路由网关转发配置

• 网络环境&＃xff1a;
  　　先说下网络环境&＃xff0c;有三台服务器&＃xff0c;处在网络1和网络2折两个完全隔绝的环境&＃xff0c;网络1和网络2之间不能互通。其中&＃xff0c;Server1在网络1中&＃xff0c;Server3在网络2中&＃xff0c;而Server2有两块网卡&＃xff0c;分别位于网络1和网络2中。Server3不能直接访问Server1&＃xff0c;因为它们处于不同的网络。若要实现这两个服务器之间的互联&＃xff0c;就必须要利用Server2这台服务器。将Server2视为网关&＃xff0c;Server3如要访问Server1&＃xff0c;将数据发送至Server2&＃xff0c;再用Server2转发到Server1中。
• 具体配置&＃xff1a;

　　Server3增加一条路由&＃xff0c;访问192.168.100.*网段的请求&＃xff0c;都发送至Server2中。但以为他们之间只能通过109.105.115.*网段&＃xff0c;所以必须如下设置&＃xff1a;

root&＃64;ubuntu111:~# route add -net 192.168.100.0/24 gw 109.105.115.42
root&＃64;ubuntu111:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 109.105.115.1 0.0.0.0 UG 0 0 0 p2p1
109.105.115.0 * 255.255.255.0 U 0 0 0 p2p1
192.168.100.0 109.105.115.42 255.255.255.0 UG 0 0 0 p2p1


　　可以观察到路由表中已经增添了192.168.100.*网段的路由&＃xff0c;接下来配置Server2。Server2中的网卡情况如下&＃xff1a;

root&＃64;ubuntu42:~# ifconfig
br0 Link encap:Ethernet HWaddr 00:25:90:c9:dd:a0 inet addr:109.105.115.42 Bcast:109.105.115.255 Mask:255.255.255.0inet6 addr: fe80::e45b:96ff:feac:b796/64 Scope:LinkUP BROADCAST RUNNING MTU:1500 Metric:1RX packets:2490763 errors:0 dropped:0 overruns:0 frame:0TX packets:369712 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:0 RX bytes:606668767 (606.6 MB) TX bytes:44997503 (44.9 MB)
p2p1 Link encap:Ethernet HWaddr e4:1d:2d:7d:c2:80 inet addr:192.168.100.42 Bcast:192.168.100.255 Mask:255.255.255.0inet6 addr: fe80::e61d:2dff:fe7d:c280/64 Scope:LinkUP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1RX packets:314 errors:0 dropped:0 overruns:0 frame:0TX packets:488 errors:0 dropped:0 overruns:0 carrier:0collisions:0 txqueuelen:1000 RX bytes:47695 (47.6 KB) TX bytes:45781 (45.7 KB)
root&＃64;ubuntu42:~# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 109.105.115.1 0.0.0.0 UG 0 0 0 br0
109.105.115.0 * 255.255.255.0 U 0 0 0 br0
192.168.100.0 192.168.100.42 255.255.255.0 UG 0 0 0 p2p1


　　此时&＃xff0c;如果直接在Server3中ping Server1&＃xff0c;发现还是不通&＃xff0c;但是在Server2中使用tcpdump命令&＃xff0c;发现数据的确已经发送到了Server2了。

root&＃64;ubuntu42:~# tcpdump -nei eth0 host 109.105.115.111
tcpdump: WARNING: eth0: no IPv4 address assigned
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
00:15:54.561488 a0:36:9f:78:70:08 > 00:25:90:c9:dd:a0, ethertype IPv4 (0x0800), length 98: 109.105.115.111 > 192.168.100.251: ICMP echo request, id 23780, seq 16, length 64
00:15:55.561537 a0:36:9f:78:70:08 > 00:25:90:c9:dd:a0, ethertype IPv4 (0x0800), length 98: 109.105.115.111 > 192.168.100.251: ICMP echo request, id 23780, seq 17, length 64


　　那么&＃xff0c;就只有一个可能性了&＃xff0c;就是Server2的转发失败了&＃xff0c;因此&＃xff0c;需要打开Server2的转发功能。

root&＃64;ubuntu42:~# echo 1 > /proc/sys/net/ipv4/ip_forward


　　再次直接在Server3中ping Server1&＃xff0c;ping通&＃xff0c;搞定。