ip route从 切换到时,我无法通过“正确”接口发送响应数据包netplan。
设置:
服务器 - 两个接口
eth1,vlan 101, 10.0.1.2/24,默认路由,10.0.1.1 gateway
eth2,vlan 102, 10.0.2.2/24
客户端
eth0VLAN 102、10.0.2.3/24、默认路由、10.0.2.1 网关
中间有一个路由器(pfsense),允许vlan之间的流量。
重现步骤
当使用从客户端连接到服务器时,10.0.2.2一切都按预期进行。
当从客户端连接到服务器时,10.0.1.2连接保持打开状态 30 秒,然后通信停止。我相信来自服务器的返回数据包是使用eth2接口发送的,因为该路由是“更好”的匹配。
我找到了这篇 suse 文章https://www.suse.com/support/kb/doc/?id=000016626只要我这样做,这对我的情况就有效ip route。例如:
ip route add 10.0.1.0/16 dev eth1 src 10.0.1.2 table T101
ip route add default via 10.0.1.1 dev eth1 src 10.0.1.2 table T101
ip rule add from 10.0.1.2 table T101 prio 1
ip route add 10.0.2.0/16 dev eth2 src 10.0.2.2 table T102
ip route add default via 10.0.2.1 dev eth2 src 10.0.2.2 table T102
ip rule add from 10.0.2.2 table T102 prio 1
问题
但我无法使用 netplan 获得类似的结果。
我的网络计划尝试:
network:
ethernets:
eth0:
dhcp4: false
optional: true
vlans:
vlan101:
id: 101
link: eth0
addresses: [10.0.1.2/24]
routing-policy:
- from: 10.0.1.2
table: 101
priority: 1
routes:
- to: default
via: 10.0.1.1
scope: link
from: 10.0.1.2
table: 101
- to: default
via: 10.0.1.1
vlan102:
id: 102
link: eth0
addresses: [10.0.2.2/24]
macaddress: dc:a6:32:c7:09:15
routing-policy:
- from: 10.0.2.2
table: 102
priority: 1
routes:
- to: default
via: 10.0.2.1
scope: link
from: 10.0.2.2
table: 102
version: 2
答案1
我想我已经明白了
network:
ethernets:
eth0:
dhcp4: false
optional: true
vlans:
vlan101: # primary vlan with the gatewau
id: 101
link: eth0
addresses: [10.0.1.2/24] # maybe good idea to add dns server 'nameservers'
routing-policy:
- from: 10.0.1.2
table: 101
priority: 1
routes:
- to: 10.0.1.0/16
from: 10.0.1.2
table: 101
- to: default
via: 10.0.1.1
scope: global
from: 10.0.1.2
table: 101
- to: default
via: 10.0.1.1
from: 10.0.1.2
vlan102: # you can have as many of those as you'd like
id: 102
link: eth0
addresses: [10.0.2.2/24]
macaddress: dc:a6:32:c7:09:15
routing-policy:
- from: 10.0.2.2
table: 102
priority: 1
routes:
- to: 10.0.2.0/16
from: 10.0.2.2
table: 102
- to: default
via: 10.0.2.1
scope: global
from: 10.0.2.2
table: 102
version: 2