我有一个这样的networking:
+--------------+ | Linux Router | +--------------+ 10.0.1.100/24 | 10.0.0.100/24 | Host A (10.0.1.101/24) ----+--- Host B (10.0.0.3/24) 注意1:Linux路由器只有1个物理以太网端口,分配2个IP地址。 我需要能够从主机A ping 10.0.0.3 ,并从主机B ping 10.0.1.101 ,但我不能。 为什么?
[root@Host_A ~]# ping -c1 10.0.0.3 PING 10.0.0.3 (10.0.0.3) 56(84) bytes of data. From 10.0.1.100: icmp_seq=1 Redirect Host(New nexthop: 10.0.0.3)
那么它是目标主机无法访问。 这里是我的Linux路由器configuration:
cat / proc / sys / net / ipv4 / ip_forward:
1
ip链接:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000 link/ether d0:5f:b8:fc:fc:ef brd ff:ff:ff:ff:ff:ff
ip addr:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000 link/ether d0:5f:b8:fc:fc:ef brd ff:ff:ff:ff:ff:ff inet 10.0.0.100/24 brd 10.0.0.255 scope global eth0 inet 10.0.1.100/24 brd 10.0.1.255 scope global eth0 inet6 fe80::d25f:b8ff:fefc:fcef/64 scope link valid_lft forever preferred_lft forever
路线-n:
Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 10.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0 10.0.1.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
您需要禁用路由器来发送redirect:
sudo sysctl -w ipv4.conf.eth0.send_redirects = 0
您将需要编辑/etc/sysctl.conf并添加以下行以在启动时应用configuration。
ipv4.conf.eth0.send_redirects = 0
但是你的configuration既不是最佳的,也不安全。 您应该使用路由器并将networking分成2个VLAN。 您将需要一个VLAN感知开关。
另一种解决scheme是使用更大的前缀(例如10.0.0.100/24和10.0.1.0/24replace为10.0.0.0/23)