查看本地路由表。安装 iproute2 工具后,执行ip route show table local。正如您所看到的,所有发往本地 IP 的数据包都不会通过 NIC,因为它们被标记为本地。
要强制数据包通过以太网卡,请删除相应的路由(即ip Route delete 192.168.122.1 dev eth0 table local)。要恢复此路由,只需将接口设置为关闭和打开:内核将完成插入这些路由的工作。
Have a look in local routing table. With iproute2 tools installed do ip route show table local. As you can see, all packets destinated to your local IPs would never go thru NICs since they are marked as local.
To force packets go via ethernet card remove the appropriate route (i.e. ip route delete 192.168.122.1 dev eth0 table local). To restore this route just set the interface down and up: the kernel would do the work to insert these routes.
arp -s IP00 MAC0
arp -s IP11 MAC1
ip route add IP00 dev eth1
ip route add IP11 dev eth0
iptables -t nat -A POSTROUTING -d IP11 -j SNAT --to-source IP00
iptables -t nat -A POSTROUTING -d IP00 -j SNAT --to-source IP11
iptables -t nat -A PREROUTING -d IP00 -j DNAT --to-destination IP0
iptables -t nat -A PREROUTING -d IP11 -j DNAT --to-destination IP1
使用虚拟 IP 地址 IP00 和 IP11 代替真实 IP 地址。
I tried the ip route ... table local method above. Either it doesn't work or I am doing something wrong.
The trick is to use a set of dummy IP addresses to force the kernel into routing it through the wire, and NAT to change it back to the real IP address.
Let eth0 and eth1 be the two ethernet cards; IP0 and IP1 its IP address; MAC0 and MAC1 its MAC address respectively. We will be using two dummy IP addresses: IP00 and IP11.
arp -s IP00 MAC0
arp -s IP11 MAC1
ip route add IP00 dev eth1
ip route add IP11 dev eth0
iptables -t nat -A POSTROUTING -d IP11 -j SNAT --to-source IP00
iptables -t nat -A POSTROUTING -d IP00 -j SNAT --to-source IP11
iptables -t nat -A PREROUTING -d IP00 -j DNAT --to-destination IP0
iptables -t nat -A PREROUTING -d IP11 -j DNAT --to-destination IP1
Use the dummy IP addresses IP00 and IP11 instead of the real one.
您应该能够编写一个使用数据包套接字(协议系列 PF_PACKET)来执行此操作的程序,但您必须自己处理 IP 和更高层的标头。
You should be able to write a program that does that using packet sockets (protocol family PF_PACKET), but you'll have to handle the headers for the IP and higher layers yourself.
发布评论
评论(3)
查看本地路由表。安装 iproute2 工具后,执行ip route show table local。正如您所看到的,所有发往本地 IP 的数据包都不会通过 NIC,因为它们被标记为本地。
要强制数据包通过以太网卡,请删除相应的路由(即ip Route delete 192.168.122.1 dev eth0 table local)。要恢复此路由,只需将接口设置为关闭和打开:内核将完成插入这些路由的工作。
Have a look in local routing table. With iproute2 tools installed do ip route show table local. As you can see, all packets destinated to your local IPs would never go thru NICs since they are marked as local.
To force packets go via ethernet card remove the appropriate route (i.e. ip route delete 192.168.122.1 dev eth0 table local). To restore this route just set the interface down and up: the kernel would do the work to insert these routes.
我尝试了上面的ip route ... table local方法。要么它不起作用,要么我做错了什么。
诀窍是使用一组虚拟 IP 地址来强制内核通过线路路由它,并使用 NAT 将其更改回真实 IP 地址。
设 eth0 和 eth1 为两个以太网卡; IP0和IP1其IP地址; MAC0和MAC1分别是其MAC地址。我们将使用两个虚拟 IP 地址:IP00 和 IP11。
使用虚拟 IP 地址 IP00 和 IP11 代替真实 IP 地址。
I tried the ip route ... table local method above. Either it doesn't work or I am doing something wrong.
The trick is to use a set of dummy IP addresses to force the kernel into routing it through the wire, and NAT to change it back to the real IP address.
Let eth0 and eth1 be the two ethernet cards; IP0 and IP1 its IP address; MAC0 and MAC1 its MAC address respectively. We will be using two dummy IP addresses: IP00 and IP11.
Use the dummy IP addresses IP00 and IP11 instead of the real one.
您应该能够编写一个使用数据包套接字(协议系列
PF_PACKET)来执行此操作的程序,但您必须自己处理 IP 和更高层的标头。You should be able to write a program that does that using packet sockets (protocol family
PF_PACKET), but you'll have to handle the headers for the IP and higher layers yourself.