我有一个连接两台服务器的私人网络:
server 1: IP 10.0.0.2
server 2: IP 10.0.0.3
当服务器 2 使用 VPN 时,我希望能够从服务器 1 使用以下命令通过服务器 1 连接到服务器 2:
ssh 10.0.0.3
为此我在服务器 2 中创建了以下规则
ip rule add table 128 from 10.0.0.3
ip route add table 128 to 10.0.0.0/8 dev ens10
ip route add table 128 default via 10.0.0.1
从上面的代码来看,来自服务器 2 的请求应该由表 128 处理,并通过网关 10.0.0.1 路由到 esn10(私有网络接口)。
但问题是,当从服务器 1 ssh 到服务器 2 时,没有响应(即使没有连接 VPN)
我在此处粘贴了应用上述规则后的“ip route show table all”命令输出
default via 10.0.0.1 dev ens10 table 128
10.0.0.0/8 dev ens10 table 128 scope link
default via 172.31.1.1 dev eth0 proto dhcp src XXX.XXX.XXX.XXX metric 100
10.0.0.0/8 via 10.0.0.1 dev ens10
10.0.0.1 dev ens10 scope link
172.31.1.1 dev eth0 proto dhcp scope link src XXX.XXX.XXX.XXX metric 100
local 10.0.0.3 dev ens10 table local proto kernel scope host src 10.0.0.3
broadcast 10.0.0.3 dev ens10 table local proto kernel scope link src 10.0.0.3
broadcast 127.0.0.0 dev lo table local proto kernel scope link src 127.0.0.1
local 127.0.0.0/8 dev lo table local proto kernel scope host src 127.0.0.1
local 127.0.0.1 dev lo table local proto kernel scope host src 127.0.0.1
broadcast 127.255.255.255 dev lo table local proto kernel scope link src 127.0.0.1
local XXX.XXX.XXX.XXX dev eth0 table local proto kernel scope host src XXX.XXX.XXX.XXX
::1 dev lo proto kernel metric 256 pref medium
2a01:4f8:c0c:8500::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev eth0 proto kernel metric 256 pref medium
fe80::/64 dev ens10 proto kernel metric 256 pref medium
default via fe80::1 dev eth0 proto static metric 1024 pref medium
local ::1 dev lo table local proto kernel metric 0 pref medium
local 2a01:4f8:c0c:8500::1 dev eth0 table local proto kernel metric 0 pref medium
local fe80::8400:ff:fe2f:2640 dev ens10 table local proto kernel metric 0 pref medium
local fe80::9400:1ff:fec0:456d dev eth0 table local proto kernel metric 0 pref medium
multicast ff00::/8 dev eth0 table local proto kernel metric 256 pref medium
multicast ff00::/8 dev ens10 table local proto kernel metric 256 pref medium
这是 ifconfig 的输出:
ens10: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
inet 10.0.0.3 netmask 255.255.255.255 broadcast 10.0.0.3
inet6 fe80::8400:ff:fe2f:2640 prefixlen 64 scopeid 0x20<link>
ether 86:00:00:2f:26:40 txqueuelen 1000 (Ethernet)
RX packets 4 bytes 738 (738.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 55 bytes 6675 (6.6 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet XXX.XXX.XXX.XXX netmask 255.255.255.255 broadcast 0.0.0.0
inet6 XXXXXXXXXX prefixlen 64 scopeid 0x20<link>
inet6 XXXXXXXXXX prefixlen 64 scopeid 0x0<global>
ether XXXXXXXXXX txqueuelen 1000 (Ethernet)
RX packets 709 bytes 448296 (448.2 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 464 bytes 70581 (70.5 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 162 bytes 14038 (14.0 KB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 162 bytes 14038 (14.0 KB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0