HighWayToHell - Tag - rp_filter
花园里, 篱笆下
2023-08-13T10:38:15+08:00
Druggo
urn:md5:79dfcacdbfd6434dfc57423d51240051
Dotclear
多网卡多IP策略路由配置
urn:md5:bba651b0685225a615dcc9236b2690b2
2015-10-03T15:35:00+08:00
2015-10-03T16:02:23+08:00
Druggo
计算机
fwmarkiptableslinuxrp_filter
<p>默认外网eth1, 默认路由不用改, 为了正确路由到内网eth0:</p>
<p>新增外网 eth2, NewIP 配置路由:</p>
<pre>
ip route add default via NewGW dev eth2 src NewIP table 200
ip rule add from NewIP table 200
ip rule add fwmark 0x200 table 200
</pre>
<p>配置iptables mangle 表: ( eth0 : LAN )</p>
<pre>
-A PREROUTING -i eth0 -m conntrack --ctstate RELATED,ESTABLISHED -j CONNMARK --restore-mark
-A PREROUTING -i eth2 -m conntrack --ctstate NEW -j CONNMARK --set-mark 0x200
</pre>
<p>配置rp_filter:</p>
<pre>
net.ipv4.conf.all.rp_filter = 2
net.ipv4.conf.eth2.rp_filter = 2
</pre>
http://blog.druggo.org/post/2015/10/03/%E5%A4%9A%E7%BD%91%E5%8D%A1%E5%A4%9AIP%E7%AD%96%E7%95%A5%E8%B7%AF%E7%94%B1%E9%85%8D%E7%BD%AE#comment-form
http://blog.druggo.org/feed/atom/comments/259