|
|
楼主 |
发表于 2005-8-30 04:05:15
|
显示全部楼层
这是最后一种测路路由,不过这个例子是双内网到双外网
Standard Policy-Based Routing with Failover
This example will show how to route packets, using an administrator defined policy. The policy for
this setup is the following: route packets from the network 192.168.0.0/24, using gateway 10.0.0.1,
and packets from network 192.168.1.0/24, using gateway 10.0.0.2. If GW_1 does not respond to
pings, use GW_Backup for network 192.168.0.0/24, if GW_2 does not respond to pings, use
GW_Backup also for network 192.168.1.0/24 instead of GW_2.
The setup:
Configuration of the IP addresses:
[admin@PB-Router] ip address> print
Flags: X -disabled, I -invalid, D -dynamic
# ADDRESS NETWORK BROADCAST INTERFACE
0 192.168.0.1/24 192.168.0.0 192.168.0.255 Local1
1 192.168.1.1/24 192.168.1.0 192.168.1.255 Local2
2 10.0.0.7/24 10.0.0.0 10.0.0.255 Public
[admin@PB-Router] ip address>
To achieve the described result, follow these configuration steps:
1.
Mark packets from network 192.168.0.0/24 with a new-routing-mark=net1, and packets from
network 192.168.1.0/24 with a new-routing-mark=net2:
[admin@PB-Router] ip firewall mangle> add src-address=192.168.0.0/24
\
\... action=mark-routing new-routing-mark=net1 chain=prerouting
[admin@PB-Router] ip firewall mangle> add src-address=192.168.1.0/24
\
\... action=mark-routing new-routing-mark=net2 chain=prerouting
[admin@PB-Router] ip firewall mangle> print
�
Flags: X -disabled, I -invalid, D -dynamic
0 chain=prerouting src-address=192.168.0.0/24 action=mark-routing
new-routing-mark=net1
1 chain=prerouting src-address=192.168.1.0/24 action=mark-routing
new-routing-mark=net2
[admin@PB-Router] ip firewall mangle>
2.
Route packets from network 192.168.0.0/24 to gateway GW_1 (10.0.0.2), packets from
network 192.168.1.0/24 to gateway GW_2 (10.0.0.3), using the according packet marks. If
GW_1 or GW_2 fails (does not reply to pings), route the respective packets to GW_Main
(10.0.0.1):
[admin@PB-Router] ip route> add gateway=10.0.0.2 routing-mark=net1
\
\... check-gateway=ping
[admin@PB-Router] ip route> add gateway=10.0.0.3 routing-mark=net2
\
\... check-gateway=ping
[admin@PB-Router] ip route> add gateway=10.0.0.1
[admin@PB-Router] ip route> print
Flags: X -disabled, A -active, D -dynamic,
C -connect, S -static, r -rip, b -bgp, o -ospf
# DST-ADDRESS PREFSRC G GATEWAY DISTANCE INTERFACE
0 ADC 10.0.0.0/24 10.0.0.7 Public
ADC 192.168.0.0/24 192.168.0.1 Local1
ADC 192.168.1.0/24 192.168.1.1 Local2
A S 0.0.0.0/0 r 10.0.0.2 Public
A S 0.0.0.0/0 r 10.0.0.3 Public
A S 0.0.0.0/0 r 10.0.0.1 Public
[admin@PB-Router] ip route> |
|
|Archiver|手机版|小黑屋|软路由
( 渝ICP备15001194号-1|
渝公网安备 50011602500124号 )
IP卡
狗仔卡
发表于 2005-8-30 03:38:41
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
显身卡
