- 论坛徽章:
- 0
|
本帖最后由 skveen 于 2014-03-10 21:42 编辑
网关PING内网同一网段地址,为什么包都走到外网网卡去了?这是神马原因?
[root@Gateway ~]# ip route (Gateway做为下面的网关b)
125.89.232/29 dev eth0 proto kernel scope link src 125.89.67.235
192.168.1.0/24 dev eth1 proto kernel scope link src 192.168.1.254
169.254.0.0/16 dev eth0 scope link metric 1003
169.254.0.0/16 dev eth1 scope link metric 1004
default via 125.89.67.233 dev eth1
网络情况:
局域网---网关a.192.168.1.1/网关a.125.89.67.236--
局域网---网关b.192.168.254/网关b.125.89.67.235--(gateway)
[局域网]是同一个局域网,只是出口的网关不同,网关的内/外网都分别是同一网段
现在在网关b上PING 内网中任何一主机,都是从ip2125.89.67.235走一转再回到内网呢?
例:
[root@Gateway ~]# ping 192.168.1.20 (网关指向192.168.1.1时)
PING 192.168.1.20 (192.168.1.20) 56(84) bytes of data.
[root@Gateway ~]# tcpdump -fnni eth0 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth2, link-type EN10MB (Ethernet), capture size 65535 bytes
22:35:22.581936 IP 125.89.67.235 > 192.168.1.20: ICMP echo request, id 11633, seq 1, length 64
22:35:23.609540 IP 125.89.67.235 > 192.168.1.20: ICMP echo request, id 11633, seq 2, length 64
22:35:24.627171 IP 125.89.67.235 > 192.168.1.20: ICMP echo request, id 11633, seq 3, length 64
[root@Gateway etc]# tcpdump -fnni eth1 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 65535 bytes
22:37:55.361589 IP 网关a.125.89.67.236 > 网关b.125.89.67.235: ICMP echo reply, id 13425, seq 1, length 64
22:37:56.381093 IP 网关a.125.89.67.236 > 网关b.125.89.67.235: ICMP echo reply, id 13425, seq 2, length 64
22:37:57.402471 IP 网关a.125.89.67.236 > 网关b.125.89.67.235: ICMP echo reply, id 13425, seq 3, length 64
如果ping 192.168.1.10则没有这个问题(网关指向192.168.1.254),
网关B的防火墙默认策略是:
INPUT DROP
FORWARD DROP
OUTPUT ACCEPT
|
|
免费注册
发表于 2014-03-05 22:26
发表于 2014-03-06 09:36
发表于 2014-03-07 16:03