Benutzer-Werkzeuge

Webseiten-Werkzeuge


routing

Dies ist eine alte Version des Dokuments!


Routing

Packet forwarding einschalten

Damit ein Router überhaupt als solcher funktionieren kann, muss packet forwarding eingeschaltet werden:

sed -i '/^.*ip_forward=1/s/^#//' /etc/sysctl.conf

So kann man es ausschalten:

sed -i '/^.*ip_forward=1/s/^/#/' /etc/sysctl.conf

NETLAB Test-Setup line-Topologie

router

source /etc/network/interfaces.d/*
 
# The loopback network interface
auto lo
iface lo inet loopback
 
# The primary network interface
allow-hotplug enp0s7
iface enp0s7 inet static
	address 134.99.246.151
	netmask 255.255.255.0
	gateway 134.99.246.1
 
# The secondary network interface
allow-hotplug enp1s6
iface enp1s6 inet static
	address 10.0.1.0
	netmask 255.255.255.254
	up		ip route add 10.0.0.0/16 via 10.0.1.1 dev enp1s6
	down	ip route del 10.0.0.0/16 via 10.0.1.1 dev enp1s6
table ip nat {
	chain post {
		type nat hook postrouting priority 0; policy accept;
		ip saddr 10.0.1.1 oif "enp0s7" snat to 134.99.246.151
	}
}
table inet filter {
	chain input {
		type filter hook input priority 0; policy accept;
	}
	chain forward {
		type filter hook forward priority 0; policy accept;
	}
	chain output {
		type filter hook output priority 0; policy accept;
	}
}

host1

source /etc/network/interfaces.d/*
 
# The loopback network interface
auto lo
iface lo inet loopback
 
# The primary network interface
allow-hotplug enp1s0
iface enp1s0 inet static
	address 10.0.1.1
	netmask 255.255.255.254
	gateway 10.0.1.0
 
allow-hotplug enp1s0
iface enp1s0 inet static
	address 10.0.2.0
	netmask 255.255.255.254
table ip nat {
	chain post {
		type nat hook postrouting priority 0; policy accept;
		ip saddr 10.0.2.1 oif "enp1s0" snat to 10.0.1.1
	}
}
table inet filter {
	chain input {
		type filter hook input priority 0; policy accept;
	}
	chain forward {
		type filter hook forward priority 0; policy accept;
	}
	chain output {
		type filter hook output priority 0; policy accept;
	}
}

host2

source /etc/network/interfaces.d/*
 
# The loopback network interface
auto lo
iface lo inet loopback
 
# The primary network interface
allow-hotplug enp1s0
iface enp1s0 inet static
	address 10.0.2.1
	netmask 255.255.255.254
	gateway 10.0.2.0
routing.1518983417.txt.gz · Zuletzt geändert: 2018/02/18 20:50 von admin