ip rule PBR

Others 2020-03-27 12:16:16 views: null

1. Installation Tools

yum install iproute

Check tool is installed

ip -V

2. ip rule 和 ip route

ip route command and policies related to the rule and there OBJECT route.

See all rule

ip rule show
Priority determination condition operation table ID 
0 :     from All Lookup // local packet address any source, all queries, local table 
 32766 :     from All Lookup main 
 32767 :     from All Lookup default 
  local: the machine comprising a local routing table and broadcasting the routing information. 
For example, executed on the machine SSH 127.0 . 0 .1, they will refer to the content of this routing table, 
under normal circumstances, as long as the network configuration set up card, 
automatically generate content local routing table, we should do not modify its contents. 
  main: the use of traditional command route - the n-routing table saw is the main content. 
Linux systems use default contents of this routing table to transmit data packets, 
therefore, its content is extremely important, under normal circumstances, as long as the configuration of the network card is set up, 
it will automatically generate content main routing table. 
  default : Finally default routing table, the contents of the routing table is empty by default; 
unless there are special requirements, or to keep its content is blank.

View route

ip route show table main // display the main route table
default Via 172.17 . 0.1 dev eth0 // other packages, 172.17.0.1 host sent by the device eth0
 169.254 . 0.0 / 16 dev eth0 scope Link Metric 1002     // destination address of the packet network of 169.254.0.0/16, use eth0 device issues
 172.17 . 0.0 / 20 is dev eth0 scope Link the src proto Kernel 172.17 . 0.12     // destination address of 172.17.0.0/20 network packets, issuing through eth0. IP address of the source interface issue is 172.17.0.12

A package, the first view the policy rule, find the routing table according to priority determination condition and, then in accordance with routing rule table obtained next hop IP address, and an output interface, and the ARP table to obtain the destination MAC address and source MAC address, Employer

 

3. rule to add and delete

Add Rule 3.1

                 Priority determination condition table ID 
IP rule the Add     from  192.168 . 3.1      Table 10 PRIO 199 // add a rule source address 192.168.3.1 packet, Table 10

 If you do not add display priority, the default priority number in descending order from 32766 (ie main table), namely increasingly high priority.

Other add example

rule to the Add IP 168.95 . 1.1 Table 10  // destination address is 168.95.1.1 using 10 Table 
IP rule dev eth2 the Add Table . 1   // dev eth2 input data using. 1 Table 
IP rule the Add Table eth3 dev . 3   // dev input eth3 data using table 3

fwmark and iptables

the mangle -A the FORWARD -i -t iptables -p TCP eth3 --dport 80 -j MARK - SET -mark . 1 // eth3 the HTTP protocol data input, labeled. 1 Mark 
iptables -t eth3 the mangle -A the FORWARD -i - TCP --dport P 25 -j mARK - SET -mark 2   the SMTP protocol data // eth3 input, labeled 2 mark 
iptables -t eth3 the mangle -A the FORWARD -i -p TCP --dport 110 -j mARK - SET -mark 2   the POP protocol data // eth3 input, labeled 2 mark 
iptables -t eth3 the mangle -A the FORWARD -i -j mARK - SET -mark . 3                     other data // eth3 input labeled. 3 mark 
IP rule fwmark the Add 1Table 1    // fwmark data of 1 using 1 Table 
IP rule fwmark the Add 2 Table 2   
IP fwmark the Add rule . 3 Table . 3

 Delete Rule 3.2

ip rule del prio 10
ip rule del from 192.168.1.0/24
ip rule del table 1
ip rule del from 192.168.1.0/24 table 1 prio 10

Delete rule, the priority information may be used, source address, destination address, routing tables, etc. as the determination condition.

Add Table 4.1

route the Add IP 192.168 . 1.0 / 24 dev eth1 Table 10 // add an arbitrary route, to create a new table 10. The routing table 10 in the entry is empty

Add Route 4.2

route the Add IP 192.168 . 2.0 / 24 Via 10.10 . 15.50 Table main // add the destination address of the packet network 192.168.2.0/24, gateway 10.10.15.50. Added to the main table

Before adding the route, you must ensure that the table already exists, or just create a table.

4.3 Delete route

route del IP default Table 10    
IP route del 192.168 . 1.0 / 24 Table 10     // In Table 10, the purpose of deleting the routing address of 192.168.1.0/24

 

Guess you like

Origin www.cnblogs.com/yangxinrui/p/12575758.html
Recommended
Open Source Daily | Altman's Seven Deadly Sins; Microsoft Bing is down globally; the United States restricts AI exports; phase out VBScript; PostgreSQL 17
Ranking
Track news source code analysis RocketMQ
marked.js implements markdown table to HTML table, and then converts to json
Impossible d'ajouter la fenêtre android.view.ViewRootImpl$W@9b9fc47 -- autorisation refusée pour le type de fenêtre 2002
2019 digital-analog felt
[JS] study notes the first day of entry Vue.js
How to compare generic structs in C++?
CleanMyMac2024 free license activation code
20191213_bind DNS
Recursive (VI): Recursive applet to read
Jetson installs Anaconda (miniforge3)
Daily
More
2024-05-24(12)
2024-05-23(35)
2024-05-22(9)
2024-05-21(35)
2024-05-20(5)
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)

Code World

© 2018 codetd.com