{"id":1070,"date":"2020-02-11T15:07:13","date_gmt":"2020-02-11T07:07:13","guid":{"rendered":"http:\/\/www.max-shu.com\/blog\/?p=1070"},"modified":"2020-02-11T15:07:13","modified_gmt":"2020-02-11T07:07:13","slug":"linux%e7%ad%96%e7%95%a5%e8%b7%af%e7%94%b1%e5%8f%8aiptables-mangle%e3%80%81ip-rule%e3%80%81ip-route%e5%85%b3%e7%b3%bb%e5%8f%8a%e4%b8%80%e7%a7%8dnetwork-is-unreachable%e9%94%99%e8%af%af","status":"publish","type":"post","link":"http:\/\/www.max-shu.com\/blog\/?p=1070","title":{"rendered":"Linux\u7b56\u7565\u8def\u7531\u53caiptables mangle\u3001ip rule\u3001ip route\u5173\u7cfb\u53ca\u4e00\u79cdNetwork is unreachable\u9519\u8bef"},"content":{"rendered":"
iptables\u3001ip\u00a0rule\u3001ip\u00a0route\u5173\u7cfb\uff0c\u4e00\u4e2a\u5305\u5230\u8fbe\u7f51\u7edc\u534f\u8bae\u5c42\uff0c\u9996\u5148\u4f1a\u88abiptables\u7684managle\u8868\u6253\u4e0a\u6807\u8bb0\uff08\u5f53\u7136\u4e5f\u53ef\u4ee5\u4e0d\u6253\uff09\uff0c\u7136\u540e\u7ed9ip\u00a0rule\u5339\u914d\uff0c\u627e\u5230\u5bf9\u5e94\u7684\u8def\u7531\u8868\uff0c\u6700\u540e\u6839\u636eip\u00a0route\u00a0table\u7684\u8def\u7531\u8868\u627e\u5230\u5bf9\u5e94\u51fa\u53e3\u63a5\u53e3\u3002<\/strong><\/div>\n
<\/div>\n
\u5982\u679cip\u00a0rule\u89c4\u5219\u4e0d\u5bf9\uff0c\u5219\u5f88\u53ef\u80fd\u51fa\u73b0ping\u7f51\u5173\uff08\u8fd9\u79cd\u60c5\u51b5\u4e0bping\u540c\u5b50\u7f51\uff0c\u8ddf\u8def\u7531\u6ca1\u5173\u7cfb\uff09\u7684\u65f6\u5019\u76f4\u63a5\u62a5\u9519\uff1a<\/div>\n
# ping 192.168.1.1<\/div>\n
connect: Network is unreachable<\/div>\n
\u800c\u6307\u5b9a\u63a5\u53e3\u518dping\u00a0\u7684\u65f6\u5019\u5c31\u80fd\u901a\uff1a<\/div>\n
# ping -I wlan0 192.168.1.1<\/div>\n
PING 10.193.20.64 (10.193.20.64) from 10.193.20.83 eth5: 56(84) bytes of data.<\/div>\n
64 bytes from 10.193.20.64: icmp_seq=1 ttl=64 time=0.345 ms<\/div>\n
64 bytes from 10.193.20.64: icmp_seq=2 ttl=64 time=0.354 ms<\/div>\n
<\/div>\n
<\/div>\n

\u770b\u770biptable\u5185\u5bb9\uff08iptables\u5404\u8fc7\u6ee4\u8868\u7684\u4f18\u5148\u7ea7\u4e3amanagle -> nat -> filter\uff09\uff1a<\/strong><\/h3>\n
\u4f7f\u7528Netfilter\u7684managle\u673a\u5236\u9488\u5bf9\u7279\u5b9a\u7684\u6570\u636e\u5305\u8bbe\u7f6eMARK\u503c\uff08\u957f\u5ea6\u4e3a32bit\uff09\uff0c\u4e0b\u9762\u4f8b\u5b50\u5c06HTTP\uff08\u7aef\u53e380\uff09\u6570\u636e\u5305\u7684MARK\u503c\u8bbe\u7f6e\u4e3a1\uff0cSMTP\u53caPOP3\u6570\u636e\u5305\uff08\u7aef\u53e325\u548c110\uff09\u7684MARK\u503c\u8bbe\u7f6e\u4e3a2\uff0c\u5176\u4f59\u6570\u636e\u5305\u5219\u8bbe\u7f6eMARK\u503c\u4e3a3\u3002<\/div>\n
iptables -t mangle -A FORWARD -i eth3 -p tcp –dport 80 -j MARK –set-mark 1<\/div>\n
iptables -t mangle -A FORWARD -i eth3 -p tcp –dport 25 -j MARK –set-mark 2<\/div>\n
iptables -t mangle -A FORWARD -i eth3 -p tcp –dport 110 -j MARK –set-mark 2<\/div>\n
iptables -t mangle -A FORWARD -i eth3 -j MARK –set-mark 3<\/div>\n
\u4e0b\u9762\u7684\u8868\u662f\u4e2a\u5b9e\u9645\u4e2d\u7684\u8868\uff0c\u4e0a\u9762\u7684\u914d\u7f6e\u6ca1\u6709\u4f53\u73b0\u3002<\/span><\/div>\n
# iptables -t mangle –list<\/span><\/div>\n
Chain PREROUTING (policy ACCEPT)<\/div>\n
target\u00a0\u00a0\u00a0\u00a0\u00a0prot opt source\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0destination<\/div>\n
PREROUTING_direct\u00a0\u00a0all\u00a0\u00a0—\u00a0\u00a0anywhere\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0anywhere<\/div>\n
PREROUTING_ZONES_SOURCE\u00a0\u00a0all\u00a0\u00a0—\u00a0\u00a0anywhere\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0anywhere<\/div>\n
PREROUTING_ZONES\u00a0\u00a0all\u00a0\u00a0—\u00a0\u00a0anywhere\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0anywhere<\/div>\n
<\/div>\n
Chain INPUT (policy ACCEPT)<\/div>\n
target\u00a0\u00a0\u00a0\u00a0\u00a0prot opt source\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0destination<\/div>\n
INPUT_direct\u00a0\u00a0all\u00a0\u00a0—\u00a0\u00a0anywhere\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0anywhere<\/div>\n
<\/div>\n
Chain FORWARD (policy ACCEPT)<\/div>\n
target\u00a0\u00a0\u00a0\u00a0\u00a0prot opt source\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0destination<\/div>\n
FORWARD_direct\u00a0\u00a0all\u00a0\u00a0—\u00a0\u00a0anywhere\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0anywhere<\/div>\n
<\/div>\n
Chain OUTPUT (policy ACCEPT)<\/div>\n
target\u00a0\u00a0\u00a0\u00a0\u00a0prot opt source\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0destination<\/div>\n
OUTPUT_direct\u00a0\u00a0all\u00a0\u00a0—\u00a0\u00a0anywhere\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0anywhere<\/div>\n
<\/div>\n
Chain POSTROUTING (policy ACCEPT)<\/div>\n
target\u00a0\u00a0\u00a0\u00a0\u00a0prot opt source\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0destination<\/div>\n
POSTROUTING_direct\u00a0\u00a0all\u00a0\u00a0—\u00a0\u00a0anywhere\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0anywhere<\/div>\n
<\/div>\n
Chain FORWARD_direct (1 references)<\/div>\n
target\u00a0\u00a0\u00a0\u00a0\u00a0prot opt source\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0destination<\/div>\n
<\/div>\n
Chain INPUT_direct (1 references)<\/div>\n
target\u00a0\u00a0\u00a0\u00a0\u00a0prot opt source\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0destination<\/div>\n
<\/div>\n
Chain OUTPUT_direct (1 references)<\/div>\n
target\u00a0\u00a0\u00a0\u00a0\u00a0prot opt source\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0destination<\/div>\n
<\/div>\n
Chain POSTROUTING_direct (1 references)<\/div>\n
target\u00a0\u00a0\u00a0\u00a0\u00a0prot opt source\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0destination<\/div>\n
<\/div>\n
Chain PREROUTING_ZONES (1 references)<\/div>\n
target\u00a0\u00a0\u00a0\u00a0\u00a0prot opt source\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0destination<\/div>\n
PRE_public\u00a0\u00a0all\u00a0\u00a0—\u00a0\u00a0anywhere\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0anywhere\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0[goto]<\/div>\n
<\/div>\n
Chain PREROUTING_ZONES_SOURCE (1 references)<\/div>\n
target\u00a0\u00a0\u00a0\u00a0\u00a0prot opt source\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0destination<\/div>\n
<\/div>\n
Chain PREROUTING_direct (1 references)<\/div>\n
target\u00a0\u00a0\u00a0\u00a0\u00a0prot opt source\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0destination<\/div>\n
<\/div>\n
Chain PRE_public (1 references)<\/div>\n
target\u00a0\u00a0\u00a0\u00a0\u00a0prot opt source\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0destination<\/div>\n
PRE_public_log\u00a0\u00a0all\u00a0\u00a0—\u00a0\u00a0anywhere\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0anywhere<\/div>\n
PRE_public_deny\u00a0\u00a0all\u00a0\u00a0—\u00a0\u00a0anywhere\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0anywhere<\/div>\n
PRE_public_allow\u00a0\u00a0all\u00a0\u00a0—\u00a0\u00a0anywhere\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0anywhere<\/div>\n
<\/div>\n
Chain PRE_public_allow (1 references)<\/div>\n
target\u00a0\u00a0\u00a0\u00a0\u00a0prot opt source\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0destination<\/div>\n
MARK\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0tcp\u00a0\u00a0—\u00a0\u00a0anywhere\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0anywhere\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0tcp dpt:biimenu MARK set 0x64\u00a0 \u00a0\u6253\u6807\u8bb0\u4e3a0x64<\/span><\/div>\n
MARK\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0tcp\u00a0\u00a0—\u00a0\u00a0anywhere\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0anywhere\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0tcp dpt:http MARK set 0x65\u00a0 \u00a0 \u00a0 \u00a0 \u00a0\u00a0\u6253\u6807\u8bb0\u4e3a0x65<\/span><\/div>\n
<\/div>\n
Chain PRE_public_deny (1 references)<\/div>\n
target\u00a0\u00a0\u00a0\u00a0\u00a0prot opt source\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0destination<\/div>\n
<\/div>\n
Chain PRE_public_log (1 references)<\/div>\n
target\u00a0\u00a0\u00a0\u00a0\u00a0prot opt source\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0destination<\/div>\n
<\/div>\n
# iptables -t filter –list<\/span><\/div>\n
\u7565<\/div>\n
<\/div>\n
<\/div>\n
<\/div>\n

\u518d\u770bip\u00a0route\u5185\u5bb9\uff1a<\/strong><\/h3>\n
Linux \u6700\u591a\u53ef\u4ee5\u652f\u6301 255 \u5f20\u8def\u7531\u8868\uff0c\u5728\u9ed8\u8ba4\u60c5\u51b5\u4e0b\uff0c\u7cfb\u7edf\u6709\u4e09\u4e2a\u8def\u7531\u8868\uff0c\u8fd9\u4e09\u4e2a\u8def\u7531\u8868\u7684\u529f\u80fd\u5982\u4e0b\uff1a<\/strong><\/div>\n
local\u8def\u7531\u8868\uff08id\u4e3a255\uff09\uff1a\u8def\u7531\u8868local\u5305\u542b\u672c\u673a\u8def\u7531\u53ca\u5e7f\u64ad\u4fe1\u606f\u3002\u4f8b\u5982\uff0c\u5728\u672c\u673a\u4e0a\u6267\u884cssh 127.0.0.1\u65f6\uff0c\u5c31\u4f1a\u53c2\u8003\u8fd9\u4efd\u8def\u7531\u8868\u7684\u5185\u5bb9\uff0c\u5728\u6b63\u5e38\u60c5\u51b5\u4e0b\uff0c\u53ea\u8981\u914d\u7f6e\u597d\u7f51\u5361\u7684\u7f51\u7edc\u8bbe\u7f6e\uff0c\u5c31\u4f1a\u81ea\u52a8\u751f\u6210local\u8def\u7531\u8868\u7684\u5185\u5bb9\uff0c\u6211\u4eec\u5e94\u8be5\u4e5f\u4e0d\u5fc5\u4fee\u6539\u5176\u5185\u5bb9\u3002<\/strong><\/div>\n
main\u8def\u7531\u8868\uff08id\u4e3a254\uff09\uff1a\u4f7f\u7528\u4f20\u7edf\u547d\u4ee4route -n\u6240\u770b\u5230\u7684\u8def\u7531\u8868\u5c31\u662fmain\u7684\u5185\u5bb9\u3002Linux\u7cfb\u7edf\u5728\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u4f7f\u7528\u8fd9\u4efd\u8def\u7531\u8868\u7684\u5185\u5bb9\u6765\u4f20\u8f93\u6570\u636e\u5305\uff0c\u56e0\u6b64\uff0c\u5176\u5185\u5bb9\u6781\u4e3a\u91cd\u8981\uff0c\u5728\u6b63\u5e38\u60c5\u51b5\u4e0b\uff0c\u53ea\u8981\u914d\u7f6e\u597d\u7f51\u5361\u7684\u7f51\u7edc\u8bbe\u7f6e\uff0c\u5c31\u4f1a\u81ea\u52a8\u751f\u6210main\u8def\u7531\u8868\u7684\u5185\u5bb9\u3002<\/strong><\/div>\n
default\u8def\u7531\u8868\uff08id\u4e3a253\uff09\uff1a\u6700\u540e\u662fdefault\u8def\u7531\u8868\uff0c\u8fd9\u4e2a\u8def\u7531\u8868\u5728\u9ed8\u8ba4\u60c5\u51b5\u4e0b\u5185\u5bb9\u4e3a\u7a7a\uff1b\u9664\u975e\u6709\u7279\u522b\u7684\u8981\u6c42\uff0c\u5426\u5219\u4fdd\u6301\u5176\u5185\u5bb9\u4e3a\u7a7a\u5373\u53ef\u3002<\/strong><\/div>\n
\u53e6\u5916\u6709\u4e2aid\u4e3a 0\u00a0\u7684unspec\u8868\u4fdd\u7559\u65e0\u4f5c\u7528\u3002<\/strong><\/div>\n
\u5982\u679c\u6709\u9700\u8981\uff0c\u5219\u53ef\u4ee5\u81ea\u884c\u518d\u6dfb\u52a0\u5176\u4ed6\u8def\u7531\u8868\u3002<\/strong><\/div>\n
# cat \/etc\/iproute2\/rt_tables<\/span><\/div>\n
255\u00a0\u00a0\u00a0\u00a0\u00a0local<\/div>\n
254\u00a0\u00a0\u00a0\u00a0\u00a0main<\/div>\n
253\u00a0\u00a0\u00a0\u00a0\u00a0default<\/div>\n
0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0unspec<\/div>\n
#<\/div>\n
# ip route show table main<\/span><\/div>\n
192.168.1.0\/24 dev wlan0 proto kernel scope link src 192.168.1.150<\/div>\n
#<\/div>\n
# ip route show table default<\/span><\/div>\n
#<\/div>\n
# ip route show table local<\/span><\/div>\n
broadcast 127.0.0.0 dev lo proto kernel scope link src 127.0.0.1<\/div>\n
local 127.0.0.0\/8 dev lo proto kernel scope host src 127.0.0.1<\/div>\n
local 127.0.0.1 dev lo proto kernel scope host src 127.0.0.1<\/div>\n
broadcast 127.255.255.255 dev lo proto kernel scope link src 127.0.0.1<\/div>\n
broadcast 192.168.1.0 dev wlan0 proto kernel scope link src 192.168.1.150<\/div>\n
local 192.168.1.150 dev wlan0 proto kernel scope host src 192.168.1.150<\/div>\n
broadcast 192.168.1.255 dev wlan0 proto kernel scope link src 192.168.1.150<\/div>\n
#<\/div>\n
# ip route show table wlan0<\/span><\/div>\n
default via 192.168.1.1 dev wlan0 proto static<\/div>\n
192.168.1.0\/24 dev wlan0 proto static scope link<\/div>\n
<\/div>\n

\u518d\u770bip\u00a0rule\u5185\u5bb9\uff08\u524d\u9762\u6570\u5b57\u4e3a\u4f18\u5148\u7ea7\uff0c\u503c\u8d8a\u5c0f\u7684\u8d8a\u4f18\u5148\u5339\u914d\uff09\uff1a<\/strong><\/h3>\n
# ip rule list<\/span><\/div>\n
0:\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0from all lookup local\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u8fd9\u4e2a\u8868\u793a\u662f\u4f18\u5148\u5339\u914dlocal\u8def\u7531\u8868\uff0c\u5bf9\u5e94ip\u00a0route\u00a0show\u00a0table\u00a0local\u7684local\u8def\u7531\u8868\u3002<\/span><\/div>\n
10000:\u00a0\u00a0from all fwmark 0xc0000\/0xd0000 lookup legacy_system\u00a0 \u00a0 \u00a0\u8fd9\u91cc\u8868\u793aiptables\u7684mark\u6807\u8bb0\u4e3a0xc0000\uff080xd0000\u4e3a\u63a9\u7801\uff0c\u8fdb\u6765\u7684\u5305\u5148\u548cxd0000\u505aAND\u4e0e\u8ba1\u7b97\uff0c\u7ed3\u679c\u4e3a0xc0000\u7684\u5305\uff09\u7684\u67e5\u627elegacy_system\u8def\u7531\u8868\u3002<\/span><\/div>\n
10500:\u00a0\u00a0from all iif lo oif wlan0 uidrange 0-0 lookup wlan0\u00a0\u00a0\u8fd9\u91cc\u8868\u793a\u4ecelo\u73af\u56de\u63a5\u53e3\u8f93\u5165\u3001\u4ecewlan0\u63a5\u53e3\u8f93\u51fa\u3001uid\u4e3a0\uff08\u5373\u7cfb\u7edf\u7528\u6237\uff09\u7684\u5305\u67e5\u627ewlan0\u8def\u7531\u8868\u3002<\/span><\/div>\n
13000:\u00a0\u00a0from all fwmark 0x10063\/0x1ffff iif lo lookup local_network<\/div>\n
13000:\u00a0\u00a0from all fwmark 0x10065\/0x1ffff iif lo lookup wlan0<\/div>\n
14000:\u00a0\u00a0from all iif lo oif wlan0 lookup wlan0<\/div>\n
15000:\u00a0\u00a0from all fwmark 0x0\/0x10000 lookup legacy_system<\/div>\n
16000:\u00a0\u00a0from all fwmark 0x0\/0x10000 lookup legacy_network<\/div>\n
17000:\u00a0\u00a0from all fwmark 0x0\/0x10000 lookup local_network<\/div>\n
19000:\u00a0\u00a0from all fwmark 0x65\/0x1ffff iif lo lookup wlan0\u00a0\u8fd9\u91cc\u8868\u793aiptables\u7684mark\u6807\u8bb0\u4e3a0x65\uff080x1ffff\u4e3a\u63a9\u7801\uff0c\u8fdb\u6765\u7684\u5305\u5148\u548c0x1ffff\u505aAND\u4e0e\u8ba1\u7b97\uff0c\u7ed3\u679c\u4e3a0x65\u7684\u5305\uff09\u3001\u8f93\u5165\u63a5\u53e3\u4e3alo\u73af\u56de\u5730\u5740\u7684\u5305\u67e5\u627ewlan0\u8def\u7531\u8868\uff0c\u5bf9\u5e94\u4e0a\u9762\u7684ip route show table wlan0\u7684wlan0\u8def\u7531\u8868\u3002<\/span><\/div>\n
22000:\u00a0\u00a0from all fwmark 0x0\/0xffff iif lo lookup wlan0\u00a0 \u00a0\u00a0\u8fd9\u91cc\u8868\u793aiptables\u7684mark\u6807\u8bb0\u4e3a0x0\uff080xffff\u4e3a\u63a9\u7801\uff0c\u8fdb\u6765\u7684\u5305\u5148\u548c0xffff\u505aAND\u4e0e\u8ba1\u7b97\uff0c\u7ed3\u679c\u4e3a0x0\u7684\u5305\uff09\u3001\u8f93\u5165\u63a5\u53e3\u4e3alo\u73af\u56de\u5730\u5740\u7684\u5305\u67e5\u627ewlan0\u8def\u7531\u8868\uff0c\u5bf9\u5e94\u4e0a\u9762\u7684ip route show table wlan0\u7684wlan0\u8def\u7531\u8868\u3002<\/span><\/div>\n
32000:\u00a0\u00a0from all unreachable<\/div>\n
\u4e0a\u9762\u8fd9\u4e2aip\u00a0rule\u00a0list\u91cc\u9762\u6ca1\u6709default\u548cmain\u662f\u4e0d\u5bf9\u7684\uff0c\u4e00\u822c\u90fd\u4f1a\u6709\u7684\u3002<\/div>\n
\u6bcf\u884c\u5404\u90e8\u5206\u7684\u89e3\u91ca\uff08\u5177\u4f53\u67e5\u770bip\u00a0rule\u547d\u4ee4help\uff09\uff1a<\/div>\n
\u00a0\u00a0 \u00a0xx: \u7b2c\u4e00\u5217\u6570\u5b57\u662f\u4f18\u5148\u7ea7\uff0c\u5c0f\u7684\u6570\u5b57\u4f18\u5148\u7ea7\u9ad8<\/div>\n
\u00a0\u00a0 \u00a0\u4e2d\u95f4\u90e8\u5206\u5185\u5bb9\uff1a\u5982 from all\uff0c \u8fd9\u662f\u89c4\u5219\u3002<\/div>\n
\u00a0\u00a0 \u00a0fwmark 0x10064: \u5176\u4e2d0x64(\u5341\u8fdb\u5236\u4e3a100)\u5c31\u662f\u8be5\u7f51\u7edc\u7684netid<\/div>\n
\u00a0\u00a0 \u00a0lookup [xxx] : \u8868\u793a\u641c\u7d22xxx\u8def\u7531\u8868\uff0c1-252\u4e4b\u95f4\u7684\u6570\u5b57\u6216\u540d\u79f0<\/div>\n
\u6574\u884c\u7684\u610f\u601d\u5c31\u662f\uff0c\u5982\u679c\u4e00\u4e2a\u6570\u636e\u5305\u7b26\u5408\u89c4\u5219\uff08\u6e90\u5730\u5740\u3001\u76ee\u7684\u5730\u5740\u3001\u534f\u8bae\u3001\u7aef\u53e3\u3001\u6570\u636e\u5305\u5927\u5c0f\u3001\u5185\u5bb9\u7b49\uff09\uff0c\u5219\u4f7f\u7528\u6307\u5b9a\u8def\u7531\u8868\u3002<\/div>\n
\u6bd4\u5982\u8981\u6dfb\u52a0\u51e0\u6761\uff1a<\/div>\n
# ip rule add from all lookup main prio 23000<\/div>\n
# ip rule add from all lookup\u00a0default\u00a0prio 32000<\/div>\n
<\/div>\n

CentOS 7.x\u4e0b\u8ba9ip\u00a0route\u8def\u7531\u548cip\u00a0rule\u6c38\u4e45\u751f\u6548\uff0c\u91cd\u542f\u4e0d\u4e22\u5931\uff1a<\/strong><\/h3>\n
\u5047\u5b9a\u8981\u7ed9eth1\uff08\u5047\u5b9a\u63a5\u53e3\u5730\u5740\u4e3a 192.168.100.140\uff09\u589e\u52a0rule\u548c\u8def\u7531\u8868\uff1a<\/div>\n
#\u00a0vi \/etc\/iproute2\/rt_tables<\/div>\n
255\u00a0\u00a0\u00a0\u00a0\u00a0local<\/div>\n
254\u00a0\u00a0\u00a0\u00a0\u00a0main<\/div>\n
253\u00a0\u00a0\u00a0\u00a0\u00a0default<\/div>\n
0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0unspec<\/div>\n
128\u00a0\u00a0\u00a0\u00a0\u00a0mynet<\/div>\n
<\/div>\n
# vi \/etc\/sysconfig\/network-scripts\/rule-eth1<\/div>\n
from 192.168.100.0\/24 lookup mynet<\/div>\n
from 192.168.101.0\/24 lookup mynet\u00a0 \u00a0 \u5047\u5b9a192.168.101.0\/24\u8fd9\u4e2a\u7f51\u6bb5\u7684\u5305\u4e5f\u8d70\u8def\u7531\u8868mynet\uff0c\u5219\u9700\u8981\u52a0\u8fd9\u4e00\u6761\u3002<\/div>\n
<\/div>\n
# vi \/etc\/sysconfig\/network-scripts\/route-eth1<\/div>\n
192.168.100.0\/24 dev eth1 table mynet\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u8fd9\u4e2a\u76f8\u5f53\u4e8e\u662fscope\u00a0link\u7c7b\u578b\u7684\u8def\u7531\uff0c\u548c\u63a5\u53e3\u5730\u5740\u5728\u540c\u4e00\u7f51\u6bb5\u3002<\/div>\n
default via 192.168.100.1 dev eth1 table mynet<\/div>\n
<\/div>\n","protected":false},"excerpt":{"rendered":"

iptables\u3001ip\u00a0rule\u3001ip\u00a0route\u5173\u7cfb\uff0c\u4e00\u4e2a\u5305\u5230\u8fbe\u7f51\u7edc\u534f\u8bae\u5c42\uff0c\u9996\u5148\u4f1a\u88abiptables\u7684man …<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[15],"tags":[798,797,796,9,795],"class_list":["post-1070","post","type-post","status-publish","format-standard","hentry","category-linuxandroid","tag-ip-route","tag-ip-rule","tag-iptables-mangle","tag-linux","tag-795"],"views":9410,"_links":{"self":[{"href":"http:\/\/www.max-shu.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1070","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.max-shu.com\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.max-shu.com\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.max-shu.com\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.max-shu.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1070"}],"version-history":[{"count":1,"href":"http:\/\/www.max-shu.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1070\/revisions"}],"predecessor-version":[{"id":1071,"href":"http:\/\/www.max-shu.com\/blog\/index.php?rest_route=\/wp\/v2\/posts\/1070\/revisions\/1071"}],"wp:attachment":[{"href":"http:\/\/www.max-shu.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1070"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.max-shu.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1070"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.max-shu.com\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1070"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}