Problem routnigu.
Przemysław Piskozub
przemek w piskozub.eu
Nie, 10 Lip 2011, 13:00:16 CEST
Witam!
Witam ma problem z routingiem.
Mam dwa l/acza u siebie. Po migracji z PLD AC do PLD Ti nie chce
dzial/ac mi routing. Skrypty które kopiowal/em ze AC dzial/y
prawidl/owo. Bazowal/em na skryptach ze strony
http://v4.kamilm.net/?go=linux&i=2dsl . Niestety skrypt nie dzial/a
prawidlowo. Nie jestem w stanie wykonywac pingów na obydwóch l/aczach.
Przesyl/am cala konfiguracje. Moze uda wam sie znalezc jakis szczegól/
którego ja nie moge znalezc:
[root w Router ~]# ip add sh
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP qlen 1000
link/ether 00:11:0a:5a:54:40 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 brd 192.168.1.255 scope global eth0
inet 192.168.1.0/24 scope global secondary eth0
inet6 fe80::211:aff:fe5a:5440/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP qlen 100
link/ether 00:11:0a:5a:54:41 brd ff:ff:ff:ff:ff:ff
inet 83.18.6.46/30 brd 83.18.6.47 scope global eth1
inet 83.18.6.44/30 scope global secondary eth1
inet6 fe80::211:aff:fe5a:5441/64 scope link
valid_lft forever preferred_lft forever
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP qlen 100
link/ether 00:1b:21:43:15:9c brd ff:ff:ff:ff:ff:ff
inet 10.10.10.254/24 brd 10.10.10.255 scope global eth2
inet 10.10.10.0/24 scope global secondary eth2
inet6 fe80::21b:21ff:fe43:159c/64 scope link
valid_lft forever preferred_lft forever
[root w Router ~]# vim /etc/sysctl.conf
### IPV4 NETWORKING
# Disables IPv4 packet forwarding
net.ipv4.ip_forward = 1
# Enables source route verification
net.ipv4.conf.all.rp_filter = 1
net.ipv4.conf.default.rp_filter = 1
# Accept ICMP redirect messages (suggested 1 for hosts and 0 for
routers)
# net.ipv4.conf.all.accept_redirects = 1
# Accept source routed packages (suggested 0 for hosts and 1 for
routers)
# net.ipv4.conf.all.accept_source_route = 1
# Log packets with source addresses with no known route to kernel log
net.ipv4.conf.all.log_martians = 1
# Do multicast routing ? The kernel needs to be compiled with
# CONFIG_MROUTE and a multicast routing daemon is required.
# net.ipv4.conf.all.mc_forwarding = 1
# If you get message "Neighbour table overflow" try to play with this
values.
# Needed in huge networks. These example values are sufficent in
networks with
# mask 21.
# net.ipv4.neigh.default.gc_thresh3 = 4096
# net.ipv4.neigh.default.gc_thresh2 = 2048
# net.ipv4.neigh.default.gc_thresh1 = 512
# net.ipv6.neigh.default.gc_thresh3 = 1024
# net.ipv6.neigh.default.gc_thresh2 = 512
# net.ipv6.neigh.default.gc_thresh1 = 128
# Do proxy ARP ?
# net.ipv4.conf.all.proxy_arp = 1
# Accept ICMP redirect messages only for gateways, listed in
# default gateway list ?
# net.ipv4.conf.all.secure_redirects = 1
# Send ICMP redirects to other hosts ?
net.ipv4.conf.all.send_redirects = 0
# Ignore all ICMP echo requests ?
# net.ipv4.icmp_echo_ignore_all = 1
# Ignore ICMP echo requests to broadcast and multicast addresses ?
# net.ipv4.icmp_echo_ignore_broadcasts = 1
# Enable MTU discovery patch ? (KERNEL MUST SUPPORT THIS)
# MTU (maximal transfer unit) is the size of the chunks we send out
# over the net. "Path MTU Discovery" means that, instead of always
# sending very small chunks, we start out sending big ones and if we
# then discover that some host along the way likes its chunks smaller,
# we adjust to a smaller size.
# net.ipv4.ip_no_pmtu_disc = 1
# Enable debugging of IP masquerading ?
# net.ipv4.ip_masq_debug = 1
# Bug-to-bug compatibility with some broken printers. On retransmit
# try to send bigger packets to work around bugs in certain TCP
# stacks. Can be turned off by setting IPV4_RETRANS_COLLAPSE to
,,yes''.
# net.ipv4.tcp_retrans_collapse = 1
# Disable select acknowledgments after RFC2018 ?
# TCP may experience poor performance when multiple packets are lost
# from one window of data. With the limited information available
# from cumulative acknowledgments, a TCP sender can only learn about a
# single lost packet per round trip time. An aggressive sender could
# choose to retransmit packets early, but such retransmitted segments
# may have already been successfully received.
net.ipv4.tcp_sack = 0
# Disable timestamps as defined in RFC1323 ?
# Timestamps are designed to provide compatible interworking with
# TCP's that do not implement the TCP Extensions for High Performance
# net.ipv4.tcp_timestamps = 0
# Enable the strict RFC793 interpretation of the TCP urgent pointer
field.
# net.ipv4.tcp_stdurg = 1
# Enable tcp_syncookies
net.ipv4.tcp_syncookies = 1
# Disable window scaling as defined in RFC1323 ?
# The window scale extension expands the definition of the TCP
# window to 32 bits and then uses a scale factor to carry this
# 32-bit value in the 16-bit Window field of the TCP header.
net.ipv4.tcp_window_scaling = 0
# Enable dynamic socket address rewriting on interface address change.
# This is useful for dialup interface with changing IP addresses.
# sys.net.ipv4.ip_dynaddr = 7
# Range of ports used by TCP and UDP to choose the local
# port. Contains two numbers, the first number is the lowest port,
# the second number the highest local port. Default is "1024 4999".
# Should be changed to "32768 61000" for high-usage systems.
# net.ipv4.ip_local_port_range = 4096 61000
# Disables automatic defragmentation (needed for masquerading, LVS)
# Non existant on Linux 2.4
# net.ipv4.ip_always_defrag = 0
### IPV6 NETWORKING
# Disables IPv6 packet forwarding
# net.ipv6.conf.all.forwarding = 0
# Do you want IPv6 address autoconfiguration? Kernel default is yes.
# net.ipv6.conf.all.autoconf = 0
# net.ipv6.conf.default.autoconf = 0
# Do you want kernel to add default route for IPv6 interfaces if
# there is no router on the link? Kernel default is yes.
# Kernel 2.4.0-test? or later (after ANK accepts my patch - baggins).
# net.ipv6.conf.all.autoconf_route = 0
### OTHER SETTINGS
# Adjust number of inodes and file handles available in the system.
# If you have a havily loaded system and kernel complains about
# file/inode limit reached in VFS, increase this 2x. The default
# value is 4096 (file) and 8192 (inode). The inode number should be
# always 2-3 times the file number. For most systems this should not
# be changed
# fs.file-max = 8192
# fs.inode-max = 16384
# Controls whether core dumps will append the PID to the core filename.
# Useful for debugging multi-threaded applications.
#kernel.core_uses_pid = 1
# Enable the magic-sysrq key
kernel.sysrq = 1
#
# GRSECURITY http://www.grsecurity.org
#
# WARNING!
# These values are SET ONCE!
#
#kernel.grsecurity.linking_restrictions = 1
#kernel.grsecurity.fifo_restrictions = 1
#kernel.grsecurity.destroy_unused_shm = 0
#kernel.grsecurity.chroot_caps = 0
#kernel.grsecurity.chroot_deny_chmod = 0
#kernel.grsecurity.chroot_deny_chroot = 1
#kernel.grsecurity.chroot_deny_fchdir = 0
#kernel.grsecurity.chroot_deny_mknod = 1
#kernel.grsecurity.chroot_deny_mount = 1
#kernel.grsecurity.chroot_deny_pivot = 1
#kernel.grsecurity.chroot_deny_shmat = 0
#kernel.grsecurity.chroot_deny_sysctl = 1
#kernel.grsecurity.chroot_deny_unix = 0
#kernel.grsecurity.chroot_enforce_chdir = 0
#kernel.grsecurity.chroot_execlog = 0
#kernel.grsecurity.chroot_findtask = 1
#kernel.grsecurity.chroot_restrict_nice = 0
#kernel.grsecurity.exec_logging = 0
#kernel.grsecurity.signal_logging = 1
#kernel.grsecurity.forkfail_logging = 0
#kernel.grsecurity.timechange_logging = 1
#kernel.grsecurity.audit_chdir = 0
#kernel.grsecurity.audit_gid = 65505
#kernel.grsecurity.audit_group = 0
#kernel.grsecurity.audit_ipc = 0
#kernel.grsecurity.audit_mount = 0
#kernel.grsecurity.execve_limiting = 1
#kernel.grsecurity.dmesg = 1
#kernel.grsecurity.tpe = 1
#kernel.grsecurity.tpe_gid = 65500
#kernel.grsecurity.tpe_glibc = 0
#kernel.grsecurity.tpe_restrict_all = 0
#kernel.grsecurity.rand_pids = 1
#kernel.grsecurity.socket_all = 1
#kernel.grsecurity.socket_all_gid = 65501
#kernel.grsecurity.socket_client = 1
#kernel.grsecurity.socket_client_gid = 65502
#kernel.grsecurity.socket_server = 1
#kernel.grsecurity.socket_server_gid = 65503
#kernel.grsecurity.disable_modules = 0
#kernel.grsecurity.grsec_lock = 0
# kernel.randomize_va_space = 2
# 0 - Turn the process address space randomization off by default.
# 1 - Conservative address space randomization makes the addresses of
# mmap base and VDSO page randomized. This, among other things,
# implies that shared libraries will be loaded to random addresses.
# Also for PIE binaries, the location of code start is randomized.
# 2 - This includes all the features that Conservative randomization
# provides. In addition to that, also start of the brk area is
randomized.
# There a few legacy applications out there (such as some ancient
# versions of libc.so.5 from 1996) that assume that brk area starts
# just after the end of the code+bss. These applications break when
# start of the brk area is randomized. There are however no known
# non-legacy applications that would be broken this way, so for
most
# systems it is safe to choose Full randomization.
# for mplayer
#dev.rtc.max-user-freq = 1024
[root w Router ~]# vim /etc/rc.d/rc.routing
#!/bin/bash
echo "Konfiguruje routing..."
#Dostwaca Internetu - TP DSL
DI1_INTERFEJS="eth1"
DI1_IP="83.18.6.46"
DI1_BRAMA="83.18.6.45"
DI1_NETID="83.18.6.44/30"
#Dostwaca Internetu - Telico
DI2_INTERFEJS="eth2"
DI2_IP="10.10.10.239"
DI2_BRAMA="10.10.10.1"
DI2_NETID="10.10.10.0/24"
#Siec Lokalna
SL_INTERFEJS="eth0"
SL_IP="192.168.1.1"
SL_NETID="192.168.1.0/24"
ip a a $DI1_NETID dev $DI1_INTERFEJS
ip r a default via $DI1_BRAMA
ip a a $DI2_NETID dev $DI2_INTERFEJS
ip a a $SL_NETID dev $SL_INTERFEJS
ip r f t T1
ip r f t T2
ip route add $DI1_NETID dev $DI1_INTERFEJS src $DI1_IP table T1
ip route add default via $DI1_BRAMA table T1
ip route add $DI2_NETID dev $DI2_INTERFEJS src $DI2_IP table T2
ip route add default via $DI2_BRAMA table T2
ip rule add from $DI1_IP table T1
ip rule add from $DI2_IP table T2
ip route add $SL_NETID dev $SL_INTERFEJS src $SL_IP table T1
ip route add $DI1_NETID dev $DI1_INTERFEJS table T1
ip route add 127.0.0.0/8 dev lo table T1
ip route add $SL_NETID dev $SL_INTERFEJS src $SL_IP table T2
ip route add $DI2_NETID dev $DI2_INTERFEJS table T2
ip route add 127.0.0.0/8 dev lo table T2
# Użytkownicy podpięci do ł±cza drugiego (na stałe):
#ip rule add from 192.168.1.29 table T2 # Admin
#ip rule add from 192.168.1.28 table T2 # User10
ip rule add from 192.168.1.32 table T2 # Kolega
# Użytkownicy podpięci do ł±cza drugiego (dynamicznie - w razie awarii
ł±cza skrypt failover.sh przeł±czy ich na ł±cze pierwsze):
#for ipszl in `cat /etc/szybkielacze | grep 10.100. | awk '{ print $1
}'`
#do
# ip rule add from $ipszl table T2
#done
ip route flush cache
[root w Router ~]# ping wp.pl -I eth1
PING wp.pl (212.77.100.101) from 83.18.6.46 eth1: 56(84) bytes of data.
From aug46.internetdsl.tpnet.pl (83.18.6.46) icmp_seq=1 Destination
Host Unreachable
From aug46.internetdsl.tpnet.pl (83.18.6.46) icmp_seq=2 Destination
Host Unreachable
From aug46.internetdsl.tpnet.pl (83.18.6.46) icmp_seq=3 Destination
Host Unreachable
^C
--- wp.pl ping statistics ---
6 packets transmitted, 0 received, +3 errors, 100% packet loss, time
5074ms
pipe 3
[root w Router ~]# ping wp.pl -I eth2
PING wp.pl (212.77.100.101) from 10.10.10.254 eth2: 56(84) bytes of
data.
64 bytes from www.wp.pl (212.77.100.101): icmp_req=1 ttl=245 time=21.5
ms
64 bytes from www.wp.pl (212.77.100.101): icmp_req=2 ttl=245 time=23.9
ms
64 bytes from www.wp.pl (212.77.100.101): icmp_req=3 ttl=245 time=24.5
ms
64 bytes from www.wp.pl (212.77.100.101): icmp_req=4 ttl=245 time=23.8
ms
64 bytes from www.wp.pl (212.77.100.101): icmp_req=5 ttl=245 time=22.5
ms
^C
--- wp.pl ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4005ms
rtt min/avg/max/mdev = 21.502/23.265/24.508/1.105 ms
[root w Router ~]# ip r d default via 10.10.10.1
[root w Router ~]# ip r a default via 83.18.6.45
[root w Router ~]# ip route flush cache
[root w Router ~]# ping wp.pl -I eth1
PING wp.pl (212.77.100.101) from 83.18.6.46 eth1: 56(84) bytes of data.
64 bytes from www.wp.pl (212.77.100.101): icmp_req=1 ttl=249 time=31.0
ms
64 bytes from www.wp.pl (212.77.100.101): icmp_req=2 ttl=249 time=31.0
ms
64 bytes from www.wp.pl (212.77.100.101): icmp_req=3 ttl=249 time=30.7
ms
64 bytes from www.wp.pl (212.77.100.101): icmp_req=4 ttl=249 time=30.5
ms
^C
--- wp.pl ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 30.512/30.846/31.053/0.285 ms
[root w Router ~]# ping wp.pl -I eth2
PING wp.pl (212.77.100.101) from 10.10.10.254 eth2: 56(84) bytes of
data.
From 10.10.10.254 icmp_seq=1 Destination Host Unreachable
From 10.10.10.254 icmp_seq=2 Destination Host Unreachable
From 10.10.10.254 icmp_seq=3 Destination Host Unreachable
From 10.10.10.254 icmp_seq=4 Destination Host Unreachable
From 10.10.10.254 icmp_seq=5 Destination Host Unreachable
From 10.10.10.254 icmp_seq=6 Destination Host Unreachable
^C
--- wp.pl ping statistics ---
7 packets transmitted, 0 received, +6 errors, 100% packet loss, time
7022ms
pipe 3
[root w Router ~]#
--
Pozdrowienia,
Przemysl/aw Piskozub
Więcej informacji o liście pld-users-pl