长期网络(A)如下
网络 A:192.168.37.0/24 网关 A:192.168.37.1/255.255.255.0 (eth1) ppp0 上的 ADSL(通过 eth0)
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
xxx.xxx.128.191 0.0.0.0 255.255.255.255 UH 0 0 0 ppp0
192.168.37.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
0.0.0.0 0.0.0.0 0.0.0.0 U 0 0 0 ppp0
其中 GatewayA 是具有 2 个 NIC 的 Linux(CentOS)服务器。
地址为 192.168.37.14/255.255.255.0 和 192.168.37.13/255.255.255.0 的客户端可以 ping 通 GatewayA、彼此以及互联网。因此,到目前为止,一切都按预期运行。
192.168.37.14 的 netstat -nr
Routing tables
Destination Gateway Flags Refs Use Netif Expire
default 192.168.37.1 UGSc 35 117 en4
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 5 1178472 lo0
169.254 link#10 UCS 0 0 en4
192.168.37 link#10 UCS 6 0 en4
192.168.37.1/32 link#10 UCS 1 0 en4
192.168.37.1 c8:3a:35:d5:76:9f UHLWIir 37 13927 en4 1200
192.168.37.8 0:23:6c:7b:6c:9b UHLWI 0 0 en4 1024
192.168.37.9 link#10 UHRLWI 0 174 en4
192.168.37.11 0:26:4a:16:6:da UHLWIi 1 422531 en4 1135
192.168.37.13 link#10 UHLWIi 1 1401 en4
192.168.37.14/32 link#10 UCS 0 0 en4
192.168.37.69 e0:6:e6:6d:f9:f7 UHLWI 0 123 en4 447
192.168.37.255 ff:ff:ff:ff:ff:ff UHLWbI 0 6 en4
192.168.37.13 处的客户端是另一台 CentOS 服务器,配备了第二块网卡,并运行ifup eth1ifcfg-eth1,如下所示
DEVICE=eth1
TYPE=Ethernet
BOOTPROTO=none
IPADDR=10.37.0.1
NETMASK=255.255.0.0
结果是
网络 B:10.37.0.0/16 网关 B:192.168.37.13/255.255.255.0 (eth0) 10.37.0.1/255.255.0.0 (eth1)
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
192.168.37.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.37.0.0 0.0.0.0 255.255.0.0 U 0 0 0 eth1
0.0.0.0 192.168.37.1 0.0.0.0 UG 0 0 0 eth0
从网关 A 添加到网络 B 的路由
root@GatewayA # route add -net 10.37.0.0 netmask 255.255.0.0 dev eth1
10.37.0.10/255.255.0.0(GW=10.37.0.1)上的客户端可以 ping 通本地 GatewayB。但同一客户端无法 ping 通 192.168.37.0/24 或互联网上的任何内容。
路由表是
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 10.37.0.1 10.37.0.10 266
10.37.0.0 255.255.0.0 On-link 10.37.0.10 266
10.37.0.10 255.255.255.255 On-link 10.37.0.10 266
10.37.255.255 255.255.255.255 On-link 10.37.0.10 266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.56.0 255.255.255.0 On-link 192.168.56.1 276
192.168.56.1 255.255.255.255 On-link 192.168.56.1 276
192.168.56.255 255.255.255.255 On-link 192.168.56.1 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.56.1 276
224.0.0.0 240.0.0.0 On-link 10.37.0.10 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.56.1 276
255.255.255.255 255.255.255.255 On-link 10.37.0.10 266
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 10.37.0.1 Default
===========================================================================
使用 ping 和 traceroute 如下
Pinging 10.37.0.1 with 32 bytes of data:
Reply from 10.37.0.1: bytes=32 time=156ms TTL=64
Ping statistics for 10.37.0.1:
Packets: Sent = 1, Received = 1, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 156ms, Maximum = 156ms, Average = 156ms
Pinging 192.168.37.1 with 32 bytes of data:
Request timed out.
Ping statistics for 192.168.37.1:
Packets: Sent = 1, Received = 0, Lost = 1 (100% loss),
Tracing route to enrico [192.168.37.1] over a maximum of 30 hops:
1 <1 ms <1 ms <1 ms 10.37.0.1
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
Tracing route to 192.168.37.14 over a maximum of 30 hops
1 6 ms 6 ms 4 ms 10.37.0.1
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
192.168.37.14(GW=192.168.37.1)上的客户端能够 ping 通 10.37.0.1,但无法 ping 通 10.37.0.10。
PING 192.168.37.1 (192.168.37.1): 56 data bytes
64 bytes from 192.168.37.1: icmp_seq=0 ttl=64 time=0.254 ms
PING 10.37.0.1 (10.37.0.1): 56 data bytes
64 bytes from 10.37.0.1: icmp_seq=0 ttl=64 time=0.314 ms
PING 10.37.0.10 (10.37.0.10): 56 data bytes
92 bytes from enrico (192.168.37.1): Destination Host Unreachable
Vr HL TOS Len ID Flg off TTL Pro cks Src Dst
4 5 00 5400 2236 0 0000 3f 01 698e 192.168.37.14 10.37.0.10
traceroute to 10.37.0.10 (10.37.0.10), 64 hops max, 52 byte packets
1 enrico (192.168.37.1) 0.355 ms 0.240 ms 0.272 ms
2 enrico (192.168.37.1) 3001.015 ms !H 3000.862 ms !H 3000.809 ms !H
更改 GatewayA 上的路由会更改来自 traceroute 的消息,但不会更改结果
root@GatewayA # route del -net 10.37.0.0 netmask 255.255.0.0 dev eth1
root@GatewayA # route add -net 10.37.0.0 netmask 255.255.0.0 gw 192.168.37.13
如下
traceroute to 10.37.0.10 (10.37.0.10), 64 hops max, 52 byte packets
1 enrico (192.168.37.1) 0.408 ms 0.239 ms 0.239 ms
2 gateway (192.168.37.13) 0.352 ms 0.298 ms 0.245 ms
3 * * *
4 * * *
两个网关都有 net.ipv4.ip_forward=1 和 iptables=off。
从我读过的内容来看,这应该可行 - 但我看不出缺少了什么。