mirror of
https://github.com/LCTT/TranslateProject.git
synced 2025-01-13 22:30:37 +08:00
commit
937b9ed333
@ -1,119 +0,0 @@
|
|||||||
Translating by qhwdw
|
|
||||||
Linux LAN Routing for Beginners: Part 2
|
|
||||||
======
|
|
||||||
|
|
||||||
![](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/dortmund-hbf-1259559_1920.jpg?itok=mdkNQRkS)
|
|
||||||
|
|
||||||
Last week [we reviewed IPv4 addressing][1] and using the network admin's indispensible ipcalc tool: Now we're going to make some nice LAN routers.
|
|
||||||
|
|
||||||
VirtualBox and KVM are wonderful for testing routing, and the examples in this article are all performed in KVM. If you prefer to use physical hardware, then you need three computers: one to act as the router, and the other two to represent two different networks. You also need two Ethernet switches and cabling.
|
|
||||||
|
|
||||||
The examples assume a wired Ethernet LAN, and we shall pretend there are some bridged wireless access points for a realistic scenario, although we're not going to do anything with them. (I have not yet tried all-WiFi routing and have had mixed success with connecting a mobile broadband device to an Ethernet LAN, so look for those in a future installment.)
|
|
||||||
|
|
||||||
### Network Segments
|
|
||||||
|
|
||||||
The simplest network segment is two computers in the same address space connected to the same switch. These two computers do not need a router to communicate with each other. A useful term is _broadcast domain_ , which describes a group of hosts that are all in the same network. They may be all connected to a single Ethernet switch, or multiple switches. A broadcast domain may include two different networks connected by an Ethernet bridge, which makes the two networks behave as a single network. Wireless access points are typically bridged to a wired Ethernetwork.
|
|
||||||
|
|
||||||
A broadcast domain can talk to a different broadcast domain only when they are connected by a network router.
|
|
||||||
|
|
||||||
### Simple Network
|
|
||||||
|
|
||||||
The following example commands are not persistent, and your changes will vanish with a restart.
|
|
||||||
|
|
||||||
A broadcast domain needs a router to talk to other broadcast domains. Let's illustrate this with two computers and the `ip` command. Our two computers are 192.168.110.125 and 192.168.110.126, and they are plugged into the same Ethernet switch. In VirtualBox or KVM, you automatically create a virtual switch when you configure a new network, so when you assign a network to a virtual machine it's like plugging it into a switch. Use `ip addr show` to see your addresses and network interface names. The two hosts can ping each other.
|
|
||||||
|
|
||||||
Now add an address in a different network to one of the hosts:
|
|
||||||
```
|
|
||||||
# ip addr add 192.168.120.125/24 dev ens3
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
You have to specify the network interface name, which in the example is ens3. It is not required to add the network prefix, in this case /24, but it never hurts to be explicit. Check your work with `ip`. The example output is trimmed for clarity:
|
|
||||||
```
|
|
||||||
$ ip addr show
|
|
||||||
ens3:
|
|
||||||
inet 192.168.110.125/24 brd 192.168.110.255 scope global dynamic ens3
|
|
||||||
valid_lft 875sec preferred_lft 875sec
|
|
||||||
inet 192.168.120.125/24 scope global ens3
|
|
||||||
valid_lft forever preferred_lft forever
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
The host at 192.168.120.125 can ping itself (`ping 192.168.120.125`), and that is a good basic test to verify that your configuration is working correctly, but the second computer can't ping that address.
|
|
||||||
|
|
||||||
Now we need to do bit of network juggling. Start by adding a third host to act as the router. This needs two virtual network interfaces and a second virtual network. In real life you want your router to have static IP addresses, but for now we'll let the KVM DHCP server do the work of assigning addresses, so you only need these two virtual networks:
|
|
||||||
|
|
||||||
* First network: 192.168.110.0/24
|
|
||||||
* Second network: 192.168.120.0/24
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Then your router must be configured to forward packets. Packet forwarding should be disabled by default, which you can check with `sysctl`:
|
|
||||||
```
|
|
||||||
$ sysctl net.ipv4.ip_forward
|
|
||||||
net.ipv4.ip_forward = 0
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
The zero means it is disabled. Enable it with this command:
|
|
||||||
```
|
|
||||||
# echo 1 > /proc/sys/net/ipv4/ip_forward
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
Then configure one of your other hosts to play the part of the second network by assigning the 192.168.120.0/24 virtual network to it in place of the 192.168.110.0/24 network, and then reboot the two "network" hosts, but not the router. (Or restart networking; I'm old and lazy and don't care what weird commands are required to restart services when I can just reboot.) The addressing should look something like this:
|
|
||||||
|
|
||||||
* Host 1: 192.168.110.125
|
|
||||||
* Host 2: 192.168.120.135
|
|
||||||
* Router: 192.168.110.126 and 192.168.120.136
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Now go on a ping frenzy, and ping everyone from everyone. There are some quirks with virtual machines and the various Linux distributions that produce inconsistent results, so some pings will succeed and some will not. Not succeeding is good, because it means you get to practice creating a static route. First, view the existing routing tables. The first example is from Host 1, and the second is from the router:
|
|
||||||
```
|
|
||||||
$ ip route show
|
|
||||||
default via 192.168.110.1 dev ens3 proto static metric 100
|
|
||||||
192.168.110.0/24 dev ens3 proto kernel scope link src 192.168.110.164 metric 100
|
|
||||||
|
|
||||||
$ ip route show
|
|
||||||
default via 192.168.110.1 dev ens3 proto static metric 100
|
|
||||||
default via 192.168.120.1 dev ens3 proto static metric 101
|
|
||||||
169.254.0.0/16 dev ens3 scope link metric 1000
|
|
||||||
192.168.110.0/24 dev ens3 proto kernel scope link
|
|
||||||
src 192.168.110.126 metric 100
|
|
||||||
192.168.120.0/24 dev ens9 proto kernel scope link
|
|
||||||
src 192.168.120.136 metric 100
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
This shows us that the default routes are the ones assigned by KVM. The 169.* address is the automatic link local address, and we can ignore it. Then we see two more routes, the two that belong to our router. You can have multiple routes, and this example shows how to add a non-default route to Host 1:
|
|
||||||
```
|
|
||||||
# ip route add 192.168.120.0/24 via 192.168.110.126 dev ens3
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
This means Host 1 can access the 192.168.110.0/24 network via the router interface 192.168.110.126. See how it works? Host 1 and the router need to be in the same address space to connect, then the router forwards to the other network.
|
|
||||||
|
|
||||||
This command deletes a route:
|
|
||||||
```
|
|
||||||
# ip route del 192.168.120.0/24
|
|
||||||
|
|
||||||
```
|
|
||||||
|
|
||||||
In real life, you're not going to be setting up routes manually like this, but rather using a router daemon and advertising your router via DHCP but understanding the fundamentals is key. Come back next week to learn how to set up a nice easy router daemon that does the work for you.
|
|
||||||
|
|
||||||
Learn more about Linux through the free ["Introduction to Linux" ][2]course from The Linux Foundation and edX.
|
|
||||||
|
|
||||||
--------------------------------------------------------------------------------
|
|
||||||
|
|
||||||
via: https://www.linux.com/learn/intro-to-linux/2018/3/linux-lan-routing-beginners-part-2
|
|
||||||
|
|
||||||
作者:[CARLA SCHRODER][a]
|
|
||||||
译者:[译者ID](https://github.com/译者ID)
|
|
||||||
校对:[校对者ID](https://github.com/校对者ID)
|
|
||||||
|
|
||||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
|
||||||
|
|
||||||
[a]:https://www.linux.com/users/cschroder
|
|
||||||
[1]:https://www.linux.com/learn/intro-to-linux/2018/2/linux-lan-routing-beginners-part-1
|
|
||||||
[2]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux
|
|
@ -0,0 +1,118 @@
|
|||||||
|
Linux 局域网路由新手指南:第 2 部分
|
||||||
|
======
|
||||||
|
|
||||||
|
![](https://www.linux.com/sites/lcom/files/styles/rendered_file/public/dortmund-hbf-1259559_1920.jpg?itok=mdkNQRkS)
|
||||||
|
|
||||||
|
上周 [我们学习了 IPv4 地址][1] 和如何使用管理员不可或缺的工具 —— ipcalc,今天我们继续学习更精彩的内容:局域网路由器。
|
||||||
|
|
||||||
|
VirtualBox 和 KVM 是测试路由的好工具,在本文中的所有示例都是在 KVM 中执行的。如果你喜欢使用物理硬件去做测试,那么你需要三台计算机:一台用作路由器,另外两台用于表示两个不同的网络。你也需要两台以太网交换机和相应的线缆。
|
||||||
|
|
||||||
|
我们假设示例是一个有线以太局域网,为了更符合真实使用场景,我们将假设有一些桥接的无线接入点,当然我并不会使用这些无线接入点做任何事情。(我也不会去尝试所有的无线路由器,以及使用一个移动宽带设备连接到以太网的局域网口进行混合组网,因为它们需要进一步的安装和设置)
|
||||||
|
|
||||||
|
### 网段
|
||||||
|
|
||||||
|
最简单的网段是两台计算机连接在同一个交换机上的相同地址空间中。这样两台计算机不需要路由器就可以相互通讯。这就是我们常说的术语 —— “广播域”,它表示所有在相同的网络中的一组主机。它们可能连接到一台单个的以太网交换机上,也可能是连接到多台交换机上。一个广播域可以包括通过以太网桥连接的两个不同的网络,通过网桥可以让两个网络像一个单个网络一样运转。无线访问点一般是桥接到有线以太网上。
|
||||||
|
|
||||||
|
一个广播域仅当在它们通过一台网络路由器连接的情况下,才可以与不同的广播域进行通讯。
|
||||||
|
|
||||||
|
### 简单的网络
|
||||||
|
|
||||||
|
以下示例的命令并不是永久生效的,重启之后你所做的改变将会消失。
|
||||||
|
|
||||||
|
一个广播域需要一台路由器才可以与其它广播域通讯。我们使用两台计算机和 `ip` 命令来解释这些。我们的两台计算机是 192.168.110.125 和 192.168.110.126,它们都插入到同一台以太网交换机上。在 VirtualBox 或 KVM 中,当你配置一个新网络的时候会自动创建一个虚拟交换机,因此,当你分配一个网络到虚拟虚拟机上时,就像是插入一个交换机一样。使用 `ip addr show` 去查看你的地址和网络接口名字。现在,这两台主机可以互 ping 成功。
|
||||||
|
|
||||||
|
现在,给其中一台主机添加一个不同网络的地址:
|
||||||
|
```
|
||||||
|
# ip addr add 192.168.120.125/24 dev ens3
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
|
你可以指定一个网络接口名字,在示例中它的名字是 ens3。这不需要去添加一个网络前缀,在本案例中,它是 /24,但是显式地添加它并没有什么坏处。你可以使用 `ip` 命令去检查你的配置。下面的示例输出为了清晰其见进行了删减:
|
||||||
|
```
|
||||||
|
$ ip addr show
|
||||||
|
ens3:
|
||||||
|
inet 192.168.110.125/24 brd 192.168.110.255 scope global dynamic ens3
|
||||||
|
valid_lft 875sec preferred_lft 875sec
|
||||||
|
inet 192.168.120.125/24 scope global ens3
|
||||||
|
valid_lft forever preferred_lft forever
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
|
主机在 192.168.120.125 上可以 ping 它自己(`ping 192.168.120.125`),这是对你的配置是否正确的一个基本校验,这个时候第二台计算机就已经不能 ping 通那个地址了。
|
||||||
|
|
||||||
|
现在我们需要做一些网络变更。添加第三台主机作为路由器。它需要两个虚拟网络接口并添加第二个虚拟网络。在现实中,你的路由器必须使用一个静态 IP 地址,但是现在,我们可以让 KVM 的 DHCP 服务器去为它分配地址,所以,你仅需要两个虚拟网络:
|
||||||
|
|
||||||
|
* 第一个网络:192.168.110.0/24
|
||||||
|
* 第二个网络:192.168.120.0/24
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
接下来你的路由器必须配置去转发数据包。数据包转发默认是禁用的,你可以使用 `sysctl` 命令去检查它的配置:
|
||||||
|
```
|
||||||
|
$ sysctl net.ipv4.ip_forward
|
||||||
|
net.ipv4.ip_forward = 0
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
|
0 意味着禁用,使用如下的命令去启用它:
|
||||||
|
```
|
||||||
|
# echo 1 > /proc/sys/net/ipv4/ip_forward
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
|
接下来配置你的另一台主机做为第二个网络的一部分,你可以通过将原来在 192.168.110.0/24 的网络中的一台主机分配到 192.168.120.0/24 虚拟网络中,然后重新启动两个 “网络” 主机,注意不是路由器。(或者重启动网络;我年龄大了还有点懒,我记不住那些重启服务的奇怪命令,还不如重启网络来得干脆。)重启后各台机器的地址应该如下所示:
|
||||||
|
|
||||||
|
* 主机 1: 192.168.110.125
|
||||||
|
* 主机 2: 192.168.120.135
|
||||||
|
* 路由器: 192.168.110.126 and 192.168.120.136
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
现在可以去随意 ping 它们,可以从任何一台计算机上 ping 到任何一台其它计算机上。使用虚拟机和各种 Linux 发行版做这些事时,可能会产生一些意想不到的问题,因此,有时候 ping 的通,有时候 ping 不通。不成功也是一件好事,这意味着你需要动手去创建一条静态路由。首先,查看已经存在的路由表。主机 1 和主机 2 的路由表如下所示:
|
||||||
|
```
|
||||||
|
$ ip route show
|
||||||
|
default via 192.168.110.1 dev ens3 proto static metric 100
|
||||||
|
192.168.110.0/24 dev ens3 proto kernel scope link src 192.168.110.164 metric 100
|
||||||
|
|
||||||
|
$ ip route show
|
||||||
|
default via 192.168.110.1 dev ens3 proto static metric 100
|
||||||
|
default via 192.168.120.1 dev ens3 proto static metric 101
|
||||||
|
169.254.0.0/16 dev ens3 scope link metric 1000
|
||||||
|
192.168.110.0/24 dev ens3 proto kernel scope link
|
||||||
|
src 192.168.110.126 metric 100
|
||||||
|
192.168.120.0/24 dev ens9 proto kernel scope link
|
||||||
|
src 192.168.120.136 metric 100
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
|
这显示了我们使用的由 KVM 分配的缺省路由。169.* 地址是自动链接的本地地址,我们不去管它。接下来我们看两条路由,这两条路由指向到我们的路由器。你可以有多条路由,在这个示例中我们将展示如何在主机 1 上添加一个非默认路由:
|
||||||
|
```
|
||||||
|
# ip route add 192.168.120.0/24 via 192.168.110.126 dev ens3
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
|
这意味着主机1 可以通过路由器接口 192.168.110.126 去访问 192.168.110.0/24 网络。看一下它们是如何工作的?主机1 和路由器需要连接到相同的地址空间,然后路由器转发到其它的网络。
|
||||||
|
|
||||||
|
以下的命令去删除一条路由:
|
||||||
|
```
|
||||||
|
# ip route del 192.168.120.0/24
|
||||||
|
|
||||||
|
```
|
||||||
|
|
||||||
|
在真实的案例中,你不需要像这样手动配置一台路由器,而是使用一个路由器守护程序,并通过 DHCP 做路由器通告,但是理解基本原理很重要。接下来我们将学习如何去配置一个易于使用的路由器守护程序来为你做这些事情。
|
||||||
|
|
||||||
|
通过来自 Linux 基金会和 edX 的免费课程 ["Linux 入门" ][2] 来学习更多 Linux 的知识。
|
||||||
|
|
||||||
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
via: https://www.linux.com/learn/intro-to-linux/2018/3/linux-lan-routing-beginners-part-2
|
||||||
|
|
||||||
|
作者:[CARLA SCHRODER][a]
|
||||||
|
译者:[qhwdw](https://github.com/qhwdw)
|
||||||
|
校对:[校对者ID](https://github.com/校对者ID)
|
||||||
|
|
||||||
|
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译,[Linux中国](https://linux.cn/) 荣誉推出
|
||||||
|
|
||||||
|
[a]:https://www.linux.com/users/cschroder
|
||||||
|
[1]:https://www.linux.com/learn/intro-to-linux/2018/2/linux-lan-routing-beginners-part-1
|
||||||
|
[2]:https://training.linuxfoundation.org/linux-courses/system-administration-training/introduction-to-linux
|
Loading…
Reference in New Issue
Block a user