我在两个子网之间创建了路由器,并在路由器上安装了 centos。
以下是我的路由器中的配置:
- eth0 :公网 IP(xxxx)
- eth1:内网网关1(150.15.1.1)
- eth2 :内网网关2(140.14.1.1)
命令:
$ route add -net 150.15.1.0/24 gw 150.15.1.1
$ route add -net 140.14.1.0/24 gw 140.14.1.1
转发也已启用:net.ipv4.ip forward=1
两个内部网络都定义了相应的网关。但是,我们仍然无法在两个子网之间 ping 通。
路由器:
[root@localhost ~]# iptables -L -n -v
Chain INPUT (policy ACCEPT 31 packets, 3122 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 26 packets, 2768 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD_IN_ZONES (0 references)
pkts bytes target prot opt in out source destination
Chain FORWARD_IN_ZONES_SOURCE (0 references)
pkts bytes target prot opt in out source destination
Chain FORWARD_OUT_ZONES (0 references)
pkts bytes target prot opt in out source destination
Chain FORWARD_OUT_ZONES_SOURCE (0 references)
pkts bytes target prot opt in out source destination
Chain FORWARD_direct (0 references)
pkts bytes target prot opt in out source destination
Chain FWDI_public (0 references)
pkts bytes target prot opt in out source destination
Chain FWDI_public_allow (0 references)
pkts bytes target prot opt in out source destination
Chain FWDI_public_deny (0 references)
pkts bytes target prot opt in out source destination
Chain FWDI_public_log (0 references)
pkts bytes target prot opt in out source destination
Chain FWDO_public (0 references)
pkts bytes target prot opt in out source destination
Chain FWDO_public_allow (0 references)
pkts bytes target prot opt in out source destination
Chain FWDO_public_deny (0 references)
pkts bytes target prot opt in out source destination
Chain FWDO_public_log (0 references)
pkts bytes target prot opt in out source destination
Chain INPUT_ZONES (0 references)
pkts bytes target prot opt in out source destination
Chain INPUT_ZONES_SOURCE (0 references)
pkts bytes target prot opt in out source destination
Chain INPUT_direct (0 references)
pkts bytes target prot opt in out source destination
Chain IN_public (0 references)
pkts bytes target prot opt in out source destination
Chain IN_public_allow (0 references)
pkts bytes target prot opt in out source destination
Chain IN_public_deny (0 references)
pkts bytes target prot opt in out source destination
Chain IN_public_log (0 references)
pkts bytes target prot opt in out source destination
Chain OUTPUT_direct (0 references)
pkts bytes target prot opt in out source destination
[root@localhost ~]# /sbin/sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
内部网络 1
Network Netmask Gateway Interface
140.14.1.11 255.255.255.255 140.14.1.1 vmk1
140.14.1.0 255.255.255.0 Local Subnet vmk1
150.15.1.0 255.255.255.0 140.14.1.1 vmk1
default 0.0.0.0 140.14.1.1 vmk1
内部网络 2
Network Netmask Gateway Interface
150.15.1.11 255.255.255.255 150.15.1.1 vmk1
140.14.1.0 255.255.255.0 150.15.1.1 vmk1
150.15.1.0 255.255.255.0 Local Subnet vmk1
default 0.0.0.0 150.15.1.1 vmk1