通过不同接口连接到同一服务器(SO_BINDTODEVICE):目标主机无法访问

tag-icon tag-icon routing socket
通过不同接口连接到同一服务器(SO_BINDTODEVICE):目标主机无法访问

我有 2 个接口:eth0wlan0,每个接口连接到不同的路由器。他们的网络规格如下:

eth0:
    ip: 192.168.1.7
    Gateway: 192.168.1.1
    Submask: 255.255.255.0

wlan0:
    ip: 192.168.2.21
    Gateway: 192.168.2.1
    Submask: 255.255.255.0

我这样配置路由:

ip route add table eth0 to 192.168.1.0/24 dev eth0 scope link
ip route add table eth0 default via 192.168.1.1 dev eth0
ip rule add from 192.168.1.7 table eth0

对于 wlan0 使用他的值也是如此。所以路由输出是:

ip rule
    0:      from all lookup local
    32764:  from 192.168.2.21 lookup wlan0
    32765:  from 192.168.1.7 lookup eth0
    32766:  from all lookup main
    32767:  from all lookup default

ip r s
    default via 192.168.1.1 dev eth0  proto static
    192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.7  metric 1
    192.168.2.0/24 dev wlan0  proto kernel  scope link  src 192.168.2.21  metric 9

ip r s table eth0
    default via 192.168.1.1 dev eth0
    192.168.1.0/24 dev eth0  scope link

ip r s table wlan0
    default via 192.168.2.1 dev wlan0
    192.168.2.0/24 dev wlan0  scope link

并且还改变了sysctl "net.ipv4.conf.all.rp_filter=0"sysctl -w "net.ipv4.ip_forward=1"。 (我真的不认为这ip_forward是必要的,但我已经改变了它以防万一)。

现在,奇怪的是,当我 ping Google 强制接口时,wlan0它说Destination Host Unreachable.另一个界面工作正常。

ping -I wlan0 google.es
    PING google.es (173.194.45.183) from 192.168.2.21 wlan0: 56(84) bytes of data.
    From 192.168.2.21 icmp_seq=1 Destination Host Unreachable
    From 192.168.2.21 icmp_seq=2 Destination Host Unreachable
    From 192.168.2.21 icmp_seq=3 Destination Host Unreachable
    From 192.168.2.21 icmp_seq=4 Destination Host Unreachable

ping -I eth0 google.es
    PING google.es (173.194.45.191) from 192.168.1.7 eth0: 56(84) bytes of data.
    64 bytes from mad06s09-in-f31.1e100.net (173.194.45.191): icmp_seq=1 ttl=56 time=21.5 ms
    64 bytes from mad06s09-in-f31.1e100.net (173.194.45.191): icmp_seq=2 ttl=55 time=21.7 ms
    64 bytes from mad06s09-in-f31.1e100.net (173.194.45.191): icmp_seq=3 ttl=56 time=24.6 ms
    64 bytes from mad06s09-in-f31.1e100.net (173.194.45.191): icmp_seq=4 ttl=55 time=31.1 ms

答案1

我不确定在这种强制接口绑定的情况下如何确定源地址。如果源地址不是从设备中获取的,那么问题是您的ip rule选择器不匹配,因此数据包会进入main路由表,即

default via 192.168.1.1 dev eth0  proto static

这不起作用wlan0

我建议你尝试这个:

ip rule add from 192.168.1.7  table  eth0
ip rule add oif  eth0         table  eth0
ip rule add from 192.168.2.21 table wlan0
ip rule add oif  wlan0        table wlan0

并延长

ip route add table eth0
ip route add table wlan0

通过src选项命令。

相关内容