我有一个FreeBSD VPS,直到最近在/ 29子网中分配了3个公共IP地址。 当进行传出连接时,所使用的IP地址始终是不带别名的“ .20 ”,但是现在,我在不同的/ 29子网中添加了另一个3个IP地址块,并且传出IP更改为“ .44 ”。
以下是添加第二个子网别名之前和之后的rc.conf设置。
之前:
ifconfig_em0="inet 70.70.70.20 netmask 255.255.255.248" ifconfig_em0_alias0="inet 70.70.70.21 netmask 255.255.255.248" ifconfig_em0_alias1="inet 70.70.70.22 netmask 255.255.255.248" defaultrouter="70.70.70.17" 现在:
ifconfig_em0="inet 70.70.70.20 netmask 255.255.255.248" ifconfig_em0_alias0="inet 70.70.70.21 netmask 255.255.255.248" ifconfig_em0_alias1="inet 70.70.70.22 netmask 255.255.255.248" ifconfig_em0_alias2="inet 60.60.60.44 netmask 255.255.255.248" ifconfig_em0_alias3="inet 60.60.60.45 netmask 255.255.255.248" ifconfig_em0_alias4="inet 60.60.60.46 netmask 255.255.255.248" defaultrouter="70.70.70.17"
读取ifconfig的手动条目我不确定别名的正确networking掩码。 手册条目说:
alias Establish an additional network address for this interface. This is sometimes useful when changing network numbers, and one wishes to accept packets addressed to the old interface. If the address is on the same subnet as the first network address for this interface, a non-conflicting netmask must be given. Usually 0xffffffff is most appropriate.
问题1:这是否是正确的configuration? (通知别名2)
ifconfig_em0="inet 70.70.70.20 netmask 255.255.255.248" ifconfig_em0_alias0="inet 70.70.70.21 netmask 255.255.255.255" ifconfig_em0_alias1="inet 70.70.70.22 netmask 255.255.255.255" ifconfig_em0_alias2="inet 60.60.60.44 netmask 255.255.255.248" ifconfig_em0_alias3="inet 60.60.60.45 netmask 255.255.255.255" ifconfig_em0_alias4="inet 60.60.60.46 netmask 255.255.255.255" defaultrouter="70.70.70.17"
当我尝试这种方法时,默认的传出IP地址更改为“ .46 ”。
问题2:如何定义用于传出连接的默认IP地址,例如,如果我希望是70.70.70.21?
以下是路由表和接口信息:
路由表
Internet: Destination Gateway Flags Refs Use Netif Expire default 70.70.70.17 UGS 0 2000863 em0 60.60.60.40/29 link#1 U 0 12 em0 60.60.60.44 link#1 UHS 0 18291 lo0 60.60.60.45 link#1 UHS 0 0 lo0 60.60.60.46 link#1 UHS 0 5 lo0 70.70.70.16/29 link#1 U 0 0 em0 70.70.70.20 link#1 UHS 0 6 lo0 70.70.70.21 link#1 UHS 0 0 lo0 70.70.70.22 link#1 UHS 0 0 lo0 127.0.0.1 link#3 UH 0 203 lo0
路由表 (带networking掩码.255)
Internet: Destination Gateway Flags Refs Use Netif Expire default 70.70.70.17 UGS 0 2015436 em0 60.60.60.40/29 link#1 U 0 12 em0 60.60.60.44 link#1 UHS 0 18295 lo0 60.60.60.45 link#1 UHS 0 0 lo0 => 60.60.60.45/32 link#1 U 0 0 em0 60.60.60.46 link#1 UHS 0 9 lo0 => 60.60.60.46/32 link#1 U 0 0 em0 70.70.70.16/29 link#1 U 0 0 em0 70.70.70.20 link#1 UHS 0 6 lo0 70.70.70.21 link#1 UHS 0 0 lo0 => 70.70.70.21/32 link#1 U 0 0 em0 70.70.70.22 link#1 UHS 0 0 lo0 => 70.70.70.22/32 link#1 U 0 0 em0 127.0.0.1 link#3 UH 0 205 lo0
ifconfig em0
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM> ether 00:11:22:33:44:55 inet 70.70.70.20 netmask 0xfffffff8 broadcast 70.70.70.23 inet 70.70.70.21 netmask 0xfffffff8 broadcast 70.70.70.23 inet 70.70.70.22 netmask 0xfffffff8 broadcast 70.70.70.23 inet 60.60.60.44 netmask 0xfffffff8 broadcast 60.60.60.47 inet 60.60.60.45 netmask 0xfffffff8 broadcast 60.60.60.47 inet 60.60.60.46 netmask 0xfffffff8 broadcast 60.60.60.47 media: Ethernet autoselect (1000baseT <full-duplex>) status: active
ifconfig em0 (带networking掩码.255)
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM> ether 00:11:22:33:44:55 inet 70.70.70.20 netmask 0xfffffff8 broadcast 70.70.70.23 inet 60.60.60.44 netmask 0xfffffff8 broadcast 60.60.60.47 inet 70.70.70.21 netmask 0xffffffff broadcast 70.70.70.21 inet 70.70.70.22 netmask 0xffffffff broadcast 70.70.70.22 inet 60.60.60.45 netmask 0xffffffff broadcast 60.60.60.45 inet 60.60.60.46 netmask 0xffffffff broadcast 60.60.60.46 media: Ethernet autoselect (1000baseT <full-duplex>) status: active
IPFW
00100 allow ip from any to any via lo0 00200 deny ip from any to 127.0.0.0/8 00300 deny ip from 127.0.0.0/8 to any 00400 deny tcp from any to any frag 00500 check-state 00600 allow tcp from any to any established 00700 allow ip from any to any out keep-state 00800 allow icmp from any to any 00900 allow tcp from any to any dst-port 80,443 in 01200 allow tcp from any to any dst-port 20-22,25,80,443 out 01300 allow udp from any to any dst-port 53 out 65535 deny ip from any to any
预先感谢任何提示! 🙂
现有范围内的所有别名应具有/ 32(255.255.255.255)networking掩码。 所以你给的例子是正确的 –
ifconfig_em0="inet 70.70.70.20 netmask 255.255.255.248" ifconfig_em0_alias0="inet 70.70.70.21 netmask 255.255.255.255" ifconfig_em0_alias1="inet 70.70.70.22 netmask 255.255.255.255" ifconfig_em0_alias2="inet 60.60.60.44 netmask 255.255.255.248" ifconfig_em0_alias3="inet 60.60.60.45 netmask 255.255.255.255" ifconfig_em0_alias4="inet 60.60.60.46 netmask 255.255.255.255" defaultrouter="70.70.70.17"
这应该看到70.70.70.20用于正常的出站stream量。 你不能定义它,而是总是使用卡上的主IP,并且在一个新的子网别名集中使用第一个IP。
为了testing的目的,有一些工具,将允许源选项。 比如“ping -S 70.70.70.22 xxxx”,telnet也是这样。