鸟哥学习笔记---路由器

 [root@szm ~]# route add -net 192.168.5.0 netmask 255.255.255.0 gw 192.168.179.2

[root@szm ~]# route -n

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

192.168.179.0   0.0.0.0         255.255.255.0   U     1      0        0 eth0

192.168.5.0     192.168.179.2   255.255.255.0   UG    0      0        0 eth0

172.16.128.0    0.0.0.0         255.255.255.0   U     1      0        0 eth1

0.0.0.0         192.168.179.2   0.0.0.0         UG    0      0        0 eth0

快速建立测试用IP：
[root@szm ~]# ifconfig eth0:0 192.168.0.100 netmask 255.255.255.0 up

当要启动eth0:0时，eth0必须要启动才行。而当eth0被关闭后，所有eth0:n的模拟网卡也将同时关闭。

 

永久建立多IP地址方法一：
[root@szm ~]# cat /etc/rc.d/rc.local

#!/bin/sh

#

# This script will be executed *after* all the other init scripts.

# You can put your own initialization stuff in here if you don't

# want to do the full Sys V style init stuff.

 

touch /var/lock/subsys/local

永久建立多IP地址方法二：（注意NetworkManager的影响）
[root@szm ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1:0

DEVICE="eth1:0"

ONBOOT=yes

BOOTPROTO=static

IPADDR=192.168.111.100

NETMASK=255.255.255.0

[root@szm ~]# /etc/init.d/network restart

Shutting down interface eth0:                              [  OK  ]

Shutting down interface eth1:                              [  OK  ]

Shutting down loopback interface:                          [  OK  ]

Bringing up loopback interface:                            [  OK  ]

Bringing up interface eth0:                                [  OK  ]

Bringing up interface eth1:

Determining IP information for eth1... done.

                                                           [  OK  ]

开启路由功能：

[root@szm ~]# cat /proc/sys/net/ipv4/ip_forward

0

方法一：[root@szm ~]# echo 1 > /proc/sys/net/ipv4/ip_forward

[root@szm ~]# cat /proc/sys/net/ipv4/ip_forward

1

方法二：[root@szm ~]# cat /etc/sysctl.conf | grep net.ipv4.ip_forward

net.ipv4.ip_forward = 1

[root@szm ~]# sysctl -p

net.ipv4.ip_forward = 1

net.ipv4.conf.default.rp_filter = 1

net.ipv4.conf.default.accept_source_route = 0

kernel.sysrq = 0

kernel.core_uses_pid = 1

net.ipv4.tcp_syncookies = 1

error: "net.bridge.bridge-nf-call-ip6tables" is an unknown key

error: "net.bridge.bridge-nf-call-iptables" is an unknown key

error: "net.bridge.bridge-nf-call-arptables" is an unknown key

Centos 6.X默认的防火墙会将来自不同网卡的沟通数据包删除。

 

设置路由：

[root@szm ~]# cat /etc/sysconfig/network-scripts/route-eth0

192.168.100.0/24 via 192.168.179.1 dev eth0

[root@szm ~]# route -n

Kernel IP routing table

Destination     Gateway         Genmask         Flags Metric Ref    Use Iface

192.168.100.0   192.168.179.1   255.255.255.0   UG    0      0        0 eth0

192.168.179.0   0.0.0.0         255.255.255.0   U     0      0        0 eth0

172.16.128.0    0.0.0.0         255.255.255.0   U     0      0        0 eth1

192.168.111.0   0.0.0.0         255.255.255.0   U     0      0        0 eth1

169.254.0.0     0.0.0.0         255.255.0.0     U     1002   0        0 eth0

169.254.0.0     0.0.0.0         255.255.0.0     U     1003   0        0 eth1

0.0.0.0         172.16.128.254  0.0.0.0         UG    0      0        0 eth1

 

动态路由功能：

[root@szm ~]# ll /etc/quagga/

total 36

-rw-r--r--. 1 root   root      566 Nov 12  2010 bgpd.conf.sample

-rw-r--r--. 1 root   root     2801 Nov 12  2010 bgpd.conf.sample2

-rw-r--r--. 1 root   root     1110 Nov 12  2010 ospf6d.conf.sample

-rw-r--r--. 1 root   root      182 Nov 12  2010 ospfd.conf.sample

-rw-r--r--. 1 root   root      406 Nov 12  2010 ripd.conf.sample

-rw-r--r--. 1 root   root      390 Nov 12  2010 ripngd.conf.sample

-rw-r-----. 1 quagga quaggavt    0 Mar 24 18:07 vtysh.conf

-rw-r--r--. 1 quagga quaggavt  128 Nov 12  2010 vtysh.conf.sample

-rw-r-----. 1 quagga quagga     22 Mar 24 18:07 zebra.conf

-rw-r--r--. 1 root   root      369 Nov 12  2010 zebra.conf.sample

[root@szm ~]# cat /etc/quagga/zebra.conf

hostname szm.test.com

password linux

enable password linux

log file /var/log/quagga/zebra.log

[root@szm ~]# telnet localhost 2601

Trying 127.0.0.1...

Connected to localhost.

Escape character is '^]'.

 

Hello, this is Quagga (version 0.99.15).

Copyright 1996-2005 Kunihiro Ishiguro, et al.

 

User Access Verification

 

Password:

szm.test.com> show ip route

Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,

       I - ISIS, B - BGP, > - selected route, * - FIB route

 

K>* 0.0.0.0/0 via 172.16.128.254, eth1

C>* 127.0.0.0/8 is directly connected, lo

K>* 169.254.0.0/16 is directly connected, eth1

C>* 172.16.128.0/24 is directly connected, eth1

K>* 192.168.100.0/24 via 192.168.179.1, eth0

C>* 192.168.111.0/24 is directly connected, eth1

C>* 192.168.179.0/24 is directly connected, eth0

 

添加路由：

一：本地路由表：

[root@szm ~]# cat /etc/quagga/zebra.conf

hostname szm.test.com

password linux

enable password linux

log file /var/log/quagga/zebra.log

ip route 10.0.0.0/24 eth0

[root@szm ~]# /etc/init.d/zebra restart

Shutting down zebra:                                       [  OK  ]

Starting zebra:                                            [  OK  ]

[root@szm ~]# telnet localhost 2601

Trying 127.0.0.1...

Connected to localhost.

Escape character is '^]'.

 

Hello, this is Quagga (version 0.99.15).

Copyright 1996-2005 Kunihiro Ishiguro, et al.

 

 

User Access Verification

 

Password:

szm.test.com> show ip route

Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,

       I - ISIS, B - BGP, > - selected route, * - FIB route

 

K>* 0.0.0.0/0 via 172.16.128.254, eth1

S>* 10.0.0.0/24 [1/0] is directly connected, eth0

C>* 127.0.0.0/8 is directly connected, lo

K>* 169.254.0.0/16 is directly connected, eth1

C>* 172.16.128.0/24 is directly connected, eth1

K>* 192.168.100.0/24 via 192.168.179.1, eth0

C>* 192.168.111.0/24 is directly connected, eth1

C>* 192.168.179.0/24 is directly connected, eth0

 

ripd这个服务可以在两台Router之间进行路由规则的交换与沟通。Centos的Quagga所提供的Ripd服务使用的是V2版本，这个版本默认要求身份验证的操作，但是对于小型网络如果并不想加入这个身份验证的有，那就需要增加某些设置值才能够顺利启动Ripd。

 

二：宣告路由

[root@szm ~]# cat /etc/quagga/ripd.conf

hostname szm.test.com

password linux

debug rip events

debug rip packet

router rip

 version 2

 network 192.168.179.0/24

 network 192.168.100.0/24

 interface eth0

  no ip rip authentication mode

 log file /var/log/quagga/zebra.log

[root@szm ~]# /etc/init.d/ripd start

Starting ripd:                                             [  OK  ]

[root@szm ~]# netstat -tulnp | grep ripd

tcp        0      0 127.0.0.1:2602              0.0.0.0:*                   LISTEN      23477/ripd

udp        0      0 0.0.0.0:520                 0.0.0.0:*                               23477/ripd

代理ARP：

pc1-----------------外(eth0)R1(eth1)内------------pc2,pc3,pc4

eth0:00:00:00:00:00:00
eth1:11:11:11:11:11:11

 绑定内部MAC到外部接口：
 [root@szm ~]# arp -i eth0 -s 192.168.11.2 00:00:00:00:00:00 pub
 [root@szm ~]# arp -i eth0 -s 192.168.11.3 00:00:00:00:00:00 pub
 [root@szm ~]# arp -i eth0 -s 192.168.11.4 00:00:00:00:00:00 pub

内部添加本地路由：
[root@szm ~]# route add -host 192.168.11.2 eth1

[root@szm ~]# route add -host 192.168.11.3 eth1

[root@szm ~]# route add -host 192.168.11.4 eth1

欺骗内部主机MAC：

[root@szm ~]# arp -i eth1 -s 192.168.11.101 11:11:11:11:11:11 pub

[root@szm ~]# arp -i eth1 -s 192.168.11.254 11:11:11:11:11:11 pub

 

 

[root@szm ~]# route del -net 192.168.11.0 netmask 255.255.255.0 eth1