我遇到了 IP 转发问题。基本上我有两个接口:
eth0 - 192.168.9.2 - 到内部网络的路由(192.168.20.0)
eth1 - 192.168.8.100 - 互联网路由
pi@raspberrypi:~ $ ifconfig
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.9.2 netmask 255.255.255.252 broadcast 192.168.9.3
inet6 fe80::4864:3a07:de69:4cfe prefixlen 64 scopeid 0x20<link>
ether b8:27:eb:9c:07:bd txqueuelen 1000 (Ethernet)
RX packets 14725 bytes 933855 (911.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 15977 bytes 8186253 (7.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
eth1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.8.100 netmask 255.255.255.0 broadcast 192.168.8.255
inet6 fe80::e5b:8fff:fe27:9a64 prefixlen 64 scopeid 0x20<link>
ether 0c:5b:8f:27:9a:64 txqueuelen 1000 (Ethernet)
RX packets 121 bytes 16517 (16.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 829 bytes 69496 (67.8 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
pi@raspberrypi:~ $ route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.8.1 0.0.0.0 UG 204 0 0 eth1
192.168.8.0 0.0.0.0 255.255.255.0 U 204 0 0 eth1
192.168.9.0 0.0.0.0 255.255.255.252 U 202 0 0 eth0
192.168.20.0 192.168.9.1 255.255.255.0 UG 20 0 0 eth0
pi@raspberrypi:~ $
已启用 IP 转发
pi@raspberrypi:~ $ cat /proc/sys/net/ipv4/ip_forward
1
当我尝试从 eth1 ping 出时,没有得到任何响应。TCP 转储也没有显示任何数据包。
pi@raspberrypi:~ $ sudo ping -I 192.168.9.2 4.2.2.2
PING 4.2.2.2 (4.2.2.2) from 192.168.9.2 : 56(84) bytes of data.
^C
--- 4.2.2.2 ping statistics ---
10 packets transmitted, 0 received, 100% packet loss, time 340ms
从 eth0 执行 ping 操作没有问题。如果我从面向 eth0 的接口上的本地网络执行 ping 操作,则不会收到任何响应。
admin@er4:~$ sudo ping -I eth1 4.2.2.2
PING 4.2.2.2 (4.2.2.2) from 192.168.9.1 eth1: 56(84) bytes of data.
^C
--- 4.2.2.2 ping statistics ---
7 packets transmitted, 0 received, 100% packet loss, time 6209ms
但它正在尝试获取该目的地的 ARP 条目。
pi@raspberrypi:~ $ sudo tcpdump host 4.2.2.2
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 262144 bytes
19:16:14.894969 ARP, Request who-has b.resolvers.Level3.net tell 192.168.9.1, length 46
19:16:15.904174 ARP, Request who-has b.resolvers.Level3.net tell 192.168.9.1, length 46
19:16:16.944161 ARP, Request who-has b.resolvers.Level3.net tell 192.168.9.1, length 46
19:16:17.994377 ARP, Request who-has b.resolvers.Level3.net tell 192.168.9.1, length 46
19:16:19.024197 ARP, Request who-has b.resolvers.Level3.net tell 192.168.9.1, length 46
19:16:20.064207 ARP, Request who-has b.resolvers.Level3.net tell 192.168.9.1, length 46
19:16:21.104393 ARP, Request who-has b.resolvers.Level3.net tell 192.168.9.1, length 46
19:16:22.144260 ARP, Request who-has b.resolvers.Level3.net tell 192.168.9.1, length 46
19:16:23.184334 ARP, Request who-has b.resolvers.Level3.net tell 192.168.9.1, length 46
^C
9 packets captured
11 packets received by filter
0 packets dropped by kernel
我谷歌了一下,觉得必须添加 IP 策略规则,但似乎无法让它发挥作用。我试过了
sudo ip rule add oif eth0 lookup default
但这没什么区别。我不知道接下来该去哪里。