Linux 如何将从一个网络接口收到的数据包重定向到另一个网络接口?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/10275953/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How to redirect packets received from one network interface to another network interface?
提问by user1072898
I am using ubuntu11.10, and I created a tun/tap interface using the following commands
我使用的是 ubuntu11.10,我使用以下命令创建了一个 tun/tap 接口
openvpn --mktun --dev tun0
ip link set tun0 up
ip addr add 10.10.10.1/24 dev tun0
route add 10.10.10.1/24 dev tun0
I have another interface there
我在那里有另一个界面
eth0 10.80.1.87
I wanna redirect packets received from tun0 to eth0. How to do that on top of Ubuntu?
我想将从 tun0 收到的数据包重定向到 eth0。如何在 Ubuntu 上做到这一点?
回答by SimSimY
Sounds like you want to configure bridge between two network interfacesThere is also ubuntu specific manual here
喜欢你的声音要两个网络接口之间配置桥还有ubuntu的特定的手册在这里
$ sudo apt-get install bridge-utils
# vim /etc/network/interfaces:
auto lo iface lo inet loopback auto br0 iface br0 inet static address 192.168.0.10 network 192.168.0.0 netmask 255.255.255.0 broadcast 192.168.0.255 gateway 192.168.0.1 bridge_ports eth0 bridge_fd 9 bridge_hello 2 bridge_maxage 12 bridge_stp off
auto lo iface lo inet loopback auto br0 iface br0 inet static address 192.168.0.10 network 192.168.0.0 netmask 255.255.255.0 broadcast 192.168.0.255 gateway 192.168.0.1 bridge_ports eth0 bridge_fd 9 bridge_hello 2 bridge_maxage 12 bridge_stp off
$sudo /etc/init.d/networking restart
回答by rew
IP forwarding is off by default, as required by the TCPIP standards. You turn it on with: echo 1 > /proc/sys/net/ipv4/ip_forward
根据 TCPIP 标准的要求,默认情况下 IP 转发处于关闭状态。你打开它: echo 1 > /proc/sys/net/ipv4/ip_forward
then the forwarding will work. You seem to have added a few lines together in your post, so I cannot determine your networking configuration.
然后转发将起作用。您似乎在您的帖子中添加了几行,因此我无法确定您的网络配置。
If a packet on tun0 comes in with a destination on eth0, it will now be forwarded. Your Ubuntu machine will work as a router. It will NOT blindly put packets that come in on tun0 onto the ethernet.
如果 tun0 上的数据包进入 eth0 上的目的地,则现在将转发它。您的 Ubuntu 机器将用作路由器。它不会盲目地将来自 tun0 的数据包放到以太网上。
So if your IP address on tun0 is 10.10.10.1, then another host, say 10.10.10.45 on tun0 will have to have a gateway of 10.10.10.1 configured (at least for 10.80.1.0/24). Then if it has a packet for say 10.80.1.234, it will first forward it to 10.10.10.1, your Ubuntu machine that will forward it to 10.80.1.234 on the ethernet. Next, THAT machine will reply to 10.10.10.45. It has to be configured to use 10.80.1.87 as the gateway for that host/network. If all that is configured correctly it will work.
因此,如果您在 tun0 上的 IP 地址是 10.10.10.1,那么另一台主机(例如 tun0 上的 10.10.10.45)必须配置网关 10.10.10.1(至少对于 10.80.1.0/24)。然后如果它有一个 10.80.1.234 的数据包,它会首先将它转发到 10.10.10.1,你的 Ubuntu 机器将它转发到以太网上的 10.80.1.234。接下来,那台机器会回复 10.10.10.45。它必须配置为使用 10.80.1.87 作为该主机/网络的网关。如果所有配置都正确,它将起作用。
An alternative to configuring the correct gateway on the machines on 10.80.1.0/24 would be to enable ip masquerading. Then your ubuntu machine will fake the the FROM address and substitute 10.80.1.87 as the source where 10.10.10.45 used to be.
在 10.80.1.0/24 上的机器上配置正确网关的替代方法是启用 ip 伪装。然后你的 ubuntu 机器将伪造 FROM 地址并将 10.80.1.87 替换为 10.10.10.45 以前的来源。
回答by Sylvain Leroux
As a complement to the two otherwise good answers, remember that:
作为对两个其他好的答案的补充,请记住:
- bridgingwork at link layer ("ethernet level") -- and so configuring a bridge between two interfaces is mostly like wiring them through a (virtual) switch
- forwardingwork at network layer ("IP level") -- and so configuring forwarding between two interfaces is like connecting them through a (virtual) router
- 在链路层(“以太网级别”)进行桥接工作——因此在两个接口之间配置桥接器就像通过(虚拟)交换机连接它们
- 在网络层(“IP 层”)转发工作——因此在两个接口之间配置转发就像通过(虚拟)路由器连接它们
