- 论坛徽章:
- 0
|
先介绍一下情况:
现在上班的公司用电信通的网络,不太稳定,有时某些方向的路由会断,所以打算建设一
个隧道,到廊坊绕行
公司网关上操作如下:
ip tunnel add t1 mode ipip remote 廊坊地址 local 公司网关
ifconfig t1 1.1.1.1
route add 2.2.2.2/32 dev t1
增加需要访问的IP地址
route add 218.249.119.163/32 gw 2.2.2.2
廊坊端
ip tunnel add t1 mode ipip remote 公司网关 local 廊坊地址
ifconfig t1 2.2.2.2
route add 1.1.1.1/32 dev t1
route add -net 172.16.0.0/16 gw 1.1.1.1 公司内网网段
iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE 出口做NAT
sysctl -w net.ipv4.ip_forward=1
从廊坊的机器上 traceroute 218.249.119.163的结果如下:
$ traceroute -I -n 218.249.119.163
traceroute to 218.249.119.163 (218.249.119.163), 30 hops max, 38 byte packets
1 124.238.252.206 1.288 ms 5.428 ms 19.523 ms
2 222.222.78.141 9.185 ms 10.003 ms 10.336 ms
3 124.238.226.29 0.767 ms 0.690 ms 0.566 ms
4 219.148.19.21 3.988 ms 3.941 ms 3.978 ms
5 219.148.18.174 8.504 ms 8.348 ms 8.290 ms
6 219.148.19.113 8.983 ms 8.784 ms 8.821 ms
7 202.97.47.81 12.107 ms 11.217 ms 11.072 ms
8 221.238.222.210 16.223 ms 11.251 ms 11.250 ms
9 221.239.7.50 11.298 ms 11.248 ms 11.262 ms
10 221.239.18.134 16.914 ms 16.196 ms 15.710 ms
11 202.99.57.41 16.657 ms 17.854 ms 18.170 ms
12 124.207.222.10 18.222 ms 18.028 ms 17.545 ms
13 218.241.240.10 19.512 ms 18.705 ms 18.935 ms
14 10.255.51.74 18.752 ms 18.648 ms 18.665 ms
15 218.249.119.186 25.626 ms 19.225 ms 22.377 ms
16 218.249.119.163 19.265 ms 22.767 ms 20.028 ms
但是从公司内网tracert那个IP却是这样的:
C:\Documents and Settings\julyclyde>tracert 218.249.119.163
Tracing route to 218.249.119.163 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms localhost [172.16.0.254]
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * 25 ms 218.241.240.10
16 26 ms 25 ms 26 ms localhost [10.255.51.74]
17 24 ms 24 ms 27 ms 218.249.119.186
18 27 ms 26 ms 26 ms 218.249.119.163
Trace complete.
为啥中间一堆timeout呢?用-I、-T等方式的traceroute也不行,感觉好像有墙
而从公司内部tracert到2.2.2.2 也就是廊坊的隧道接口的IP竟然需要十几步:
#traceroute -n -T 2.2.2.2
traceroute to 2.2.2.2 (2.2.2.2), 30 hops max, 40 byte packets
1 172.16.0.254 0.231 ms 0.197 ms 0.188 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 2.2.2.2 12.131 ms 12.118 ms 12.227 ms
(从内网Linux上执行要13步;从内网Windows执行需要15步;从网关执行却要14步)
[ 本帖最后由 julyclyde 于 2009-11-4 14:15 编辑 ] |
|
免费注册
发表于 2009-11-04 12:24
