Static routes
Содержание
Маршрутизация ip трафика и статические маршруты
Предварительные требования
- Две виртуальная машины с двумя сетевыми интерфейсами в каждой
- Установленные пакеты:
bash-completion
Предварительная настройка сетевых интерфейсов на виртуальных машинах
Настройка параметров ядра
Для настройки статической маршрутизаци, первым шагом следует
разрешить обмен пакетами между сетевыми интерфейсами специальной
настройкой системного параметра. На vm-01
разрешаем обмен пакетами и проверяем установленное значение:
[root@vm-01 ~]# sysctl -a | grep ip_forward
net.ipv4.ip_forward = 0
net.ipv4.ip_forward_use_pmtu = 0
[root@vm-01 ~]# sysctl -w net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1
[root@vm-01 ~]# sysctl -a | grep ip_forward
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_use_pmtu = 0
[root@vm-01 ~]#
Для того, что бы изменения применялись после перезагрузки
запишем измененное значение в /etc/sysctl.conf
[root@vm-01 ~]# echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
[root@vm-01 ~]# cat /etc/sysctl.conf
# sysctl settings are defined through files in
# /usr/lib/sysctl.d/, /run/sysctl.d/, and /etc/sysctl.d/.
#
# Vendors settings live in /usr/lib/sysctl.d/.
# To override a whole file, create a new file with the same in
# /etc/sysctl.d/ and put new settings there. To override
# only specific settings, add a file with a lexically later
# name in /etc/sysctl.d/ and put new settings there.
#
# For more information, see sysctl.conf(5) and sysctl.d(5).
net.ipv4.ip_forward = 1
[root@vm-01 ~]#
Настроим второй сетевой интерфейс данной виртуальной машины:
[root@vm-01 ~]# nmcli connection show
NAME UUID TYPE DEVICE
eth0 89d6addf-2717-4933-ac09-c63936ed5205 802-3-ethernet eth0
eth1 b1b57e4d-26fd-438b-846d-bcdee06aee53 802-3-ethernet --
[root@vm-01 ~]# nmcli connection edit eth1
===| nmcli interactive connection editor |===
Editing existing '802-3-ethernet' connection: 'eth1'
Type 'help' or '?' for available commands.
Type 'describe [<setting>.<prop>]' for detailed property description.
You may edit the following settings: connection, 802-3-ethernet (ethernet), 802-1x, dcb, ipv4, ipv6
nmcli> set ipv4.method manual
nmcli> set ipv4.addresses 192.168.1.1/24
nmcli> set connection.autoconnect
autoconnect autoconnect-priority autoconnect-slaves
nmcli> set connection.autoconnect
no yes
nmcli> set connection.autoconnect yes
nmcli> save
Connection 'eth1' (b1b57e4d-26fd-438b-846d-bcdee06aee53) successfully updated.
nmcli> save persistent
Connection 'eth1' (b1b57e4d-26fd-438b-846d-bcdee06aee53) successfully updated.
nmcli> quit
[root@vm-01 ~]#
Включим интерфейс и проверим его настройки:
[root@vm-01 ~]# nmcli connection up eth1
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
[root@vm-01 ~]# nmcli connection show
NAME UUID TYPE DEVICE
eth0 89d6addf-2717-4933-ac09-c63936ed5205 802-3-ethernet eth0
eth1 b1b57e4d-26fd-438b-846d-bcdee06aee53 802-3-ethernet eth1
[root@vm-01 ~]# ip -4 addr show dev eth1
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
inet 192.168.1.1/24 brd 192.168.1.255 scope global eth1
valid_lft forever preferred_lft forever
[root@vm-01 ~]#
Теперь разрешим трансляцию адресов в файрволле:
[root@vm-01 zones]# firewall-cmd --get-default-zone
public
[root@vm-01 zones]# firewall-cmd --permanent --zone=public --add-masquerade
success
[root@vm-01 zones]# firewall-cmd --reload
success
[root@vm-01 zones]#
Настройка второго сетевого интерфейса ens10
, на виртуальной машине vm-02
[root@vm-02 ~]# nmcli connection show
NAME UUID TYPE DEVICE
ens3 427963c7-c016-417a-a542-7738fd158922 802-3-ethernet ens3
ens10 d95a3145-91f8-4e9d-8219-975da848f2e7 802-3-ethernet --
[root@vm-02 ~]# nmcli connection edit ens10
===| nmcli interactive connection editor |===
Editing existing '802-3-ethernet' connection: 'ens10'
Type 'help' or '?' for available commands.
Type 'describe [<setting>.<prop>]' for detailed property description.
You may edit the following settings: connection, 802-3-ethernet (ethernet), 802-1x, ipv4, ipv6, dcb
nmcli> set ipv4.method manual
nmcli> set ipv4.addresses 192.168.1.2/24
nmcli> save
Connection 'ens10' (d95a3145-91f8-4e9d-8219-975da848f2e7) successfully updated.
nmcli> save persistent
Connection 'ens10' (d95a3145-91f8-4e9d-8219-975da848f2e7) successfully updated.
nmcli> quit
Включаем интерфейс и проверяем настроки:
[root@vm-02 ~]# nmcli connection up ens10
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/6)
[root@vm-02 ~]# nmcli connection show
NAME UUID TYPE DEVICE
ens3 427963c7-c016-417a-a542-7738fd158922 802-3-ethernet ens3
ens10 d95a3145-91f8-4e9d-8219-975da848f2e7 802-3-ethernet ens10
[root@vm-02 ~]# ip -4 addr show ens10
3: ens10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
inet 192.168.1.2/24 brd 192.168.1.255 scope global ens10
valid_lft forever preferred_lft forever
[root@vm-02 ~]#
Теперь следует убедиться, что между двумя виртуальными машинами, у вторых сетевых интерфейсов существует связанность:
[root@vm-02 ~]# ping -c 3 192.168.1.1
PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.927 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.776 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=0.733 ms
--- 192.168.1.1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 0.733/0.812/0.927/0.083 ms
[root@vm-02 ~]#
Использование NetworkManager
Настройка статического маршрута
Смаршрутизируем адрес ya.ru
(87.250.250.242) через
виртуальную машину vm-01
[root@vm-02 ~]# nmcli connection edit ens10
===| nmcli interactive connection editor |===
Editing existing '802-3-ethernet' connection: 'ens10'
Type 'help' or '?' for available commands.
Type 'describe [<setting>.<prop>]' for detailed property description.
You may edit the following settings: connection, 802-3-ethernet (ethernet), 802-1x, ipv4, ipv6, dcb
nmcli> describe ipv4.routes
=== [routes] ===
[NM property description]
Array of IPv4 route structures. Each IPv4 route structure is composed of 4 32-bit values; the first being the destination IPv4 network or address (network byte order), the second the destination network or address prefix (1 - 32), the third being the next-hop (network byte order) if any, and the fourth being the route metric. For the 'auto' method, given IP routes are appended to those returned by automatic configuration. Routes cannot be used with the 'shared', 'link-local', or 'disabled', methods as there is no upstream network.
[nmcli specific description]
Enter a list of IPv4 routes formatted as:
ip/[prefix] next-hop [metric],...
Missing prefix is regarded as a prefix of 32.
Missing metric is regarded as a metric of 0.
Example: 192.168.2.0/24 192.168.2.1 3, 10.1.0.0/16 10.0.0.254
nmcli> set ipv4.routes 87.250.250.242 192.168.1.1
nmcli> save
Connection 'ens10' (d95a3145-91f8-4e9d-8219-975da848f2e7) successfully updated.
nmcli> save persistent
Connection 'ens10' (d95a3145-91f8-4e9d-8219-975da848f2e7) successfully updated.
nmcli> quit
[root@vm-02 ~]#
В результате данных действий будет создан файл /etc/sysconfig/network-scripts/route-ens10
следующего содержания:
[root@vm-02 ~]# cat /etc/sysconfig/network-scripts/route-ens10
ADDRESS0=87.250.250.242
NETMASK0=255.255.255.255
GATEWAY0=192.168.1.1
[root@vm-02 ~]#
Маршрут не применится, пока мы не выключим, а затем снова не включим интерфейс (команда nmcli connection reload ens10
не даст нужного результата!):
[root@vm-02 ~]# ip route show
default via 192.168.122.1 dev ens3 proto static metric 1024
192.168.1.0/24 dev ens10 proto kernel scope link src 192.168.1.2
192.168.122.0/24 dev ens3 proto kernel scope link src 192.168.122.179
[root@vm-02 ~]#
Выключаем, а затем снова включаем интерфейс ens10
:
[root@vm-02 ~]# nmcli connection down ens10
[root@vm-02 ~]# nmcli connection up ens10
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/9)
[root@vm-02 ~]#
Проверяем наличие маршрута:
[root@vm-02 ~]# ip route show
default via 192.168.122.1 dev ens3 proto static metric 1024
87.250.250.242 via 192.168.1.1 dev ens10 proto static metric 1
192.168.1.0/24 dev ens10 proto kernel scope link src 192.168.1.2
192.168.122.0/24 dev ens3 proto kernel scope link src 192.168.122.179
[root@vm-02 ~]#
Маршрут появился, теперь проверим хождение пакетов: