Centos 7とネットワークインターフェイス(eth0)をゲートウェイとして使用してホストを設定しようとしています。
問題は、ゲートウェイがパケットを転送して応答を受信できますが、ホストに応答を送信できないことです。
Host --> Gateway --> Destination --> Gateway -/-> Host
実際、tcpdumpでは、ゲートウェイが応答を送信していますが、ホストが応答を受け取っていないことがわかります。
tcpdumpnc -v 192.168.253.113 22
リクエスト:
マスター:
12:10:22.038563 11:11:11:11:11:11 > 22:22:22:22:22:22, ethertype IPv4 (0x0800), length 74: 10.0.0.47.21739 > 192.168.253.113.ssh: Flags [S], seq 3208534021, win 29200, options [mss 1460,sackOK,TS val 259369415 ecr 0,nop,wscale 9], length 0 12:10:23.040527 11:11:11:11:11:11 > 22:22:22:22:22:22, ethertype IPv4 (0x0800), length 74: 10.0.0.47.21739 > 192.168.253.113.ssh: Flags [S], seq 3208534021, win 29200, options [mss 1460,sackOK,TS val 259370418 ecr 0,nop,wscale 9], length 0
ゲートウェイ:
12:10:22.038972 11:11:11:11:11:11 > 22:22:22:22:22:22, ethertype IPv4 (0x0800), length 74: 10.0.0.47.21739 > 192.168.253.113.ssh: Flags [S], seq 3208534021, win 29200, options [mss 1460,sackOK,TS val 259369415 ecr 0,nop,wscale 9], length 0 12:10:22.039017 22:22:22:22:22:22 > 33:33:33:33:33:33, ethertype IPv4 (0x0800), length 74: 10.0.0.19.21739 > 192.168.253.113.ssh: Flags [S], seq 3208534021, win 29200, options [mss 1460,sackOK,TS val 259369415 ecr 0,nop,wscale 9], length 0 12:10:22.140408 33:33:33:33:33:33 > 22:22:22:22:22:22, ethertype IPv4 (0x0800), length 74: 192.168.253.113.ssh > 10.0.0.19.21739: Flags [S.], seq 2142167154, ack 3208534022, win 28480, options [mss 1436,sackOK,TS val 2418584010 ecr 259369415,nop,wscale 10], length 0 12:10:22.140427 22:22:22:22:22:22 > 11:11:11:11:11:11, ethertype IPv4 (0x0800), length 74: 192.168.253.113.ssh > 10.0.0.47.21739: Flags [S.], seq 2142167154, ack 3208534022, win 28480, options [mss 1436,sackOK,TS val 2418584010 ecr 259369415,nop,wscale 10], length 0 12:10:23.040940 11:11:11:11:11:11 > 22:22:22:22:22:22, ethertype IPv4 (0x0800), length 74: 10.0.0.47.21739 > 192.168.253.113.ssh: Flags [S], seq 3208534021, win 29200, options [mss 1460,sackOK,TS val 259370418 ecr 0,nop,wscale 9], length 0 12:10:23.040958 22:22:22:22:22:22 > 33:33:33:33:33:33, ethertype IPv4 (0x0800), length 74: 10.0.0.19.21739 > 192.168.253.113.ssh: Flags [S], seq 3208534021, win 29200, options [mss 1460,sackOK,TS val 259370418 ecr 0,nop,wscale 9], length 0 12:10:23.141986 33:33:33:33:33:33 > 22:22:22:22:22:22, ethertype IPv4 (0x0800), length 74: 192.168.253.113.ssh > 10.0.0.19.21739: Flags [S.], seq 2142167154, ack 3208534022, win 28480, options [mss 1436,sackOK,TS val 2418584260 ecr 259369415,nop,wscale 10], length 0 12:10:23.141998 22:22:22:22:22:22 > 11:11:11:11:11:11, ethertype IPv4 (0x0800), length 74: 192.168.253.113.ssh > 10.0.0.47.21739: Flags [S.], seq 2142167154, ack 3208534022, win 28480, options [mss 1436,sackOK,TS val 2418584260 ecr 259369415,nop,wscale 10], length 0
ゲートウェイをターゲット()として使用してnc -v 10.0.0.19 22
同じ要求を試すと、すべてがうまく機能します。
マスター:
12:16:46.222903 11:11:11:11:11:11 > 22:22:22:22:22:22, ethertype IPv4 (0x0800), length 74: 10.0.0.47.46354 > 10.0.0.19.ssh: Flags [S], seq 725877336, win 29200, options [mss 1460,sackOK,TS val 259753600 ecr 0,nop,wscale 9], length 0 12:16:46.224050 22:22:22:22:22:22 > 11:11:11:11:11:11, ethertype IPv4 (0x0800), length 74: 10.0.0.19.ssh > 10.0.0.47.46354: Flags [S.], seq 3167329297, ack 725877337, win 28960, options [mss 1460,sackOK,TS val 96976164 ecr 259753600,nop,wscale 9], length 0 12:16:46.224104 11:11:11:11:11:11 > 22:22:22:22:22:22, ethertype IPv4 (0x0800), length 66: 10.0.0.47.46354 > 10.0.0.19.ssh: Flags [.], ack 1, win 58, options [nop,nop,TS val 259753601 ecr 96976164], length 0 12:16:46.232678 22:22:22:22:22:22 > 11:11:11:11:11:11, ethertype IPv4 (0x0800), length 87: 10.0.0.19.ssh > 10.0.0.47.46354: Flags [P.], seq 1:22, ack 1, win 57, options [nop,nop,TS val 96976173 ecr 259753601], length 21 12:16:46.232731 11:11:11:11:11:11 > 22:22:22:22:22:22, ethertype IPv4 (0x0800), length 66: 10.0.0.47.46354 > 10.0.0.19.ssh: Flags [.], ack 22, win 58, options [nop,nop,TS val 259753610 ecr 96976173], length 0 12:16:49.692764 11:11:11:11:11:11 > 22:22:22:22:22:22, ethertype IPv4 (0x0800), length 66: 10.0.0.47.46354 > 10.0.0.19.ssh: Flags [F.], seq 1, ack 22, win 58, options [nop,nop,TS val 259757070 ecr 96976173], length 0 12:16:49.693905 22:22:22:22:22:22 > 11:11:11:11:11:11, ethertype IPv4 (0x0800), length 66: 10.0.0.19.ssh > 10.0.0.47.46354: Flags [F.], seq 22, ack 2, win 57, options [nop,nop,TS val 96979634 ecr 259757070], length 0 12:16:49.693938 11:11:11:11:11:11 > 22:22:22:22:22:22, ethertype IPv4 (0x0800), length 66: 10.0.0.47.46354 > 10.0.0.19.ssh: Flags [.], ack 23, win 58, options [nop,nop,TS val 259757071 ecr 96979634], length 0
ゲートウェイ:
12:16:46.223731 11:11:11:11:11:11 > 22:22:22:22:22:22, ethertype IPv4 (0x0800), length 74: 10.0.0.47.46354 > 10.0.0.19.ssh: Flags [S], seq 725877336, win 29200, options [mss 1460,sackOK,TS val 259753600 ecr 0,nop,wscale 9], length 0 12:16:46.223793 22:22:22:22:22:22 > 11:11:11:11:11:11, ethertype IPv4 (0x0800), length 74: 10.0.0.19.ssh > 10.0.0.47.46354: Flags [S.], seq 3167329297, ack 725877337, win 28960, options [mss 1460,sackOK,TS val 96976164 ecr 259753600,nop,wscale 9], length 0 12:16:46.224401 11:11:11:11:11:11 > 22:22:22:22:22:22, ethertype IPv4 (0x0800), length 66: 10.0.0.47.46354 > 10.0.0.19.ssh: Flags [.], ack 1, win 58, options [nop,nop,TS val 259753601 ecr 96976164], length 0 12:16:46.232728 22:22:22:22:22:22 > 11:11:11:11:11:11, ethertype IPv4 (0x0800), length 87: 10.0.0.19.ssh > 10.0.0.47.46354: Flags [P.], seq 1:22, ack 1, win 57, options [nop,nop,TS val 96976173 ecr 259753601], length 21 12:16:46.233033 11:11:11:11:11:11 > 22:22:22:22:22:22, ethertype IPv4 (0x0800), length 66: 10.0.0.47.46354 > 10.0.0.19.ssh: Flags [.], ack 22, win 58, options [nop,nop,TS val 259753610 ecr 96976173], length 0 12:16:49.693106 11:11:11:11:11:11 > 22:22:22:22:22:22, ethertype IPv4 (0x0800), length 66: 10.0.0.47.46354 > 10.0.0.19.ssh: Flags [F.], seq 1, ack 22, win 58, options [nop,nop,TS val 259757070 ecr 96976173], length 0 12:16:49.693928 22:22:22:22:22:22 > 11:11:11:11:11:11, ethertype IPv4 (0x0800), length 66: 10.0.0.19.ssh > 10.0.0.47.46354: Flags [F.], seq 22, ack 2, win 57, options [nop,nop,TS val 96979634 ecr 259757070], length 0 12:16:49.694218 11:11:11:11:11:11 > 22:22:22:22:22:22, ethertype IPv4 (0x0800), length 66: 10.0.0.47.46354 > 10.0.0.19.ssh: Flags [.], ack 23, win 58, options [nop,nop,TS val 259757071 ecr 96979634], length 0
ゲートウェイからホストまで同じことを行うこともできます。
何が間違っているのかわかりません。私のゲートウェイの設定は次のとおりです。
路線:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.0.0.1 0.0.0.0 UG 100 0 0 eth0
10.0.0.0 0.0.0.0 255.255.255.0 U 100 0 0 eth0
ゲートウェイのIPtables(を使用して保存iptables-save
):
*filter
:INPUT ACCEPT [46:4191]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [38:11217]
-A FORWARD -i eth0 -j ACCEPT
COMMIT
*nat
:PREROUTING ACCEPT [19:1044]
:INPUT ACCEPT [13:684]
:OUTPUT ACCEPT [10:1312]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
私がしたことは次のとおりです。
echo 1 > /proc/sys/net/ipv4/ip_forward
echo FORWARD_IPV4=true >> /etc/sysconfig/network
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
iptables -A FORWARD -i eth0 -j ACCEPT
答え1
リモートホストへの特定のパスを設定するのを見ることはできません。
ホストがリモートホストに到達できるようにするには(別のネットワークにあると仮定)、そのホストに到達するためのパスが必要です。リモートホスト自体はホストに戻る方法を知る必要があります。これには、ローカルホストを持つネットワークに戻るパスが必要です。
リモートホストが10.0.5.0/24と同じネットワーク上にある場合、リモートゲートウェイは10.0.5.1にあります。ローカルゲートウェイは10.0.3.1、ローカルネットワークは10.0.3.0/24です。 localhostに固定パスを追加します。
ip route add 10.0.5.0/24 via 10.0.3.1
そして、リモートホストに別の静的パスを追加します。
ip route add 10.0.3.0/24 via 10.0.5.1
これがあなたと同様の状況で私のネットワークを構成する方法です。