LINUX.ORG.RU

Сообщения g9rud

 

Почему не работает нат из netns в физический интерфейс?

Форум — Admin

Конфиг и исходные данные такие, пожалуйста помогите разобраться.

ip netns add 1516
ip link add link enp2s0 name enp2s0.1516 type vlan id 1516
ip link set enp2s0.1516 netns 1516
ip netns exec 1516 ifconfig enp2s0.1516 up
ip netns exec 1516 ip addr add 1.1.1.2/30 dev enp2s0.1516
ip netns exec 1516 ip link set lo up
ip netns exec 1516 ip route add default via 1.1.1.1

echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -t nat -F
iptables -t nat -A POSTROUTING -s 1.1.1.0/255.255.255.252 -o wlp3s0 -j MASQUERADE
iptables -A FORWARD -i wlp3s0 -o enp2s0.1516 -j ACCEPT
iptables -A FORWARD -o wlp3s0 -i enp2s0.1516 -j ACCEPT


tux@pc:~# ip netns exec 1515 ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
From 1.1.1.2 icmp_seq=1 Destination Host Unreachable
From 1.1.1.2 icmp_seq=2 Destination Host Unreachable
From 1.1.1.2 icmp_seq=3 Destination Host Unreachable
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 0 received, +3 errors, 100% packet loss, time 3079ms
pipe 4
tux@pc:~# ip netns exec 1515 netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         1.1.1.1         0.0.0.0         UG        0 0          0 enp2s0.1515
1.1.1.0         0.0.0.0         255.255.255.252 U         0 0          0 enp2s0.1515
tux@pc:~# ip netns exec 1515 ifconfig
enp2s0.1515: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 1.1.1.2  netmask 255.255.255.252  broadcast 0.0.0.0
        ether 00:60:2F:38:D4:A8  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 4  bytes 448 (448.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 4  bytes 448 (448.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

tux@pc:~# 

tux@pc:~#  ping 8.8.8.8 -c 3
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=39 time=207 ms
64 bytes from 8.8.8.8: icmp_seq=2 ttl=39 time=187 ms
64 bytes from 8.8.8.8: icmp_seq=3 ttl=39 time=175 ms

--- 8.8.8.8 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 175.163/190.093/207.863/13.504 ms

tux@pc:~#  netstat -nr
Kernel IP routing table
Destination     Gateway         Genmask         Flags   MSS Window  irtt Iface
0.0.0.0         192.168.43.1    0.0.0.0         UG        0 0          0 wlp3s0
169.254.0.0     0.0.0.0         255.255.0.0     U         0 0          0 wlp3s0
192.168.43.0    0.0.0.0         255.255.255.0   U         0 0          0 wlp3s0

tux@pc:~# ip link | grep enp2s0
2: enp2s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN mode DEFAULT group default qlen 1000

 , ,

g9rud
()
5 комментариев

RSS подписка на новые темы