简单地说,我有两个 inet 设备:enp0s3和enp0s9。
enp0s3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 08:00:27:f3:bf:35 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 brd 10.0.2.255 scope global dynamic noprefixroute enp0s3
valid_lft 82336sec preferred_lft 82336sec
inet6 fe80::67c3:35fd:6d5c:19f8/64 scope link noprefixroute
valid_lft forever preferred_lft forever
enp0s9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 08:00:27:13:5d:97 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.240/24 brd 192.168.1.255 scope global dynamic noprefixroute enp0s9
valid_lft 2998sec preferred_lft 2998sec
inet6 fe80::9a68:d4d0:6bf7:485d/64 scope link noprefixroute
valid_lft forever preferred_lft forever
我需要访问的某些服务只能通过10.49.0.0/16代理(10.49.1.1:8080)访问。可使用enp0s3inet 设备访问此范围。
如下所示:
~ ping 10.49.99.166 -I enp0s3
PING 10.49.99.166 (10.49.99.166) from 10.0.2.15 enp0s3: 56(84) bytes of data.
64 bytes from 10.49.99.166: icmp_seq=1 ttl=250 time=15.3 ms
64 bytes from 10.49.99.166: icmp_seq=2 ttl=250 time=14.1 ms
64 bytes from 10.49.99.166: icmp_seq=3 ttl=250 time=11.8 ms
^C
--- 10.49.99.166 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2008ms
rtt min/avg/max/mdev = 11.789/13.725/15.287/1.452 ms
~ ping 10.49.99.166 -I enp0s9
PING 10.49.99.166 (10.49.99.166) from 192.168.1.240 enp0s9: 56(84) bytes of data.
^C
--- 10.49.99.166 ping statistics ---
7 packets transmitted, 0 received, 100% packet loss, time 6093ms
~
我想要得到的是发送到的所有内容都10.49.0.0/16通过enp0s3inet 设备进行。
我尝试使用以下命令添加此路线:
sudo ip route add 10.49.0.0/16 via 10.0.2.15 dev enp0s3
所以,
~ ip route show
default via 192.168.1.1 dev enp0s9 proto dhcp src 192.168.1.240 metric 100
default via 10.0.2.2 dev enp0s3 proto dhcp src 10.0.2.15 metric 20101
10.0.2.0/24 dev enp0s3 proto kernel scope link src 10.0.2.15 metric 101
172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown
172.18.0.0/16 dev br-34c76a82552a proto kernel scope link src 172.18.0.1 linkdown
192.168.1.0/24 dev enp0s9 proto kernel scope link src 192.168.1.240 metric 100
之后,我测试了规则:
~ ip route get 10.49.99.166
10.49.99.166 dev enp0s3 src 10.0.2.15 uid 1000
cache
然而,当我尝试访问我想要的服务时,我总是遇到类似无法访问它的信息:
~ oc login --token=... --server=https://domain:6443
error: dial tcp 10.49.99.166:6443: connect: no route to host - verify you have provided the correct host and port and that the server is currently running.
~ telnet api.ocpdes.t-systems.es 6443
Trying 10.49.99.166...
telnet: Unable to connect to remote host: No route to host
有任何想法吗?
答案1
sudo ip 路由通过 10.0.2.15 dev enp0s3 添加 10.49.0.0/16
10.0.2.15 似乎是与 enp0s3 关联的 IP 地址。您应该提供 10.0.2.0/24 上可以转发数据包的路由器地址。可能是 10.0.2.2,但请咨询管理网络的人员。
NB 仅更改/添加路由不足以访问代理后面的服务。
顺便说一句:您当前设置了 2 个默认路由 - 没关系,因为它们具有不同的指标 - 但这可能会在将来造成一些麻烦。