无法从网络 ping 通网关

tag-icon tag-icon networking debian iptables routing
无法从网络 ping 通网关

我得到了以下路线表:

#!/bin/bash
IP=/sbin/ip

# SST
echo "SST: Setting up SST network ..."
$IP route flush table 10
$IP route add table 10 to 10.45.13.0/26 dev eth0
$IP route add table 10 to default via 10.100.36.1 dev eth0
$IP rule add from 10.45.13.0/26 table 10 priority 10
$IP route flush cache
echo "SST: SST network routing in place."

# Expotools
echo "SST: Setting up Expotools network ..."
$IP route flush table 20
$IP route add table 20 to 10.45.15.0/26 dev eth3
$IP route add table 20 to default via 10.200.36.1 dev eth3
$IP rule add from 10.45.15.0/26 table 20 priority 20
$IP route flush cache
echo "SST: Expotools network routing in place."

echo "SST: Others routing settings...."
route add default gw 10.100.36.1

root@ROUTER-DEB:/sst/scripts# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
10.200.36.0     0.0.0.0         255.255.255.248 U     30     0        0 eth3
10.100.36.0     0.0.0.0         255.255.255.248 U     40     0        0 eth0
10.45.15.0      0.0.0.0         255.255.255.192 U     5      0        0 eth2
10.45.13.0      0.0.0.0         255.255.255.192 U     10     0        0 eth1
0.0.0.0         10.100.36.1     0.0.0.0         UG    0      0        0 eth0
0.0.0.0         10.45.15.1      0.0.0.0         UG    5      0        0 eth2
0.0.0.0         10.45.13.1      0.0.0.0         UG    10     0        0 eth1
0.0.0.0         10.200.36.1     0.0.0.0         UG    30     0        0 eth3
0.0.0.0         10.100.36.1     0.0.0.0         UG    40     0        0 eth0

我所有在 10.45.13.0/26 和 10.45.15.0/26 上的计算机都无法 ping 通 10.45.13.1 和 10.45.15.1,但可以 ping 通 10.100.36.0 和 10.200.36.0 上的所有计算机。

IP表:

ET_BELL=eth0
ET_VIDEOTRON=eth3
ET_SST=eth1
ET_EXPOTOOLS=eth2

# On va vider le contenu de IPTables
echo "SST: Cleaning IPTables content..."
iptables -F
iptables -t nat -F
iptables -t mangle -F
iptables -X

echo "SST: Accepting all incoming lo data..."
iptables -A INPUT -i lo -j ACCEPT

iptables -A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT

iptables -A INPUT -m state --state NEW ! -i $ET_BELL -j ACCEPT
iptables -A FORWARD -i $ET_BELL -o $ET_SST -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m state --state NEW ! -i $ET_VIDEOTRON -j ACCEPT
iptables -A FORWARD -i $ET_VIDEOTRON -o $ET_EXPOTOOLS -m state --state ESTABLISHED,RELATED -j ACCEPT

echo "SST: Opening ports..."
iptables -A INPUT -p tcp --dport 22 -j ACCEPT
iptables -A INPUT -p tcp --dport 53 -j ACCEPT
iptables -A INPUT -p icmp -j ACCEPT
iptables -A INPUT -p igmp -j ACCEPT

echo "SST: Forwarding Bell to SST Network..."
iptables -A FORWARD -i $ET_BELL -o $ET_SST -j ACCEPT
echo "SST: Forwarding Videotron to Expotools Network..."
iptables -A FORWARD -i $ET_VIDEOTRON -o $ET_EXPOTOOLS -j ACCEPT

echo "SST: Activation of BELL/SST NAT..."
iptables -t nat -A POSTROUTING -o $ET_BELL -j MASQUERADE
echo "SST: Activation of Videotron/Expotools NAT..."
iptables -t nat -A POSTROUTING -o $ET_VIDEOTRON -j MASQUERADE

echo "SST: Forwarding SQUID3..."
iptables -t nat -A PREROUTING -i $ET_SST -p tcp --dport 80 -j DNAT --to 10.100.36.2:3128
iptables -t nat -A PREROUTING -i $ET_EXPOTOOLS -p tcp --dport 80 -j DNAT --to 10.200.36.2:3128

iptables -A FORWARD -i $ET_SST -o $ET_EXPOTOOLS -j REJECT
iptables -A FORWARD -i $ET_EXPOTOOLS -o $ET_SST -j REJECT
iptables -A FORWARD -i $ET_BELL -o $ET_BELL -j REJECT
iptables -A FORWARD -i $ET_VIDEOTRON -o $ET_VIDEOTRON -j REJECT

root@ROUTER-DEB:/etc/bind# ifconfig
eth0      Link encap:Ethernet  HWaddr 30:85:a9:ad:54:1e
          inet addr:10.100.36.2  Bcast:10.100.36.7  Mask:255.255.255.248
          inet6 addr: fe80::3285:a9ff:fead:541e/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4808477 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3617658 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:4984207655 (4.6 GiB)  TX bytes:972655869 (927.5 MiB)
          Interrupt:27 Base address:0xe000

eth1      Link encap:Ethernet  HWaddr a0:f3:c1:04:64:40
          inet addr:10.45.13.1  Bcast:10.45.13.63  Mask:255.255.255.192
          inet6 addr: fe80::a2f3:c1ff:fe04:6440/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:25385197 errors:0 dropped:9143 overruns:0 frame:0
          TX packets:15372440 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:32206688027 (29.9 GiB)  TX bytes:5934594299 (5.5 GiB)
          Interrupt:17 Base address:0x4000

eth2      Link encap:Ethernet  HWaddr a0:f3:c1:04:a0:2f
          inet addr:10.45.15.1  Bcast:10.45.15.63  Mask:255.255.255.192
          inet6 addr: fe80::a2f3:c1ff:fe04:a02f/64 Scope:Link
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:36936 errors:0 dropped:0 overruns:0 frame:0
          TX packets:45462 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:5640732 (5.3 MiB)  TX bytes:43909441 (41.8 MiB)
          Interrupt:18 Base address:0x8000

eth3      Link encap:Ethernet  HWaddr 28:10:7b:c9:58:76
          inet addr:10.200.36.2  Bcast:10.200.36.7  Mask:255.255.255.248
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:1619 errors:0 dropped:0 overruns:0 frame:0
          TX packets:7 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:233263 (227.7 KiB)  TX bytes:922 (922.0 B)
          Interrupt:19 Base address:0xc000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:8477 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8477 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:1000859 (977.4 KiB)  TX bytes:1000859 (977.4 KiB)

答案1

尝试用这个来代替你的规则。
但首先重启路由,这样所有其他路由/规则都会被清除(显然不要在启动时加载之前的脚本)

ip route flush table 10
ip route add 10.45.13.0/26 dev eth1 table 10
ip route add 10.100.36.0/29 dev eth0 table 10
ip route add default via 10.100.36.1 table 10
ip rule add from 10.45.13.0/26 table 10 prio 10

ip route flush table 20
ip route add 10.45.15.0/26 dev eth2 table 20
ip route add 10.200.36.0/29 dev eth3 table 20
ip route add default via 10.200.36.1 table 20
ip rule add from 10.45.15.0/26 table 20 prio 20

ip ro add default via 10.100.36.1

ip ro flush cache

相关内容