【发布时间】:2016-02-11 23:37:44
【问题描述】:
我在同一个内部网络 (eth1) 中有两台虚拟机,但只有一台(网关)实际连接到互联网(通过 eth0)并运行 openvpn(在 tun0 上)。
在 VM 网关中,我想通过 tun0 路由 eth1,但我无法做到。
这是实际设置:
10.152.152.12
VM-workstation <===eth1===> VM-gateway <===eth0==> {internet}
/\
||
\\
\===tun0===> {openvpn tunnel}
VM-gateway 内的网络配置
$ route -n
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 10.211.1.18 128.0.0.0 UG 0 0 0 tun0
0.0.0.0 10.0.2.2 0.0.0.0 UG 0 0 0 eth0
10.0.2.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
10.152.128.0 0.0.0.0 255.255.192.0 U 0 0 0 eth1
10.211.1.18 0.0.0.0 255.255.255.255 UH 0 0 0 tun0
128.0.0.0 10.211.1.18 128.0.0.0 UG 0 0 0 tun0
220.123.19.246 10.0.2.2 255.255.255.255 UGH 0 0 0 eth0
#220.123.19.246 is the ip address of the vpn server
$ ifconfig
eth0 Link encap:Ethernet HWaddr 08:00:27:c8:73:5d
inet addr:10.0.2.15 Bcast:10.0.2.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:157704 errors:0 dropped:0 overruns:0 frame:0
TX packets:85478 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:139871643 (133.3 MiB) TX bytes:9667249 (9.2 MiB)
Interrupt:19 Base address:0xd000
eth1 Link encap:Ethernet HWaddr 08:00:27:99:f1:e4
inet addr:10.152.152.10 Bcast:10.152.191.255 Mask:255.255.192.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1649 errors:0 dropped:0 overruns:0 frame:0
TX packets:1306 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:139887 (136.6 KiB) TX bytes:122465 (119.5 KiB)
Interrupt:16 Base address:0xd040
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:43763 errors:0 dropped:0 overruns:0 frame:0
TX packets:43763 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:114248277 (108.9 MiB) TX bytes:114248277 (108.9 MiB)
tun0 Link encap:UNSPEC HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.211.1.17 P-t-P:10.211.1.18 Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST MTU:1500 Metric:1
RX packets:1295 errors:0 dropped:0 overruns:0 frame:0
TX packets:2092 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:968529 (945.8 KiB) TX bytes:269286 (262.9 KiB)
$ sysctl net.ipv4.conf.all.forwarding
net.ipv4.conf.all.forwarding = 1
在虚拟机网关内我可以正确使用 tun0
$ ping -I tun0 4.2.2.2
PING 4.2.2.2 (4.2.2.2) from 10.211.1.17 tun0: 56(84) bytes of data.
64 bytes from 4.2.2.2: icmp_seq=1 ttl=55 time=423.2 ms
64 bytes from 4.2.2.2: icmp_seq=2 ttl=55 time=421.7 ms
^C
--- 4.2.2.2 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1801ms
rtt min/avg/max/mdev = 421.762/422.484/423.207/12.737 ms
我尝试过的事情(没有成功)
正如我之前所说,我想通过 tun0 路由来自 VM-workstation(在 eth0 上)的所有流量。 我尝试使用 iptables 来重定向流量,但它只能部分工作,而且无论如何它没有使用 tun0
iptables -t nat -A PREROUTING -i eth1 -s 10.152.128.0/18 ! -d 10.152.128.0/18 -J REDIRECT
iptables -t nat -A POSTROUTING -o eth0 -s 10.152.128.0/18 -J MASQUERADE
我也尝试过 FORWARD,但它根本不起作用
iptables -A FORWARD -i eth1 -o tun0 -J ACCEPT
iptables -A FORWARD -i tun0 -o eth1 -J ACCEPT
我尝试了 ip route,但也完全不起作用:
ip rule add from 10.152.128.0/18 table 200
ip route add default dev tun0 table 200
我觉得有一个简单的解决方案,但我找不到它
【问题讨论】:
标签: networking routing iptables openvpn gateway