routing-tables

發表於   |   分類於   |     |   閱讀次數   |  

發現rootfs裡面有個檔案 /etc/iptable2/rt_tables
了解一下

更新記錄

item note
20160804 第一版

目錄

Routing Tables

  • Linux kernel 2.2 and 2.4 support multiple routing tables
  • Beyond the two commonly used routing tables
    • the local and main routing tables
    • the kernel supports up to 252 additional routing tables
  • kernel config 可以設定是否開啟支援ip multiple table
    目前預設都是打開 CONFIG_IP_MULTIPLE_TABLES
  • ip table優先順序寫在/etc/iptabe2/rt_tables裡面 (數字越小的最先比較判斷,即0為最高優先table)
  • 即使沒有/etc/iptable2/rt_tables檔案,系統裡面還有預設(local及main的table)

IP Routing

1
2
3
4
5
6
7
8
9
10
11
12
$ cat /etc/iproute2/rt_tables 
#
# reserved values
#
255     local   ->  <1>
254     main   -> <2>
253     default
0       unspec
#
# local
#
#1      inr.ruhep
  • <1> The local table is a special routing table maintained by the kernel
  • <2> The main routing table is the table operated upon by route and, when not otherwise specified, by ip route

板端實際狀態

只有eth0介面

  • netstat -rn (同route -n)
1
2
3
4
gk350a :[~]# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
  • rule tabe

目前有 local > main > default (3個table)

1
2
3
4
gk350a :[~]# ip rule show
0:      from all lookup local 
32766:  from all lookup main 
32767:  from all lookup default

default table 內容為空的

1
2
3
4
5
6
7
8
9
10
11
12
13
14
gk350a :[~]# ip route show table local
broadcast 127.0.0.0 dev lo  src 127.0.0.1 
local 127.0.0.0/8 dev lo  src 127.0.0.1 
local 127.0.0.1 dev lo  src 127.0.0.1 
broadcast 127.255.255.255 dev lo  src 127.0.0.1 
broadcast 192.168.0.0 dev eth0  src 192.168.0.130 
local 192.168.0.130 dev eth0  src 192.168.0.130 
broadcast 192.168.0.255 dev eth0  src 192.168.0.130 

gk350a :[~]# ip route show table main 
192.168.0.0/24 dev eth0  src 192.168.0.130 

gk350a :[~]# ip route show table default
gk350a :[~]#

只有eth0& ppp2 介面

  • netstat -rn
1
2
3
4
5
6
gk350a :[~]# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         0.0.0.0         0.0.0.0         U         0 0          0 ppp2
168.95.98.254   0.0.0.0         255.255.255.255 UH        0 0          0 ppp2
192.168.0.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
  • rule tabe
1
2
3
4
gk350a :[~]# ip rule show
0:      from all lookup local 
32766:  from all lookup main 
32767:  from all lookup default
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
gk350a :[~]# ip route show table local
local 1.165.95.2 dev ppp2  src 1.165.95.2 
broadcast 127.0.0.0 dev lo  src 127.0.0.1 
local 127.0.0.0/8 dev lo  src 127.0.0.1 
local 127.0.0.1 dev lo  src 127.0.0.1 
broadcast 127.255.255.255 dev lo  src 127.0.0.1 
broadcast 192.168.0.0 dev eth0  src 192.168.0.130 
local 192.168.0.130 dev eth0  src 192.168.0.130 
broadcast 192.168.0.255 dev eth0  src 192.168.0.130 

gk350a :[~]# ip route show table main
default dev ppp2 
168.95.98.254 dev ppp2  src 1.165.95.2 
192.168.0.0/24 dev eth0  src 192.168.0.130 

gk350a :[~]# ip route show table default
gk350a :[~]#

ip command

1
2
3
4
5
6
7
8
gk350a :[~]# ip
BusyBox v1.16.1 (2016-02-19 09:03:37 UTC) multi-call binary.

Usage: ip [OPTIONS] {address | route | link | tunnel | rule} {COMMAND}

ip [OPTIONS] OBJECT {COMMAND}
where OBJECT := {address | route | link | tunnel | rule}
OPTIONS := { -f[amily] { inet | inet6 | link } | -o[neline] }

ip rule show 查看目前有多少table表

  • 目前有local > pppoe > main > default (共4個table)
1
2
3
4
5
gk350a :[~]# ip rule show
0:      from all lookup local 
 2765:  from 192.168.0.120 lookup pppoe
32766:  from all lookup main 
32767:  from all lookup default

ip route show xx (查看table內容)

  • ip route show (預設是man table)
1
2
3
4
5
6
7
8
9
gk350a :[~]# ip route show 
default dev ppp2 
168.95.98.254 dev ppp2  src 111.246.132.72 
192.168.0.0/24 dev eth0  src 192.168.0.130 

gk350a :[~]# ip route show table main
default dev ppp2 
168.95.98.254 dev ppp2  src 111.246.132.72 
192.168.0.0/24 dev eth0  src 192.168.0.130
  • ip route show table local
1
2
3
4
5
6
7
8
9
10
11
12
13
gk350a :[~]# ip route show table local
local 111.246.132.72 dev ppp2  src 111.246.132.72 
broadcast 127.0.0.0 dev lo  src 127.0.0.1 
local 127.0.0.0/8 dev lo  src 127.0.0.1 
local 127.0.0.1 dev lo  src 127.0.0.1 
broadcast 127.255.255.255 dev lo  src 127.0.0.1 
broadcast 192.168.0.0 dev eth0  src 192.168.0.130 
local 192.168.0.130 dev eth0  src 192.168.0.130 
broadcast 192.168.0.255 dev eth0  src 192.168.0.130 
gk350a :[~]# ip route show table pppoe
ip: invalid argument 'pppoe' to 'table'
gk350a :[~]# ip route show table ppp2 
ip: invalid argument 'ppp2' to 'table

Listing the Routing Policy Database (RPDB)

1
2
3
4
5
gk350a :[~]# ip rule show
0:      from all lookup local 
 2765:  from 192.168.0.120 lookup pppoe
32766:  from all lookup main 
32767:  from all lookup default

Other

Promiscuous mode

當你查看ifconfig設定值都正確,但網路封包就是出的去進不來,
此時可以開啟(Promiscuous mode),測試若就進的來,表示你的routing table有問題

  • Following will put the interface in promiscuous mode.
1
ifconfig eth0 promisc
  • Following will put the interface in normal mode.
1
ifconfig eth0 -promisc

kernel config

  • IP: policy routing
    決定是否開啟
1
2
3
4
5
6
7
8
9
10
11
[*] TCP/IP networking
[*]   IP: multicasting
[*]   IP: advanced router
[ ]     FIB TRIE statistics
[*]     IP: policy routing    -> IP_MULTIPLE_TABLES [=y]
[*]     IP: equal cost multipath
[*]     IP: verbose route monitoring
[*]   IP: kernel level autoconfiguration
[ ]     IP: DHCP support
[ ]     IP: BOOTP support 
[ ]     IP: RARP support
1
2
3
4
5
6
CONFIG_IP_MULTIPLE_TABLES:
Normally, a router decides what to do with a received packet based
solely on the packet's final destination address. If you say Y here,
the Linux router will also be able to take the packet's source
address into account. Furthermore, the TOS (Type-Of-Service) field
of the packet can be used for routing decisions as well.
1
2
3
4
5
6
7
8
9
10
4.1. Listing rules.

The command to list the rules table is "ip rule list", more often
abbreviate as "ip ru ls".

Look at its output:

0:      from all lookup local
32766:  from all lookup main
32767:  from all lookup default

rt_tables實際例子

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# ifconfig -a
eth0      Link encap:Ethernet  HWaddr 00:50:56:8E:0B:EC
          inet addr:19.86.101.54  Bcast:19.86.101.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:3735 errors:0 dropped:0 overruns:0 frame:0
          TX packets:336 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:295679 (288.7 Kb)  TX bytes:50312 (49.1 Kb)

eth1      Link encap:Ethernet  HWaddr 00:50:56:8E:27:0D
          inet addr:19.86.100.176  Bcast:19.86.100.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:14 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:840 (840.0 b)  TX bytes:0 (0.0 b)
1
2
3
4
5
6
7
8
# netstat -rn
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         19.86.101.1     0.0.0.0         UG        0 0          0 eth0
19.86.100.0     0.0.0.0         255.255.255.0   U         0 0          0 eth1
19.86.101.0     0.0.0.0         255.255.255.0   U         0 0          0 eth0
127.0.0.0       0.0.0.0         255.0.0.0       U         0 0          0 lo
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 eth0

問題:無法由外部ping到19.86.100.176

  • When you ping the IP address 19.86.100.176 from outside your network you may notice that it will not be pingable.

  • In order to implement this, you need a create a new policy in the routing table

  • create a new policy routing table entry in /etc/iproute2/rt_tables file

1
echo "1 admin" >> /etc/iproute2/rt_tables
  • add the routing entries in the admin table
1
2
ip route add 19.86.100.0/24 dev eth1 src 19.86.100.176 table admin
ip route add default via 19.86.100.1 dev eth1 table admin
  • All the rules are executed in the ascending order.
1
2
3
<1> ip rule add from 19.86.100.176/24 table admin
<2> ip rule add to 19.86.100.176/24 table admin
<3> ip route flush cache

  • 說明

    • <1> all the traffic going to eth1’s IP needs to use the “admin” routing table instead of “main”
    • <2> all the outgoing traffic from eth1’s IP needs to use the “admin” routing table instead of “main” one.
    • <3> used to commit all these changes in the previous commands

  • verify that your changes are made appropriately using the following command

# ip rule show
0:      from all lookup local
32764:  from all to 19.86.100.176/24 lookup admin
32765:  from 19.86.100.176/24 lookup admin
32766:  from all lookup main
32767:  from all lookup default

參考來源