Oracle linux 7 多个网卡,来自另一个子网的请求,禁用 rp_filter 无法解决问题

tag-icon tag-icon linux linux-networking
Oracle linux 7 多个网卡,来自另一个子网的请求,禁用 rp_filter 无法解决问题

网络架构简介:

快速建模模式

我定期会遇到数据中心 LAN 接口的网络问题,因此我决定进行故障转移:通过上行发送流量 - 首先通过旧 LAN,然后通过外部(从前端 WAN 到后端 WAN),但第二次出现 rp_filter 问题。

我在 VBOX 中制作了测试台来模拟该问题。

在图片上您可以看到虚拟机及其 IP。

我在 rp_filter 设置方面遇到了问题。根据https://access.redhat.com/solutions/53031当我将其设置为 0 时:

root@OL71 motceiadmin]# sysctl -a | grep rp_filter
net.ipv4.conf.all.arp_filter = 0
net.ipv4.conf.all.rp_filter = 0
net.ipv4.conf.default.arp_filter = 0
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.enp0s10.arp_filter = 0
net.ipv4.conf.enp0s10.rp_filter = 0
sysctl: reading key "net.ipv6.conf.all.stable_secret"
sysctl: reading key "net.ipv6.conf.default.stable_secret"
sysctl: reading key "net.ipv6.conf.enp0s10.stable_secret"
sysctl: reading key "net.ipv6.conf.enp0s3.stable_secret"
net.ipv4.conf.enp0s3.arp_filter = 0
net.ipv4.conf.enp0s3.rp_filter = 0
net.ipv4.conf.enp0s8.arp_filter = 0
net.ipv4.conf.enp0s8.rp_filter = 0
net.ipv4.conf.lo.arp_filter = 0
net.ipv4.conf.lo.rp_filter = 0
sysctl: reading key "net.ipv6.conf.enp0s8.stable_secret"
sysctl: reading key "net.ipv6.conf.lo.stable_secret"

没有改变!

VM2 的示例:

root@OL72 motceiadmin]# wget http://192.168.56.20
--2024-03-25 05:35:19--  http://192.168.56.20/
Connecting to 192.168.56.20:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 774 [text/html]
Saving to: ‘index.html’

100%[==============================================================================>] 774         --.-K/s   in 0s

2024-03-25 05:35:19 (102 MB/s) - ‘index.html’ saved [774/774]

[root@OL72 motceiadmin]# wget http://192.168.146.40
--2024-03-25 05:35:35--  http://192.168.146.40/
Connecting to 192.168.146.40:80...

wget 锁定连接......

也许我应该在 VM1 上设置其他东西?

在 VM3 上:

root@OL73 motceiadmin]# wget http://192.168.252.20
--2024-03-25 05:36:30--  http://192.168.252.20/
Connecting to 192.168.252.20:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 774 [text/html]
Saving to: ‘index.html’

100%[==============================================================================>] 774         --.-K/s   in 0s

2024-03-25 05:36:30 (108 MB/s) - ‘index.html’ saved [774/774]

[root@OL73 motceiadmin]# firewall-cmd --list-all
public (active)
  target: default
  icmp-block-inversion: no
  interfaces: enp0s10 enp0s3 enp0s8 enp0s9
  sources:
  services: dhcpv6-client ssh
  ports:
  protocols:
  masquerade: no
  forward-ports: port=80:proto=tcp:toport=80:toaddr=192.168.252.20
  source-ports:
  icmp-blocks:
  rich rules:

相关内容