我使用Vyatta配置了静态路由,如下所示:
set protocols static route 192.168.1.0/24 next-hop 10.100.0.204
但是目的地为 192.168.1.10 的数据包不会路由到 10.100.0.204。
vyatta@vyatta# traceroute 192.168.1.10
traceroute to 192.168.1.10 (192.168.1.10), 30 hops max, 60 byte packets
1 * * *
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *
16 * * *^C
[edit]
看来路由表是正确的:
vyatta@vyatta# ip route
default via 10.0.1.1 dev eth0 proto zebra
10.0.1.0/24 dev eth0 proto kernel scope link src 10.0.1.5
10.100.0.101 dev pptp1 proto kernel scope link src 10.255.254.0
10.100.0.102 dev pptp3 proto kernel scope link src 10.255.254.0
10.100.0.200 dev pptp0 proto kernel scope link src 10.255.254.0
10.100.0.204 dev pptp2 proto kernel scope link src 10.255.254.0
127.0.0.0/8 dev lo proto kernel scope link src 127.0.0.1
192.168.1.0/24 via 10.100.0.204 dev pptp2 proto zebra
奇怪的是,如果 next-hop 设置为 10.100.0.200,它可以正常工作:
vyatta@vyatta# traceroute 192.168.1.10
traceroute to 192.168.1.10 (192.168.1.10), 30 hops max, 60 byte packets
1 10.100.0.200 (10.100.0.200) 7.524 ms 7.368 ms 7.590 ms
2 * * *
3 * * *
4 * * *
5 * * *
6 * * *
7 *^C
[edit]
请告诉我我在哪里配置错误。
编辑:
我的网络架构如下:
我在 Mac OS X 机器(#1)上运行 Vagrant。最终我想让 Mac OS X(#3) 通过 VPN 访问 Vagrant VM(192.168.1.10)。VPN连接没有问题。
当前的 Vyatta 配置
虚拟专用网:
vyatta@vyatta# show vpn
pptp {
remote-access {
authentication {
local-users {
...
}
mode local
}
client-ip-pool {
start 10.100.0.1
stop 10.100.0.255
}
dns-servers {
server-1 10.0.1.185
server-2 10.0.1.162
}
outside-address 10.0.1.5
}
}
[edit]
路由:
vyatta@vyatta# show protocols
static {
route 192.168.1.0/24 {
next-hop 10.100.0.204 {
}
}
}
[edit]
Vagrant 虚拟机网络配置
config.vm.network "public_network", ip: "192.168.1.10", netmask: "255.255.255.0", bridge: "en0: Ethernet"
地位
维亚塔vyatta@vyatta# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether <MAC_ADDRESS> brd ff:ff:ff:ff:ff:ff
inet 10.0.1.5/24 brd 10.0.1.255 scope global eth0
inet6 ************* scope link
valid_lft forever preferred_lft forever
837: pptp3: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1496 qdisc pfifo_fast state UNKNOWN qlen 100
link/ppp
inet 10.255.254.0 peer 10.100.0.102/32 scope global pptp3
899: pptp1: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1496 qdisc pfifo_fast state UNKNOWN qlen 100
link/ppp
inet 10.255.254.0 peer 10.100.0.101/32 scope global pptp1
904: pptp2: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1496 qdisc pfifo_fast state UNKNOWN qlen 100
link/ppp
inet 10.255.254.0 peer 10.100.0.204/32 scope global pptp2
907: pptp0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1496 qdisc pfifo_fast state UNKNOWN qlen 100
link/ppp
inet 10.255.254.0 peer 10.100.0.200/32 scope global pptp0
[edit]
它可以访问 Mac 主机,但无法访问 Vagrant VM。
流浪虚拟机[vagrant@vagrant-ubuntu-precise-64:~][2014-08-24T04:59:29]
$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether <MAC_ADDRESS> brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 brd 10.0.2.255 scope global eth0
inet6 ************ scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether <MAC_ADDRESS> brd ff:ff:ff:ff:ff:ff
inet 192.168.1.10/24 brd 192.168.1.255 scope global eth1
4: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
link/ether <MAC_ADDRESS> brd ff:ff:ff:ff:ff:ff
inet 172.17.42.1/16 scope global docker0
它可以到达每个主机:
[vagrant@vagrant-ubuntu-precise-64:~][2014-08-26T12:36:23]
$ ping 192.168.1.26
PING 192.168.1.26 (192.168.1.26) 56(84) bytes of data.
64 bytes from 192.168.1.26: icmp_req=1 ttl=64 time=0.473 ms
64 bytes from 192.168.1.26: icmp_req=2 ttl=64 time=0.314 ms
^C
--- 192.168.1.26 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1001ms
rtt min/avg/max/mdev = 0.314/0.393/0.473/0.081 ms
[vagrant@vagrant-ubuntu-precise-64:~][2014-08-26T12:36:36]
$ ping 192.168.1.30
PING 192.168.1.30 (192.168.1.30) 56(84) bytes of data.
64 bytes from 192.168.1.30: icmp_req=1 ttl=64 time=1.51 ms
64 bytes from 192.168.1.30: icmp_req=2 ttl=64 time=0.652 ms
^C
--- 192.168.1.30 ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1003ms
rtt min/avg/max/mdev = 0.652/1.084/1.516/0.432 ms
[vagrant@vagrant-ubuntu-precise-64:~][2014-08-26T12:36:38]
$ ping 10.255.254.0
PING 10.255.254.0 (10.255.254.0) 56(84) bytes of data.
64 bytes from 10.255.254.0: icmp_req=1 ttl=63 time=7.24 ms
^C
--- 10.255.254.0 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 7.245/7.245/7.245/0.000 ms
[vagrant@vagrant-ubuntu-precise-64:~][2014-08-26T12:37:59]
$ ping 10.100.0.200
PING 10.100.0.200 (10.100.0.200) 56(84) bytes of data.
64 bytes from 10.100.0.200: icmp_req=1 ttl=63 time=13.3 ms
^C
--- 10.100.0.200 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 13.366/13.366/13.366/0.000 ms
路由表:
$ netstat -nr
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.1.1 UGSc 10 0 en0
default 192.168.1.1 UGScI 0 0 en1
default 10.255.254.0 UGScI 0 0 ppp0
10 ppp0 USc 1 6 ppp0
10.255.254.0 10.100.0.204 UHr 1 76 ppp0
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 6 391932 lo0
169.254 link#4 UCS 0 0 en0
192.168.1 link#4 UCS 4 0 en0
192.168.1 link#5 UCSI 2 0 en1
192.168.1.1 <MAC_ADDRESS> UHLWIir 13 267249 en0 1200
192.168.1.1 <MAC_ADDRESS> UHLWIir 1 4 en1 605
192.168.1.10 <MAC_ADDRESS> UHLWI 0 2 en0 507
192.168.1.26 127.0.0.1 UHS 0 0 lo0
192.168.1.28 127.0.0.1 UHS 0 3 lo0
192.168.1.30 <MAC_ADDRESS> UHLWIi 2 2027 en0 1200
192.168.1.255 ff:ff:ff:ff:ff:ff UHLWbI 0 94 en0
192.168.2 link#11 UC 2 0 vboxnet
192.168.2.255 ff:ff:ff:ff:ff:ff UHLWbI 0 9 vboxnet
192.168.33 link#10 UC 2 0 vboxnet
192.168.33.255 ff:ff:ff:ff:ff:ff UHLWbI 0 9 vboxnet
192.168.59 link#13 UC 2 0 vboxnet
192.168.59.255 ff:ff:ff:ff:ff:ff UHLWbI 0 9 vboxnet
路由表:
$ netstat -nr
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
default 192.168.1.1 UGSc 67 0 en0
default link#5 UCSI 0 0 en1
default link#10 UCSI 0 0 bridge1
default 10.255.254.0 UGScI 0 0 ppp0
10 ppp0 USc 3 0 ppp0
10.255.254.0 10.100.0.200 UHr 1 4 ppp0
127 127.0.0.1 UCS 0 0 lo0
127.0.0.1 127.0.0.1 UH 5 1238 lo0
169.254 link#4 UCS 1 0 en0
169.254.78.173 127.0.0.1 UHS 1 0 lo0
169.254.255.255 link#4 UHRLSW 0 759 en0 5
192.168.1 link#4 UCS 4 0 en0
192.168.1.1 <MAC_ADDRESS> UHLWIir 69 8091 en0 1192
192.168.1.10 <MAC_ADDRESS> UHLWI 0 2 en0 917
192.168.1.26 <MAC_ADDRESS> UHLWIi 1 1829 en0 1185
192.168.1.30 127.0.0.1 UHS 0 1 lo0
192.168.1.255 ff:ff:ff:ff:ff:ff UHLWbI 0 25 en0