Linux-高级路由-IP
rpm -qf `which ip`
]# ip
Usage: ip [ OPTIONS ] OBJECT { COMMAND | help }
ip [ -force ] [-batch filename
where OBJECT := { link | addr | addrlabel | route | rule | neigh | ntable | tunnel |
maddr | mroute | monitor | xfrm }
OPTIONS := { -V[ersion] | -s(统计)[tatistics] | -r[esolve] |
-f[amily] { inet | inet6 | ipx | dnet | link } |
-o[neline] | -t[imestamp] }
ip link help
查看数据链路层
LAN局域网
WAN广域网
ip link show
查看数据链路层的信息,显示MAC地址和激活状态
]# ip link show eth0
2: eth0: <BROADCAST,MULTICAST,UP(激活状态),LOWER_UP> mtu 1500 qdisc(网卡队列规则) pfifo_fast qlen 1000
link/ether 00:23:54:6a:0f:d9 brd ff:ff:ff:ff:ff:ff
禁用或者激活网卡
]# ip link set eth0 up
]# ip link set eth0 down
]# ifconfig eth0 down
]# ip link set dev eth0 down
]# ip link show dev eth0
2: eth0: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:e0:4c:43:d7:ec(mask地址) brd ff:ff:ff:ff:ff:ff
查看网络层的信息,显示和设置IP地址,显示和设置路由
[root@www ftp]# ip addr show dev lo
[root@www ftp]# ip addr show dev eth0
添加删除IP
[root@www ftp]# ip addr add 192.168.1.253/24 dev eth0
[root@www ftp]# ip addr show dev eth0
[root@www ftp]# ip addr del 192.168.1.253/24 dev eth0
----------------
添加删除路由
[root@www ftp]# ip addr add 192.168.2.253 dev eth0
[root@www ftp]# ip addr del 192.168.2.253/32 dev eth0
[root@www ftp]# ip route add 192.168.3.0/24 dev eth0
[root@www ftp]# ip route del 192.168.3.0/24 dev eth0
添加删除默认路由
[root@www ftp]# ip route del default
[root@www ftp]# ip route add default via 192.168.0.1 dev eth0
---------------
给网卡重命名
]# ip link set dev eth1 down
]# ip link set dev eth1 name wan
]# ip link set dev wan up
]# ip link set dev eth0 down
]# ip link set dev eth0 name lan
]# ip link set dev lan up
++++++++++++++++
ip addr 查看网络层显示ip地址
ip addr show
ip addr show dev lo
ip addr show dev eth0
------------
查看网卡的IP地址
[root@GW1 /]# ip addr show dev eth0
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:e0:4c:43:d7:ec brd ff:ff:ff:ff:ff:ff
inet 192.168.1.2/24 brd 192.168.1.255 scope global eth0
inet6 fe80::2e0:4cff:fe43:d7ec/64 scope link
valid_lft forever preferred_lft forever
---------------
添加IP
注意指定掩码长度!!!
]# ip addr add 192.168.2.1 dev eth0
]# ip addr show dev eth0
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:e0:4c:43:d7:ec brd ff:ff:ff:ff:ff:ff
inet 192.168.1.2/24 brd 192.168.1.255 scope global eth0
inet 192.168.2.1/32 scope global eth0
inet6 fe80::2e0:4cff:fe43:d7ec/64 scope link
valid_lft forever preferred_lft forever
]# ip addr add 192.168.4.1/24 dev eth0
]# ip addr show dev eth0
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast qlen 1000
link/ether 00:e0:4c:43:d7:ec brd ff:ff:ff:ff:ff:ff
inet 192.168.1.2/24 brd 192.168.1.255 scope global eth0
inet 192.168.3.1/32 scope global eth0
inet 192.168.4.1/24 scope global eth0
inet6 fe80::2e0:4cff:fe43:d7ec/64 scope link
valid_lft forever preferred_lft forever
----------------
删除IP
]# ip addr del 192.168.3.1/32 dev eth0
]# ip addr del 192.168.4.1/24 dev eth0
汇总
]# ip addr add 192.168.4.1/24 dev eth0
]# ip addr del 192.168.4.1/24 dev eth0
]# ip addr add 192.168.3.1 dev eth0
]# ip addr del 192.168.3.1/32 dev eth0
]# ip addr show dev eth0
ip neigh show 查看ARP缓存表 <=> arp -n
]# ip neigh show
192.168.1.168 dev eth0 lladdr 20:6a:8a:0f:8f:38 REACHABLE
192.168.1.220 dev eth0 lladdr 00:e0:4c:af:00:b0 REACHABLE
192.168.1.206 dev eth0 lladdr 00:1c:23:59:37:dd REACHABLE
192.168.1.31 dev eth1 lladdr 00:b0:c4:01:29:94 STALE
192.168.1.233 dev eth0 lladdr c8:bc:c8:8d:da:d1 REACHABLE
192.168.1.31 dev eth0 lladdr 00:b0:c4:01:29:94 STALE
192.168.1.36 dev eth0 lladdr 00:e0:4c:cf:01:a7 STALE
ip route show 查看路由表信息
]# ip addr add 192.168.5.1/24 dev eth0
]# ip route show
192.168.5.0/24 dev eth0 proto kernel scope link src 192.168.5.1
192.168.2.0/24 dev eth1 proto kernel scope link src 192.168.2.1
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.2
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.123
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.12
169.254.0.0/16(微软规则的) dev eth0 scope link
default via(网关) 192.168.0.253 dev eth0
添加IP不需要添加路由的情况 只要不添加子网掩码就可以了
ip route add 192.168.10.0 dev eth0
ip route add
ip route help
添加删除路由
]# man ip
]# ip route add 192.168.10.0/24 dev eth0
]# ip route show
192.168.5.0/24 dev eth0 proto kernel scope link src 192.168.5.1
192.168.2.0/24 dev eth1 proto kernel scope link src 192.168.2.1
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.2
192.168.10.0/24 dev eth0 scope link
]# ip route del 192.168.10.0/24 dev eth0
]# ip route show
192.168.5.0/24 dev eth0 proto kernel scope link src 192.168.5.1
192.168.2.0/24 dev eth1 proto kernel scope link src 192.168.2.1
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.2
ip rule show 策略路由
]# ip route add default via 192.168.1.254 dev eth0
]# route add default gw 192.168.1.254 dev eth0
]# ip route show
192.168.5.0/24 dev eth0 proto kernel scope link src 192.168.5.1
192.168.2.0/24 dev eth1 proto kernel scope link src 192.168.2.1
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.2
default via 192.168.1.254 dev eth0
-----ip工具可以实现隧道功能--------
默认LINUX内核支持两种隧道
ipip
gre
均以内核功能模块的形式支持
[root@ULA 2.6.18-194.el5-i686]# modinfo -F filename ip_gre
/lib/modules/2.6.18-194.el5/kernel/net/ipv4/ip_gre.ko
[root@ULA 2.6.18-194.el5-i686]# modinfo -F filename ipip
/lib/modules/2.6.18-194.el5/kernel/net/ipv4/ipip.ko
配置IPIP隧道
ipip隧道
192.168.0.0/24
|
A 192.168.0.253
202.102.0.1
|
Internet
|
202.102.0.2
B 192.168.1.253
192.168.1.0/24
1、两子网无法直接通信
2、两GW可以直接通信
3、底层IP层,上端仍然IP数据包头。
CLIENT aa: 192.168.0.11
route del default
route add default gw 192.168.0.253
Client bb: 192.168.1.11
route del default
route add default gw 192.168.1.253
封装配置,只有在联系对方网络的时候才封装,如果要上sina网什么的,应
•
该正常NAT上网。那如何区分正常上网的和目标网络为对方网络的呢?在主
机上配置一个隧道网卡,进这个网卡接口(tun1)的数据就封装,否则就不
封装。怎么把访问对方网络的数据送到这个网卡接口呢? route –n 定义去往
哪个网络的数据包走哪个接口(dev interface)
A 上的配置
1、ip 地址配置好
eth0 192.168.0.253/24
eth202.102.0.0/24
2、ip_forward功能打开
[root@07:03:23 ~]# echo 1 > /proc/sys/net/ipv4/ip_forward
1、echo 1 > /proc/sys/net/ipv4/ip_forward
3、配置ipip隧道
]#ip tunnel help
]#modprobe ipip
]#ip tunnel add tun0 mode ipip remote 202.102.0.2 local 202.102.0.1
]# ip addr add dev tun0 0.0.0.0/0 //网卡必须要有个地址添加一个空地址上去!
]# ip link set dev tun0 up
]#ip route add 192.168.1.0/24 dev tun0
]#ip route show 再查看一下路由,确认有以下三条路由:
192.168.0.0/24
202.102.0.0/24
192.168.1.0/24
--------------------
B 上的配置
1、ip 地址配置好
eth0 192.168.1.253/24
eth1 1.1.1.2/24
2、ip_forward功能打开
]# echo 1 > /proc/sys/net/ipv4/ip_forward
3、配置ipip隧道
]#ip tunnel help
]#modprobe ipip
]#ip tunnel add tun0 mode ipip remote 202.102.0.1 local 202.102.0.2
]#ip addr add dev tun0 0.0.0.0/0 网卡必须要有个地址添加一个空地址上去!
]#ip link set dev tun0 up
]#ip route add 192.168.0.0/24 dev tun0
]#ip route show 再查看一下路由,确认有以下三条路由:
192.168.0.0/24
202.102.0.0/24
192.168.1.0/24
A_CLIENT
1、ip地址配置好 192.168.0.3
2、网关指向192.168.0.253
B_CLIENT
1、ip地址配置好 192.168.1.3
2、网关指向192.168.1.253
gre隧道 思科
ssl 加密
ipsec 基于IP加密
modprobe ipip
ip tunnel add 隧道名字(tun0)类型(mode ipip) 远程地址( remote 1.1.1.2) 本地地址(local 1.1.1.1)
ip link set tun1 up
lsmod|grep ipip
ipip和gre是不加密的隧道
加密的隧道
ipsec:linux 在 nuix系统的比较多 网络到网络 openswan
ssl:简单易用 点到网络 openVPN
如果出错,rm -rf /etc/sysconfig/networking/*
reboot
浙公网安备 33010602011771号