- 论坛徽章:
- 0
|
我用两条专线,用交换机作trunk过来,在linux下作以下配置:
vconfig add eth0 650
vconfig add eth0 652
ifconfig eth0.650 157.122.119.2/29 up
ifconfig eth0.652 157.122.119.10/29 up
策略路由:
[root@NATServer ~]# ip rule ls
0: from all lookup local
32754: from 157.122.119.10 lookup 652
32755: from 157.122.119.2 lookup 650
32766: from all lookup main
32767: from all lookup default
[root@NATServer ~]# ip route show table 650
157.122.119.0/29 dev eth0.650 scope link src 157.122.119.2
default via 157.122.119.1 dev eth0.650
[root@NATServer ~]# ip route show table 652
157.122.119.8/29 dev eth0.652 scope link src 157.122.119.10
default via 157.122.119.9 dev eth0.652
main路由:
[root@NATServer ~]# ip route show table 652
157.122.119.8/29 dev eth0.652 scope link src 157.122.119.10
default via 157.122.119.9 dev eth0.652
[root@NATServer ~]# ip route
157.122.119.8/29 dev eth0.652 proto kernel scope link src 157.122.119.10
157.122.119.0/29 dev eth0.650 proto kernel scope link src 157.122.119.2
10.10.10.8/ dev eth1 proto kernel scope link src 10.10.10.10
192.168.20.0/24 via 10.10.10.9 dev eth1
default equalize
nexthop via 157.122.119.1 dev eth0.650 weight 1
nexthop via 157.122.119.9 dev eth0.652 weight 1
[root@NATServer ~]# ip addr
1: lo: <LOOPBACK,UP,10000> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
2: eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:16:76:cc:2e:16 brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:16:76:cc:2e:17 brd ff:ff:ff:ff:ff:ff
inet 10.10.10.10/30 brd 10.10.10.8 scope global eth1
27: eth0.650@eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc noqueue
link/ether 00:16:76:cc:2e:16 brd ff:ff:ff:ff:ff:ff
inet 157.122.119.2/29 brd 157.122.119.7 scope global eth0.650
28: eth0.652@eth0: <BROADCAST,MULTICAST,UP,10000> mtu 1500 qdisc noqueue
link/ether 00:16:76:cc:2e:16 brd ff:ff:ff:ff:ff:ff
inet 157.122.119.10/29 brd 157.122.119.15 scope global eth0.652
[root@NATServer ~]# iptables -t nat -vnxL
Chain PREROUTING (policy ACCEPT 331 packets, 23161 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 140 packets, 10159 bytes)
pkts bytes target prot opt in out source destination
524 44016 MASQUERADE all -- * eth0.650 0.0.0.0/0 0.0.0.0/0
160 13440 MASQUERADE all -- * eth0.652 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT 824 packets, 67615 bytes)
pkts bytes target prot opt in out source destination
自认为配置应该没有问题,可偏偏出现很奇怪的问题,从192.168.20.0/24 段 ping www.sina.com 时,就出现很长timeout的时间,而且出现timeout的时间我在linux 用 tcpdump 对eth0抓包时出现以下:
[root@NATServer ~]# tcpdump -i eth0 icmp
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
00:20:51.046200 IP 192.168.20.33 > 202.108.33.60: icmp 40: echo request seq 42508
00:20:56.577331 IP 192.168.20.33 > 202.108.33.60: icmp 40: echo request seq 43020
00:21:02.077411 IP 192.168.20.33 > 202.108.33.60: icmp 40: echo request seq 43532
00:21:07.608492 IP 192.168.20.33 > 202.108.33.60: icmp 40: echo request seq 44044
00:21:13.124099 IP 192.168.20.33 > 202.108.33.60: icmp 40: echo request seq 44556
00:21:18.655431 IP 192.168.20.33> 202.108.33.60: icmp 40: echo request seq 45068
为何192.168.20.33会出现不经过iptables 做nat转换,直接出现在出口的网卡上。
跪求版主,请我看一下问题所在。 |
|
免费注册
发表于 2014-03-14 14:49
