linux策略路由:Linux环境下基于策略的路由来源: 发布时间:星期四, 2009年2月12日 浏览:59次 评论:0
原文作者:Matthew G. Marsh 摘要 本文以大量例子为基础介绍了基于Linux2.2 ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() 目前在计算机网络中使用 ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() 在Linux中 ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() Linux ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() 当选择器和 ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() 对于Linux2.1/2.2 ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() root@netmonster ip rule list 0: from all lookup local 32766: from all lookup ![]() 32767: from all lookup default 下面 ![]() ![]() ![]() 首先是最高级别 ![]() ![]() 规则0: 优先级 0 选择器 = 匹配任何数据报 动作=察看本地路由表(routing table local) ![]() ![]() local表是保留路由表 ![]() ![]() ![]() ![]() ![]() ![]() 规则 32766: 优先级 32766 选择器 = 匹配所有数据报 动作 = 察看主路由表(routing table ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() 规则 32767: 优先级 32767 选择器 = 匹配所有数据报 动作 = 察看默认路由表(routing table default) ![]() ![]() default路由表是空 ![]() ![]() ![]() ![]() ![]() ![]() ![]() 不要将路由表和规则混淆 ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() 前面提到 ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() unicast -- 在该规则指向 ![]() ![]() ![]() ![]() ![]() ![]() ![]() blackhole -- 规则动作将仅仅直接丢弃该数据报 ![]() unreachable -- 规则动作产生 ![]() ![]() ![]() ![]() ![]() ![]() ![]() prohibit -- 规则动作产生 ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() 其他类型 ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() 在解释举例以前 ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() 首先 ![]() root@netmonster# ip addr help Usage: ip addr {add|del} IFADDR dev STRING ip addr {show|flush} [ dev STRING ] [ scope SCOPE-ID ] [ to PREFIX ] [ FLAG-LIST ] [ label PATTERN ] IFADDR := PREFIX | ADDR peer PREFIX [ broadcast ADDR ] [ anycast ADDR ] [ label STRING ] [ scope SCOPE-ID ] SCOPE-ID := [ host | link | global | NUMBER ] FLAG-LIST := [ FLAG-LIST ] FLAG FLAG := [ permanent | dynamic | secondary | primary | tentative | deprecated ] Example - ip addr add 192.168.1.1/24 dev eth0 该命令将添加IP地址192.168.2.2/24到eth0网卡上. 下面看看ip route命令: root@netmonster# ip route help Usage: ip route { list | flush } SELECTOR ip route get ADDRESS [ from ADDRESS i ![]() [ o ![]() ip route { add | del | replace | change | append | replace | monitor} ROUTE SELECTOR := [ root PREFIX ] [ match PREFIX ] [ exact PREFIX ] [ table TABLE_ID ] [ proto RTPROTO ] [ type TYPE ] [ scope SCOPE ] ROUTE := NODE_SPEC [ INFO_SPEC ] NODE_SPEC := [ TYPE ] PREFIX [ tos TOS ] [ table TABLE_ID ] [ proto RTPROTO ] [ scope SCOPE ] [ metric METRIC ] INFO_SPEC := NH OPTIONS FLAGS [ nexthop NH ]... NH := [ via ADDRESS ] [ dev STRING ] [ weight NUMBER ] NHFLAGS OPTIONS := FLAGS [ mtu NUMBER ] [ advmss NUMBER ] [ rtt NUMBER ] [ rttvar NUMBER ] [ window NUMBER] [ cwnd NUMBER ] [ ssthresh REALM ] [ realms REALM ] TYPE := [ unicast | local | broadcast | multicast | throw | unreachable | prohibit | blackhole | nat ] TABLE_ID := [ local | ![]() SCOPE := [ host | link | global | NUMBER ] FLAGS := [ equalize ] NHFLAGS := [ _disibledevent=> Example - ip route add 192.168.2.0/24 via 192.168.1.254 该举例将添加 ![]() ![]() ![]() 最后 ![]() root@netmonster# ip rule help Usage: ip rule [ list | add | del ] SELECTOR ACTION SELECTOR := [ from PREFIX ] [ to PREFIX ] [ tos TOS ] [ fwmark FWMARK ] [ dev STRING ] [ pref NUMBER ] ACTION := [ table TABLE_ID ] [ nat ADDRESS ] [ prohibit | reject | unreachable ] [ realms [SRCREALM/]DSTREALM ] TABLE_ID := [ local | ![]() Example - ip rule add from 192.168.2.0/24 prio 32777 reject 该命令将丢弃源地址属于192.168.2.0/24网络 ![]() ![]() 在讨论了命令语法以后 ![]() ![]() ![]() ![]() 例 1:拒绝访问Internet 假设有 ![]() ![]() ![]() ![]() ![]() ![]() ![]() ![]() 0
相关文章读者评论发表评论 |