在网关做端口映射的时候遇到这种问题。网关192.168.0.1映射端口22给192.168.0.100时可以,但是同时192.168.0.2映射端口给192.168.0.100就不行,是应为Centos数据包默认走默认网关,而不是原路返回。
网络结构如下:
网卡eth0 IP 192.168.0.100/24 默认网关 192.168.0.1 网卡eth0:0 IP 192.168.0.101/24 专属网关 192.168.0.2
vim /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet BOOTPROTO=none DEVICE=eth0 ONBOOT=yes IPADDR=192.168.0.100 PREFIX=24 GATEWAY=192.168.0.1 DNS1=192.168.0.1 DNS2=192.168.0.2
vim /etc/sysconfig/network-scripts/ifcfg-eth0:0
TYPE=Ethernet BOOTPROTO=none DEVICE=eth0:0 ONBOOT=yes IPADDR=192.168.0.101 PREFIX=24
加一个备用路由表252 backup
vim /etc/iproute2/rt_tables
# # reserved values # 255 local 254 main 253 default 0 unspec # # local # #1 inr.ruhep 252 backup
路由表规则
ip route flush table backup ip route add default via 192.168.0.2 dev eth0:0 src 192.168.0.101 table backup ip rule add from 192.168.0.101 table backup
路由表规则静态化【Centos6】
方法1:
写到/etc/rc.local
vim /etc/rc.local ip route flush table backup ip route add default via 192.168.0.2 dev eth0:0 src 192.168.0.101 table backup ip rule add from 192.168.0.101 table backup
方法2(建议):
写到/etc/sysconfig/network-scripts/route-interface和rule-interface
vim /etc/sysconfig/network-scripts/route-eth0:0 default via 192.168.0.2 dev eth0:0 src 192.168.0.101 table backup vim /etc/sysconfig/network-scripts/rule-eth0:0 from 192.168.0.101 table backup
路由表规则静态化【Centos8】
nmcli connection modify eth0:0 +ipv4.routes "0.0.0.0/0 192.168.0.2 src=192.168.0.101 table=252" nmcli connection modify eth0:0 +ipv4.routing-rules "priority 32765 from 192.168.0.101 table 252"