简而言之,我的问题是这样的。我有一台带有 4 个活动适配器的服务器。2 个位于一个网络上(10.50.7.x/24),另外两个位于不同的网络上(分别为 10.4.1.x/24 和 10.224.1.x/24)。这三个网络与互联网有不同的连接。我需要每个适配器从其自己的地址响应 NATd 流量,以便可以通过三个外部 IP 中的每一个访问服务。为了进行测试,我一直在执行 ping 以查看流量是否离开本地网络 [我有一个远程设备,我可以看到 ping 到达]。我尝试了以下每种配置,所有配置都通过了sudo netplan --debug apply:
所有 DHCP:
network:
version: 2
renderer: networkd
ethernets:
eno1:
dhcp4: yes
dhcp-identifier: mac
dhcp4-overrides:
route-metric: 100
eno2:
dhcp4: yes
dhcp-identifier: mac
dhcp4-overrides:
route-metric: 100
enp3s0f0:
dhcp4: yes
dhcp-identifier: mac
dhcp4-overrides:
route-metric: 100
enp3s0f1:
dhcp4: yes
dhcp-identifier: mac
dhcp4-overrides:
route-metric: 100
ip route的结果:
default via 10.224.1.1 dev enp3s0f1 proto dhcp src 10.224.1.30 metric 100
default via 10.4.1.2 dev enp3s0f0 proto dhcp src 10.4.1.26 metric 100
default via 10.50.7.1 dev eno2 proto dhcp src 10.50.7.72 metric 100
default via 10.50.7.1 dev eno1 proto dhcp src 10.50.7.73 metric 100
10.4.1.0/24 dev enp3s0f0 proto kernel scope link src 10.4.1.26
10.4.1.2 dev enp3s0f0 proto dhcp scope link src 10.4.1.26 metric 100
10.50.7.0/24 dev eno2 proto kernel scope link src 10.50.7.72
10.50.7.0/24 dev eno1 proto kernel scope link src 10.50.7.73
10.50.7.1 dev eno2 proto dhcp scope link src 10.50.7.72 metric 100
10.50.7.1 dev eno1 proto dhcp scope link src 10.50.7.73 metric 100
10.224.1.0/24 dev enp3s0f1 proto kernel scope link src 10.224.1.30
10.224.1.1 dev enp3s0f1 proto dhcp scope link src 10.224.1.30 metric 100
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown
从无特定地址对外部地址执行 ping 操作会经过 10.224.1.1 从 10.50.7.72 对外部地址执行 ping 操作永远不会离开网络
个别网关:
network:
version: 2
renderer: networkd
ethernets:
eno1:
dhcp4: no
addresses: [10.50.7.73/24]
gateway4: 10.50.7.1
nameservers:
addresses: [10.50.7.104]
eno2:
dhcp4: no
addresses: [10.50.7.72/24]
gateway4: 10.50.7.1
nameservers:
addresses: [10.50.7.104]
enp3s0f0:
dhcp4: no
addresses: [10.4.1.26/24]
gateway4: 10.4.1.2
nameservers:
addresses: [10.4.1.10]
enp3s0f1:
dhcp4: no
addresses: [10.224.1.30/24]
gateway4: 10.224.1.1
nameservers:
addresses: [10.224.1.1]
ip route的结果:
default via 10.224.1.1 dev enp3s0f1 proto static
default via 10.4.1.2 dev enp3s0f0 proto static
default via 10.50.7.1 dev eno2 proto static
default via 10.50.7.1 dev eno1 proto static
10.4.1.0/24 dev enp3s0f0 proto kernel scope link src 10.4.1.26
10.50.7.0/24 dev eno2 proto kernel scope link src 10.50.7.72
10.50.7.0/24 dev eno1 proto kernel scope link src 10.50.7.73
10.224.1.0/24 dev enp3s0f1 proto kernel scope link src 10.224.1.30
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown
从无特定地址对外部地址执行 ping 操作会经过 10.224.1.1 从 10.4.1.72 对外部地址执行 ping 操作永远不会离开网络
个人路线:
network:
version: 2
renderer: networkd
ethernets:
eno1:
dhcp4: no
addresses: [10.50.7.73/24]
#gateway4: #10.50.7.1
nameservers:
addresses: [10.50.7.104]
routes:
- to: 0.0.0.0/0
via: 10.50.7.1
metric: 100
dev: en01
eno2:
dhcp4: no
addresses: [10.50.7.72/24]
#gateway4: #10.50.7.1
nameservers:
addresses: [10.50.7.104]
routes:
- to: 0.0.0.0/0
via: 10.50.7.1
metric: 100
dev: en02
enp3s0f0:
dhcp4: no
addresses: [10.4.1.26/24]
#gateway4: #10.4.1.2
nameservers:
addresses: [10.4.1.10]
routes:
- to: 0.0.0.0/0
via: 10.4.1.2
metric: 100
dev: enp3s0f0
enp3s0f1:
dhcp4: no
addresses: [10.224.1.30/24]
#gateway4: #10.224.1.1
nameservers:
addresses: [10.224.1.1]
routes:
- to: 0.0.0.0/0
via: 10.224.1.1
metric: 100
ip route的结果:
default via 10.224.1.1 dev enp3s0f1 proto static metric 100
default via 10.4.1.2 dev enp3s0f0 proto static metric 100
default via 10.50.7.1 dev eno2 proto static metric 100
default via 10.50.7.1 dev eno1 proto static metric 100
10.4.1.0/24 dev enp3s0f0 proto kernel scope link src 10.4.1.26
10.50.7.0/24 dev eno2 proto kernel scope link src 10.50.7.72
10.50.7.0/24 dev eno1 proto kernel scope link src 10.50.7.73
10.224.1.0/24 dev enp3s0f1 proto kernel scope link src 10.224.1.30
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown
从无特定地址对外部地址执行 ping 操作会经过 10.224.1.1 从 10.4.1.72 对外部地址执行 ping 操作永远不会离开网络
带有最后一个适配器的单一路线块
network:
version: 2
renderer: networkd
ethernets:
eno1:
dhcp4: no
addresses: [10.50.7.73/24]
#gateway4: #10.50.7.1
nameservers:
addresses: [10.50.7.104]
eno2:
dhcp4: no
addresses: [10.50.7.72/24]
#gateway4: #10.50.7.1
nameservers:
addresses: [10.50.7.104]
enp3s0f0:
dhcp4: no
addresses: [10.4.1.26/24]
#gateway4: #10.4.1.2
nameservers:
addresses: [10.4.1.10]
enp3s0f1:
dhcp4: no
addresses: [10.224.1.30/24]
#gateway4: #10.224.1.1
nameservers:
addresses: [10.224.1.1]
routes:
- to: 0.0.0.0/0
via: 10.50.7.1
metric: 100
- to: 0.0.0.0/0
via: 10.4.1.2
metric: 100
- to: 0.0.0.0/0
via: 10.224.1.1
metric: 100
ip route的结果:
default via 10.224.1.1 dev enp3s0f1 proto dhcp src 10.224.1.30 metric 100
default via 10.224.1.1 dev enp3s0f1 proto static metric 100
10.4.1.0/24 dev enp3s0f0 proto kernel scope link src 10.4.1.26
10.50.7.0/24 dev eno2 proto kernel scope link src 10.50.7.72
10.50.7.0/24 dev eno1 proto kernel scope link src 10.50.7.73
10.224.1.0/24 dev enp3s0f1 proto kernel scope link src 10.224.1.30
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown
从无特定地址对外部地址执行 ping 操作会经过 10.224.1.1 从 10.4.1.72 对外部地址执行 ping 操作永远不会离开网络
我可以通过 10.224.1.1 可靠地连接到 NATd 端口,但由于显而易见的原因,无法通过其他两个互联网连接进行连接。
有人能告诉我还有什么可以尝试的吗,或者我是否必须放弃 Netplan?
以下是按照 Danny 的指导进行的工作配置:
network:
version: 2
renderer: networkd
ethernets:
eno1:
dhcp4: no
addresses: [10.50.7.73/24]
#gateway4: #10.50.7.1
nameservers:
addresses: [10.50.7.104]
routes:
- to: 10.50.7.0/24
via: 10.50.7.73
table: 2
- to: 0.0.0.0/0
via: 10.50.7.1
table: 2
routing-policy:
- from: 10.50.7.0/24
table: 2
- to: 10.50.7.0/24
table: 2
eno2:
dhcp4: no
addresses: [10.50.7.72/24]
#gateway4: #10.50.7.1
nameservers:
addresses: [10.50.7.104]
routes:
- to: 10.50.7.0/24
via: 10.50.7.72
table: 2
- to: 0.0.0.0/0
via: 10.50.7.1
table: 2
routing-policy:
- from: 10.50.7.0/24
table: 2
- to: 10.50.7.0/24
table: 2
enp3s0f0:
dhcp4: no
addresses: [10.4.1.26/24]
#gateway4: #10.4.1.2
nameservers:
addresses: [10.4.1.10]
routes:
- to: 10.4.1.0/24
via: 10.4.1.26
table: 3
- to: 0.0.0.0/0
via: 10.4.1.2
table: 3
routing-policy:
- from: 10.4.1.0/24
table: 3
- to: 10.4.1.0/24
table: 3
enp3s0f1:
dhcp4: no
addresses: [10.224.1.30/24]
gateway4: 10.224.1.1
nameservers:
addresses: [10.224.1.1]
routes:
- to: 10.224.1.0/24
via: 10.224.1.30
table: 1
- to: 0.0.0.0/0
via: 10.224.1.1
table: 1
routing-policy:
- from: 10.224.1.0/24
table: 1
- to: 10.224.1.0/24
table: 1
这确实改变了默认网关(由于某种原因更改为 10.4.xx 网关),但没关系,对我来说更重要的是每个适配器始终通过其各自的网关进行响应。 不再如此。设置 10.224.xx 适配器的 gateway4 指令将其重新设置为默认网关。
我还要补充一点,创建/使用命名表不起作用,所以我只使用表编号并使用 yaml 文件中的某些注释来注释它们。
答案1
我认为您想在非网关接口上设置基于策略的路由,例如:
network:
version: 2
renderer: networkd
ethernets:
eno1:
dhcp4: no
addresses: [10.50.7.73/24]
#gateway4: #10.50.7.1
nameservers:
addresses: [10.50.7.104]
eno2:
dhcp4: no
addresses: [10.50.7.72/24]
#gateway4: #10.50.7.1
nameservers:
addresses: [10.50.7.104]
enp3s0f0:
dhcp4: no
addresses: [10.4.1.26/24]
#gateway4: #10.4.1.2
nameservers:
addresses: [10.4.1.10]
routes:
- to: 10.4.1.0/24
via: 10.4.1.26
table: 101
- to: 0.0.0.0
via: 10.4.1.1
table: 101
routing-policy:
- from: 10.4.1.0/24
table: 101
- to: 10.4.1.0/24
table: 101
答案2
您还可以使用 dhcp 客户端通过以下方式动态配置接口dhcp4: yes:
# networks
network_1 ens3: 10.0.10.0/24
network_2 ens8: 10.0.20.0/24
# /etc/netplan/50-cloud-init.yaml
network:
version: 2
renderer: networkd
ethernets:
ens3:
dhcp4: yes
ens8:
dhcp4: yes
dhcp4-overrides:
use-routes: false
routes:
- to: default
via: 10.0.20.1
table: 200
- to: 10.0.20.0/24
via: 10.0.20.1
table: 200
routing-policy:
- from: 10.0.20.0/24
table: 200