Linux - Routage (partie 1)
Alasta 30 Mars 2014 linux Linux Open Source shell Routing
Description : Mise en place d'un serveur Linux comme routeur.
Schéma
Chaque machine est configurée de la manière suivante :
Hostname : HX
IP : 10.X.X.X
Mask : 255.255.255.0
Gateway : 10.X.X.254
ou X est le numéro du host.
Le routeur (R1) à une interface dans chaque réseau (en .254).
Etat des lieux
Depuis H1 je lance un "ping" vers les différentes adresses IP (H3,H4,R1, ...)
H1 ~ # ping 10.1.1.1 PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data. 64 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=0.020 ms 64 bytes from 10.1.1.1: icmp_seq=2 ttl=64 time=0.034 ms ^C --- 10.1.1.1 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1397ms rtt min/avg/max/mdev = 0.020/0.027/0.034/0.007 ms H1 ~ # ping 10.1.1.254 PING 10.1.1.254 (10.1.1.254) 56(84) bytes of data. 64 bytes from 10.1.1.254: icmp_seq=1 ttl=64 time=0.367 ms 64 bytes from 10.1.1.254: icmp_seq=2 ttl=64 time=0.408 ms ^C --- 10.1.1.254 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1599ms rtt min/avg/max/mdev = 0.367/0.387/0.408/0.028 ms H1 ~ # ping 10.2.2.254 PING 10.2.2.254 (10.2.2.254) 56(84) bytes of data. 64 bytes from 10.2.2.254: icmp_seq=1 ttl=64 time=0.358 ms 64 bytes from 10.2.2.254: icmp_seq=2 ttl=64 time=0.414 ms ^C --- 10.2.2.254 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1815ms rtt min/avg/max/mdev = 0.358/0.386/0.414/0.028 ms H1 ~ # ping 10.2.2.2 PING 10.2.2.2 (10.2.2.2) 56(84) bytes of data. ^C --- 10.2.2.2 ping statistics --- 2 packets transmitted, 0 received, 100% packet loss, time 1287ms H1 ~ # ping 10.3.3.254 PING 10.3.3.254 (10.3.3.254) 56(84) bytes of data. 64 bytes from 10.3.3.254: icmp_seq=1 ttl=64 time=0.270 ms 64 bytes from 10.3.3.254: icmp_seq=2 ttl=64 time=0.461 ms ^C --- 10.3.3.254 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1375ms rtt min/avg/max/mdev = 0.270/0.365/0.461/0.097 ms H1 ~ # ping 10.3.3.3 PING 10.3.3.3 (10.3.3.3) 56(84) bytes of data. ^C --- 10.3.3.3 ping statistics --- 4 packets transmitted, 0 received, 100% packet loss, time 3143ms
Dans cette sortie de commandes on s'aperçoit que depuis H1 on peut faire un "ping" sur sa propre IP et les différentes IP de la gateway (c'est son routeur, et ce routeur possèdent ces adresses donc c'est normal). Mais dans cette configuration "standard" on ne peut pas joindre les autres machines.
Mise en place du routage
Il y a une "variable kernel" pour cela "ip_forward"
- Visualiser son état initial :
R1 ~ # sysctl net.ipv4.ip_forward net.ipv4.ip_forward = 0
ou
R1 ~ # cat /proc/sys/net/ipv4/ip_forward 0
- Activation à la volée :
R1 ~ # sysctl -w net.ipv4.ip_forward=1 net.ipv4.ip_forward = 1
ou
R1 ~ # echo 1 > /proc/sys/net/ipv4/ip_forward
- Prise en compte pour les prochains reboot :
Editer le fichier /etc/sysctl.conf et ajouter :
net.ipv4.ip_forward = 1
Recharger le fichier :
R1 ~ # sysctl -p ....... kernel.shmmax = 4294967295 kernel.shmall = 268435456 net.ipv6.conf.all.disable_ipv6 = 1 net.ipv6.conf.default.disable_ipv6 = 1 net.ipv4.ip_forward = 1
Test de fonctionnement
H1 ~ # ping 10.2.2.2 PING 10.2.2.2 (10.2.2.2) 56(84) bytes of data. From 10.1.1.254 icmp_seq=1 Destination Host Prohibited From 10.1.1.254 icmp_seq=2 Destination Host Prohibited From 10.1.1.254 icmp_seq=3 Destination Host Prohibited From 10.1.1.254 icmp_seq=4 Destination Host Prohibited ^C --- 10.2.2.2 ping statistics --- 4 packets transmitted, 0 received, +4 errors, 100% packet loss, time 3423ms
Oups, ça ne fonctionne pas ... à oui netfilter est activé et n'est pas configuré pour (netfilter n'est pas le sujet du post)
H1 ~ # ping 10.2.2.2 PING 10.2.2.2 (10.2.2.2) 56(84) bytes of data. 64 bytes from 10.2.2.2: icmp_seq=1 ttl=63 time=0.675 ms 64 bytes from 10.2.2.2: icmp_seq=2 ttl=63 time=0.701 ms 64 bytes from 10.2.2.2: icmp_seq=3 ttl=63 time=0.718 ms ^C --- 10.2.2.2 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2495ms rtt min/avg/max/mdev = 0.675/0.698/0.718/0.017 ms H1 ~ # ping 10.3.3.3 PING 10.3.3.3 (10.3.3.3) 56(84) bytes of data. 64 bytes from 10.3.3.3: icmp_seq=1 ttl=63 time=1.95 ms 64 bytes from 10.3.3.3: icmp_seq=2 ttl=63 time=0.625 ms ^C --- 10.3.3.3 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1894ms rtt min/avg/max/mdev = 0.625/1.290/1.955/0.665 ms H1 ~ # ping 10.4.4.4 PING 10.4.4.4 (10.4.4.4) 56(84) bytes of data. 64 bytes from 10.4.4.4: icmp_seq=1 ttl=63 time=2.02 ms 64 bytes from 10.4.4.4: icmp_seq=2 ttl=63 time=0.713 ms ^C --- 10.4.4.4 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 1790ms rtt min/avg/max/mdev = 0.713/1.370/2.027/0.657 ms
Hé, ça marche !!!