Linux 无法将数据包从一个接口路由到另一个接口
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/10039027/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
can not route packets from one interface to another
提问by mcha
I have a system with 2 interfaces eth0, and eth1.
我有一个带有 2 个接口的系统eth0,并且eth1.
eth0is192.168.0.250and connected to gateway192.168.0.2.eth1is connected to192.123.123.10via a swtich.
eth0是192.168.0.250并连接到网关192.168.0.2。eth1192.123.123.10通过开关连接。
I am trying to route packets from 192.123.123.10to gateway 192.168.0.2, which means I need to route 192.123.123.xpackets coming into eth1interface out via eth0interface.
我正在尝试将数据包从192.123.123.10网关路由到网关192.168.0.2,这意味着我需要通过接口将192.123.123.x进入eth1接口的数据包路由出去eth0。
I set ip_forwardfile to 1.
I ran this command:
我将ip_forward文件设置为1. 我运行了这个命令:
route add -net 192.123.0.0 netmask 255.255.255.0 dev eth0
route add default gw 192.168.0.2
I can ping from 129.123.123.10to 192.168.0.250, but I can't ping to 192.168.0.2I think the packets are not being forwarded to eth0.
我可以 ping129.123.123.10到192.168.0.250,但我无法 ping 到192.168.0.2我认为数据包没有被转发到eth0。
My routing table looks something like this:
我的路由表如下所示:
gteway Genmask Flags Ref Iface
192.123.123.0 * 255.255.255.0 U eth1
192.168.0.0 * 255.255.255.0 U eth0
192.123.0.0 * 255.255.255.0 U eth0
default 192.168.0.2 0.0.0.0 UG eth0
Can anyone tell me what is missing? Thank you in advance.
谁能告诉我缺少什么?先感谢您。
回答by resmon6
It's not your routing table on this system that you need to be concerned about. It's the routing tables of the other systems. 192.168.0.2 knows nothing about the 192.123.X.X network being routed to 192.168.0.250. Similarly the hosts on 192.123.X.X need to route the 192.168.X.X network over to 192.123.123.10.
您需要关心的不是您在该系统上的路由表。它是其他系统的路由表。192.168.0.2 对路由到 192.168.0.250 的 192.123.XX 网络一无所知。同样,192.123.XX 上的主机需要将 192.168.XX 网络路由到 192.123.123.10。
回答by eltommo
I'm fairly certain this can be achieved using iptables and port forwarding rules. There is some more information here http://www.revsys.com/writings/quicktips/nat.htmlabout how to forward packets between interfaces.
我相当肯定这可以使用 iptables 和端口转发规则来实现。这里有一些关于如何在接口之间转发数据包的更多信息http://www.revsys.com/writings/quicktips/nat.html。
回答by dAm2K
You are missing your back path route. The host 192.168.0.2 see packet coming from 192.123.123.10 but he doesn't know how to route the reply packet back since it doesn't have the return route. You can do two things:
你错过了你的后路路线。主机 192.168.0.2 看到来自 192.123.123.10 的数据包,但他不知道如何将回复数据包路由回去,因为它没有返回路由。你可以做两件事:
1- create a route on 192.168.0.2 machine to handle traffic directed to 192.123.123.0/24
1- 在 192.168.0.2 机器上创建路由以处理定向到 192.123.123.0/24 的流量
2- NAT on your 192.168.0.250 host with the command below:
2- 使用以下命令在 192.168.0.250 主机上进行 NAT:
iptables -t nat -A POSTROUTING -s 129.123.123.0/24 -j SNAT --to-source 192.168.0.250
