启动。
我想对switch直接连接到 的执行相同操作ippower,规则是,如果没有互联网(ping 到8.8.8.8或1.1.1.1),则重新启动路由器;但是没有互联网出口,而 PC 有。当我尝试在 Web 服务的 中ippowerping 到 时,我得到:8.8.8.8ippower
Ping/HTTP Test Result to 8.8.8.8: Timed out
当我 ping 通接口时,我发现只能 ping 通br0:
# ping -I enp1s0 8.8.8.8
ping: Warning: source address might be selected on device other than: enp1s0
PING 8.8.8.8 (8.8.8.8) from 192.168.100.1 enp1s0: 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
11 packets transmitted, 0 received, 100% packet loss, time 10218ms
# ping -I br0 8.8.8.8
PING 8.8.8.8 (8.8.8.8) from 192.168.0.131 br0: 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=114 time=7.02 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=114 time=6.60 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=114 time=6.60 ms
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 6.597/6.740/7.024/0.200 ms
# ping -I tun0 8.8.8.8
PING 8.8.8.8 (8.8.8.8) from 10.2.0.44 tun0: 56(84) bytes of data.
^C
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2026ms
iptables转发的网络元素具有互联网输出需要遵循哪些规则?还有其他更好的方法吗?