在 FreeBSD 中,如何打开/关闭一个网络接口而不影响另一个网络接口?
我有一台 FreeBSD 8.2 虚拟机(Virtual Box 4.1.4),有两个网络接口,一个桥接到我的以太网卡,另一个桥接到主机操作系统(Mac OSX Lion 10.7.2)上的 WiFi。在虚拟机中,我将前两个网络接口(em0和em1)分配给静态 IP 地址,并将默认路由器 IP 设置为我的路由器的 IP,如下方配置所示:
/etc/rc.conf:
inetd_enable="NO"
sshd_enable="YES"
ifconfig_em0="inet 192.168.1.109 netmask 255.255.255.0"
ifconfig_em1="inet 192.168.1.129 netmask 255.255.255.0"
defaultrouter="192.168.1.1"
网络状态-r:
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.1.1 UGS 2 71 em0
127.0.0.1 link#3 UH 0 0 lo0
192.168.1.0/24 link#1 U 2 78 em0
192.168.1.109 link#1 UHS 0 0 lo0
192.168.1.129 link#2 UHS 0 0 lo0
使用上述配置,我可以 ssh 到主机操作系统em0或em1从主机操作系统访问,但如果我em0使用以下命令关闭:
sudo ifconfig em0 down
...em1失去网络访问权限,就像也被关闭一样。也就是说,主机操作系统无法通过 ssh 进入em1;而客户操作系统也无法ping google.com或ping 192.168.1.130(主机操作系统的 IP)。
我在 Ubuntu Server 11.10 中没有遇到这个问题:我可以为我的 WiFi 桥接器设置一个静态 IP,为我的以太网桥接器设置一个动态 IP;并且可以关闭其中任何一个而不会影响另一个。
em0 down 之前
$ ifconfig -a
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
ether 08:00:27:16:4d:32
inet 192.168.1.109 netmask 0xffffff00 broadcast 192.168.1.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
ether 08:00:27:3f:a7:44
inet 192.168.1.129 netmask 0xffffff00 broadcast 192.168.1.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
$ arp -an
? (192.168.1.129) at 08:00:27:3f:a7:44 on em1 permanent [ethernet]
? (192.168.1.130) at c4:2c:03:2b:73:d1 on em0 expires in 314 seconds [ethernet]
em0 关闭后
$ ifconfig -a
em0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
ether 08:00:27:16:4d:32
inet 192.168.1.109 netmask 0xffffff00 broadcast 192.168.1.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
ether 08:00:27:3f:a7:44
inet 192.168.1.129 netmask 0xffffff00 broadcast 192.168.1.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
$ arp -an
? (192.168.1.129) at 08:00:27:3f:a7:44 on em1 permanent [ethernet]
? (192.168.1.130) at c4:2c:03:2b:73:d1 on em0 expires in 190 seconds [ethernet]
输出(按要求):
@host : ~/tmp
$ ifconfig -a
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en0: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=2b<RXCSUM,TXCSUM,VLAN_HWTAGGING,TSO4>
ether c4:2c:03:2b:73:d1
inet6 fe80::c62c:3ff:fe2b:73d1%en0 prefixlen 64 scopeid 0x4
inet 192.168.1.130 netmask 0xffffff00 broadcast 192.168.1.255
media: autoselect (100baseTX <full-duplex,flow-control>)
status: active
fw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 4078
lladdr d8:a2:5e:ff:fe:f2:f9:d4
media: autoselect <full-duplex>
status: inactive
en1: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether d8:30:62:58:93:7d
inet6 fe80::da30:62ff:fe58:937d%en1 prefixlen 64 scopeid 0x6
inet 192.168.1.146 netmask 0xffffff00 broadcast 192.168.1.255
media: autoselect
status: active
p2p0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 2304
ether 0a:30:62:58:93:7d
media: autoselect
status: active
vboxnet0: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
ether 0a:00:27:00:00:00
@host : ~/tmp
$ sudo arp -ad
192.168.1.1 (192.168.1.1) deleted
192.168.1.109 (192.168.1.109) deleted
@host : ~/tmp
$ arp -an
? (192.168.1.1) at 0:1d:7e:f8:1c:dd on en0 ifscope [ethernet]
@host : ~/tmp
$ ping -c3 192.168.1.109
PING 192.168.1.109 (192.168.1.109): 56 data bytes
64 bytes from 192.168.1.109: icmp_seq=0 ttl=64 time=0.418 ms
64 bytes from 192.168.1.109: icmp_seq=1 ttl=64 time=0.457 ms
64 bytes from 192.168.1.109: icmp_seq=2 ttl=64 time=0.468 ms
--- 192.168.1.109 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.418/0.448/0.468/0.021 ms
@host : ~/tmp
$ ping -c3 192.168.1.129
PING 192.168.1.129 (192.168.1.129): 56 data bytes
64 bytes from 192.168.1.129: icmp_seq=0 ttl=64 time=104.138 ms
64 bytes from 192.168.1.129: icmp_seq=1 ttl=64 time=22.004 ms
64 bytes from 192.168.1.129: icmp_seq=2 ttl=64 time=44.780 ms
--- 192.168.1.129 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 22.004/56.974/104.138/34.622 ms
@host : ~/tmp
$ arp -an
? (192.168.1.1) at 0:1d:7e:f8:1c:dd on en0 ifscope [ethernet]
? (192.168.1.109) at 8:0:27:16:4d:32 on en0 ifscope [ethernet]
? (192.168.1.129) at d8:30:62:58:93:7d on en0 ifscope [ethernet]
#############################
# GUEST em0 down here
#############################
@host : ~/tmp
$ arp -an
? (192.168.1.1) at 0:1d:7e:f8:1c:dd on en0 ifscope [ethernet]
? (192.168.1.109) at 8:0:27:16:4d:32 on en0 ifscope [ethernet]
? (192.168.1.129) at d8:30:62:58:93:7d on en0 ifscope [ethernet]
@host : ~/tmp
$ sudo arp -ad
192.168.1.1 (192.168.1.1) deleted
192.168.1.109 (192.168.1.109) deleted
192.168.1.129 (192.168.1.129) deleted
@host : ~/tmp
$ ping -c3 192.168.1.129
PING 192.168.1.129 (192.168.1.129): 56 data bytes
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
--- 192.168.1.129 ping statistics ---
3 packets transmitted, 0 packets received, 100.0% packet loss
@host : ~/tmp
$ arp -an
? (192.168.1.1) at 0:1d:7e:f8:1c:dd on en0 ifscope [ethernet]
? (192.168.1.129) at d8:30:62:58:93:7d on en0 ifscope [ethernet]
###################
GUEST OS
@guest : ~/tmp
$ sudo arp -ad
192.168.1.129 (192.168.1.129) deleted
@guest : ~/tmp
$ arp -an
? (192.168.1.129) at 08:00:27:3f:a7:44 on em1 permanent [ethernet]
#############################
# HOST pings .109 and .129 here
#############################
@guest : ~/tmp
$ arp -an
? (192.168.1.129) at 08:00:27:3f:a7:44 on em1 permanent [ethernet]
? (192.168.1.130) at c4:2c:03:2b:73:d1 on em0 expires in 1188 seconds [ethernet]
@guest : ~/tmp
$ sudo ifconfig em0 down
@guest : ~/tmp
$ arp -an
? (192.168.1.129) at 08:00:27:3f:a7:44 on em1 permanent [ethernet]
? (192.168.1.130) at c4:2c:03:2b:73:d1 on em0 expires in 1170 seconds [ethernet]
@guest : ~/tmp
$ sudo arp -ad
192.168.1.129 (192.168.1.129) deleted
delete: cannot locate 192.168.1.130
#############################
# HOST pings .129 here
#############################
@guest : ~/tmp
$ arp -an
? (192.168.1.129) at 08:00:27:3f:a7:44 on em1 permanent [ethernet]
? (192.168.1.130) at c4:2c:03:2b:73:d1 on em0 expires in 1095 seconds [ethernet]
答案1
你所做的事情很奇怪:
1)你有一个从不同接口可访问的相同子网,这会给某些类型的服务器软件带来一些困难
2)当你192.168.1.0/24关闭接口时,你应该破坏路由:
sudo route add -net 192.168.1.0/24 -iface em1
解决您的问题的一个非常直接的方法就是使用链路聚合技术。
有带lagg(4)故障转移模式的设备可以实现这一点。我的笔记本上有配置,它始终停留在最快的可用链接上:
ifconfig_em0="ether 00:26:c7:xx:xx:xx"
ifconfig_wlan0="WPA"
cloned_interfaces="lagg0"
ifconfig_lagg0="laggproto failover laggport em0 laggport wlan0 DHCP"
在你的情况下,你应该有和lagg。另请注意,我将 MAC 地址设置为与我的 wifi 卡相同。 em0em1em0
作为另一种解决方案,您可以在主机和客户操作系统之间设置 IGP(例如,OSPF)。