用于
ip r 通过 172.20.10.10 src 10.0.100.10 添加 0.0.0.0
得到:
错误:prefsrc 地址无效
如何解决这个问题?
目标: netns (主机) => ppp0 => 通过 ppp0 上网
我的配置:
/home# ip netns
ns2
ns1 (id: 0) <<<<<<<<<<<<<<<<<<
/home# ip netns exec ns1 ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ip_vti0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
link/ipip 0.0.0.0 brd 0.0.0.0
15: virt1@if14: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 02:e6:f6:3a:19:2f brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet 10.0.100.10/24 scope global virt1 <<<<<<<<<<<<<<<<<<<<<<<<<<<
valid_lft forever preferred_lft forever
inet6 fe80::e6:f6ff:fe3a:192f/64 scope link
valid_lft forever preferred_lft forever
/home# ip netns exec ns1 ip r
default via 10.0.100.1 dev virt1
10.0.100.0/24 dev virt1 proto kernel scope link src 10.0.100.10
/home# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 11:22:33:44:31:34 brd ff:ff:ff:ff:ff:ff
inet 1.2.3.4/20 brd 1.2.3.255 scope global eth0
valid_lft forever preferred_lft forever
inet 10.10.0.8/16 brd 10.10.255.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 1111::2222:3333:4444:5555/64 scope link
valid_lft forever preferred_lft forever
5: ppp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1450 qdisc fq_codel state UNKNOWN group default qlen 3
link/ppp
inet 172.20.10.1 peer 172.20.10.10/32 scope global ppp0
valid_lft forever preferred_lft forever
14: virt-h@if15: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether f2:7e:68:40:ff:13 brd ff:ff:ff:ff:ff:ff link-netns ns1
inet 10.0.100.1/24 scope global virt-h <<<<<<<<<<<<
valid_lft forever preferred_lft forever
inet6 fe80::f07e:68ff:fe40:ff13/64 scope link
valid_lft forever preferred_lft forever
netns:virt1<>virt-h
/home# ip r
default via 1.2.3.4 dev eth0 proto static
10.0.100.0/24 dev virt-h proto kernel scope link src 10.0.100.1
1.2.3.0/20 dev eth0 proto kernel scope link src 1.2.3.4
172.20.10.10 dev ppp0 proto kernel scope link src 172.20.10.1
转发已打开。netns 设置如下: https://blogs.igalia.com/dpino/2016/04/10/network-namespaces/
还:
/home# ip netns exec ns1 ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=117 time=2.39 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=117 time=1.52 ms
/home# ip netns exec ns1 ping 172.20.10.1
PING 172.20.10.1 (172.20.10.1) 56(84) bytes of data.
64 bytes from 172.20.10.1: icmp_seq=1 ttl=64 time=0.071 ms
64 bytes from 172.20.10.1: icmp_seq=2 ttl=64 time=0.118 ms
更新 1:此路由应在主机上设置,但对于评论者来说,这也会给出错误(如为什么似乎已经定义了“Nexthop 具有无效网关”?):
/home# ip netns exec ns1 ip r add default via 172.20.10.10 src 10.0.100.10
Error: Nexthop has invalid gateway.
答案1
另一个问题似乎是,当您将活动的 ppp 接口移到另一个命名空间时,其 IP 地址和对等 IP 地址将被清零。我正在尝试设置 VPN,然后将 ppp 接口移到命名空间作为其唯一接口,就像您对 WireGuard 所做的那样,但在这种情况下,VPN 是使用 ppp 接口的 L2TP。
答案2
解决方案是:
0.0.0.0 => 0.0.0.0/0
但任务并没有解决,完整的解决方案是:
/etc/iproute2/rt_tables使用新索引添加规则- ip 规则从 10.0.100.0/24 表 ns1 添加
- ip 路由通过 172.20.10.10 表 ns1 添加 0.0.0.0/0
src 不需要设置为默认规则适用于所有本地网络接口。