Shulou(Shulou.com)06/01 Report--

This article mainly explains "the specific process of using PC to realize routing and forwarding under the linux system". Interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Now let the editor take you to learn "the specific process of using PC to achieve routing and forwarding under the linux system".

1. Network topology

The network topology is shown below. Here we use three machines to do experiments, namely, ①, ④, ⑦, using ①, ping ⑦, and ④ as route forwarding.

2. Incorrect routing configuration

First of all, we use the following configuration method to configure the routing tables of these three machines:

1) configure the ① model as follows, so that the destination network segment is 10.0.4.0Universe 24 out of the eth2 port.

Route add-net 10.0.4.0 Compact 24 dev eth2

Enter the following command in the view routing table of ①:

Route-n

The result of the routing table of ① is as follows:

2) use the same method to configure routing on ⑦, and the results are as follows:

3) configure the routing and forwarding feature in Unit 4, that is, set the value of net.ipv4.ip_forward in / etc/sysctl.conf file to 1:

4) all configurations have been completed, we are on ① ping ④

Ping 10.0.4.3

The result is as follows, that is, the ping does not work:

PING 10.0.4.3 (10.0.4.3) 56 (84) bytes of data.From 10.0.1.3 icmp_seq=2 Destination Host UnreachableFrom 10.0.1.3 icmp_seq=3 Destination Host UnreachableFrom 10.0.1.3 icmp_seq=4 Destination Host UnreachableFrom 10.0.1.3 icmp_seq=6 Destination Host UnreachableFrom 10.0.1.3 icmp_seq=7 Destination Host UnreachableFrom 10.0.1.3 icmp_seq=8 Destination Host Unreachable

Here, for the convenience of research, put out the eth2 configuration of ①.

Eth2 Link encap:Ethernet HWaddr 00:16:EC:AF:CB:CB inet addr:10.0.1.3 Bcast:10.255.255.255 Mask:255.255.255.0 inet6 addr: fe80::216:ecff:feaf:cbcb/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:4564 errors:0 dropped:0 overruns:0 frame:0 TX packets:6688 errors:0 dropped : 0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:459463 (448.6 KiB) TX bytes:546633 (533.8 KiB) Interrupt:23 Base address:0x6000

While ping on ①, I grabbed eth2 package on ④, and the results are as follows:

[root@h5~] # tcpdump-I eth2-enntcpdump: verbose output suppressed, use-v or-vv for full protocol decodelistening on eth2, link-type EN10MB (Ethernet), capture size 65535 bytes15:26:44.388614 00:16:ec:af:cb:cb > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.0.4.3 tell 10.0.1.3 Length 4615 ethertype ARP 26 0x0806 00:16:ec:af:cb:cb > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.0.4.3 tell 10.0.1.3, length 4615 ethertype ARP 26Swiss 47.387821 00:16:ec:af:cb:cb > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.0.4.3 tell 10.0.1.3 Length 4615 ethertype ARP 26 0x0806 00:16:ec:af:cb:cb > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.0.4.3 tell 10.0.1.3, length 4615 ethertype ARP 2649 392621 00:16:ec:af:cb:cb > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: Request who-has 10.0.4.3 tell 10.0.1.3, length 46

It can be seen that the ① has been looking for the mac address of the machine with 10.0.4.3 IP, that is, it has been sending arp packets. However, the router (④) does not forward arp messages by default, and all ① machines will never be able to ping ⑦.

3. Correct configuration

To configure routing on ①, the command is as follows:

Route add-net 10.0.4.0Compact 24 gw 10.0.1.2

At this time, the routing table of ①:

[root@h2] # [root@h2] # route-nKernel IP routing tableDestination Gateway Genmask Flags Metric Ref Use Iface10.0.4.0 10.0.1.2 255.255.255.0 UG 000 eth210.0.5.0 0.0.0.0 255.255.255.0 U 000 eth310.0. 1.0 0.0.0.0 255.255.255.0 U 00 0 eth2192.168.99.0 0.0.0.0 255.255.255.0 U 1 00 eth00.0.0.0 192.168.99.1 0.0.0.0 UG 00 0 eth0

The same way to configure the routing table of ⑦

Root@h7:~# route-n kernel IP routing table destination gateway subnet mask flag hop reference uses interface 0.0.0.0 192.168.99.1 0.0.0.0 UG 000 eth010.0.1.0 10.0.4.2 255.255.255. 0 UG 0 0 0 eth210.0.4.0 0.0.0.0 255.255.255.0 U 10 0 eth210.0.7.0 0.0.0.0 255.255.255.0 U 10 0 eth3192.168.99.0 0.0.0.0 255.255.255.0 U 10 0 eth0

The next ping test, in the ① machine ping ⑦ machine, the result can be ping. Here we asked for convenience analysis. First, list the MAC address of each network card.

①, eth2:HWaddr 00:16:EC:AF:CB:CB ④, eth2:HWaddr 40:61:86:32:8F:0B ④, eth5:HWaddr 40:61:86:32:8F:0E ⑦, eth2:HWaddr 00, 25, 90, 90, 40, 79.

The eth2 capture package of ④ is as follows:

[root@h5] # tcpdump-I eth2-enntcpdump: verbose output suppressed, use-v or-vv for full protocol decodelistening on eth2, link-type EN10MB (Ethernet), capture size 65535 bytes16:02:26.809445 00:16:ec:af:cb:cb > 40:61:86:32:8f:0b, ethertype IPv4 (0x0800), length 98: 10.0.1.3 > 10.0.4.3: ICMP echo request, id 8079, seq 1 Length 6416 00:16:ec:af:cb:cb 02 00:16:ec:af:cb:cb 40:61:86:32:8f:0b > 00:16:ec:af:cb:cb, ethertype IPv4 (0x0800), length 98: 10.0.4.3 > 10.0.1.3: ICMP echo reply, id 8079, seq 1, length 6416 00:16:ec:af:cb:cb 27.811847 00:16:ec:af:cb:cb > 40:61:86:32:8f:0b, ethertype IPv4 (0x0800), length 98: 10.0.1.3 > 10.0.4.3: ICMP echo request, id 8079 Seq 2, length 6416 40:61:86:32:8f:0b 02 40:61:86:32:8f:0b > 00:16:ec:af:cb:cb, ethertype IPv4 (0x0800), length 98: 10.0.4.3 > 10.0.1.3: ICMP echo reply, id 8079, seq 2, length 6416 Velcro 28.813248 00:16:ec:af:cb:cb > 40:61:86:32:8f:0b, ethertype IPv4 (0x0800), length 98: 10.0.1.3 > 10.0.4.3: ICMP echo request Id 8079, seq 3, length 6416 40:61:86:32:8f:0b > 00:16:ec:af:cb:cb, ethertype IPv4 (0x0800), length 98: 10.0.4.3 > 10.0.1.3: ICMP echo reply, id 8079, seq 3, length 6416 40:61:86:32:8f:0b > 40:61:86:32:8f:0b, ethertype IPv4 (0x0800) Length 98: 10.0.1.3 > 10.0.4.3: ICMP echo request, id 8079, seq 4, length 64

The eth5 capture package of ④ is as follows:

Root@h5 ~] # tcpdump-I eth5-enntcpdump: verbose output suppressed, use-v or-vv for full protocol decodelistening on eth5, link-type EN10MB (Ethernet), capture size 65535 bytes16:02:26.809460 40:61:86:32:8f:0e > 0000 bytes16:02:26.809460 40:61:86:32:8f:0e > 00 90 40 enntcpdump 79, ethertype IPv4 (0x0800), length 98: 10.0.1.3 > 10.0.4.3: ICMP echo request, id 8079, seq 1 Length 6416 ethertype IPv4 (0x0800), length 98: 10.0.4.3 > 10.0.1.3: ICMP echo reply, id 8079, seq 1, length 6416 ethertype IPv4: 10.0.4.3 > 10.0.1.3: ICMP echo reply, id 8079, seq 1, length 6416 ethertype IPv4 > 10.0.4.3: ICMP echo request, id 8079 Seq 2, length 6416 40:61:86:32:8f:0e > 00 ethertype IPv4 (0x0800), length 98: 10.0.1.3 > 10.0.4.3 > 10.0.1.3: ICMP echo reply, id 8079, seq 2, ICMP echo reply, id 8079, seq 2, ethertype IPv4 (0x0800), length 98: 10.0.1.3 > 10.0.1.3 Id 8079, seq 3, length 6416: 0240:61:86:32:8f:0e, seq 3, length 6416: 28814545 00, 25, 90, 93, 4079 > 40:61:86:32:8f:0e, ethertype IPv4 (0x0800), length 98: 10.0.4.3 > 10.0.1.3: ICMP echo reply, id 8079, seq 3, length 64

The eth2 capture package of ⑦ is as follows:

Root@h7:~# tcpdump-I eth2-enntcpdump: verbose output suppressed, use-v or-vv for full protocol decodelistening on eth2, link-type EN10MB (Ethernet), capture size 65535 bytes16:02:27.222853 40:61:86:32:8f:0e > 00 ICMP echo request, id 8079, seq 1 Length 6416 ethertype IPv4 (0x0800), length 98: 10.0.4.3 > 10.0.1.3: ICMP echo reply, id 8079, seq 1, length 6416 ethertype IPv4: 10.0.4.3 > 10.0.1.3: ICMP echo request, id 8079: ICMP echo request, id 8079 Seq 2, length 6416 40:61:86:32:8f:0e > 00 ethertype IPv4 (0x0800), length 98: 10.0.1.3 > 10.0.4.3 > 10.0.1.3: ICMP echo reply, id 8079, seq 2, length 6416: 0226638 40:61:86:32:8f:0e > 00: 0226638: 0226638 Id 8079, seq 3, length 6416 40:61:86:32:8f:0e 934079 > 40:61:86:32:8f:0e, ethertype IPv4 (0x0800), length 98: 10.0.4.3 > 10.0.1.3: ICMP echo reply, id 8079, seq 3, length 6416 40:61:86:32:8f:0e > 0030 228059 40:61:86:32:8f:0e > 0030, 9340, ethertype IPv4 (0x0800) Length 98: 10.0.1.3 > 10.0.4.3: ICMP echo request, id 8079, seq 4, length 64

From the captured packets, we can easily see that when the ① machine is in ping ⑦, because the routing table is configured with the eth2 (10.0.1.2) address that passes through machine 4, the mac ① corresponding to this address has been cached, so all the ICMP packets are opened and sent without arp broadcasting, and the destination ip is ⑦, and the destination MAC is eth2 of ④. After that, in the route of the ④ machine, the destination MAC is changed into the eth5 of the ④ machine, and the destination ip is unchanged, and the process of coming back is similar.

4. Conclusion

Because the linux router does not forward arp packets by default, if the route is configured like the "wrong configuration", the ① number has been in the stage of asking the destination MAC and cannot get the router ④ to forward the packet, so we can configure the route to let the ① number use the MAC of the ④ number eth2 to go out, and then forward it step by step. Or configure the route as "misconfigured", and then use the arp proxy in the ④ machine, so that the ① machine can get the MAC of the ⑦ machine, thus from the stage of sending arp messages to the stage of sending ICMP packets.

At this point, I believe you have a deeper understanding of "the specific process of using PC to achieve routing and forwarding under the linux system". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.