Skip to content
This repository has been archived by the owner on Nov 1, 2023. It is now read-only.

Latest commit

 

History

History
129 lines (100 loc) · 3.22 KB

LinuxRouter.org

File metadata and controls

129 lines (100 loc) · 3.22 KB

LinuxRouter

开启转发模式

IPv4全局路由模式:允许路由每个端口收到的IPv4包

cat <<EOF | sudo tee /etc/sysctl.d/100-ipv4-all-forward.conf
net.ipv4.ip_forward=1
EOF
sudo sysctl -p /etc/sysctl.d/100-ipv4-all-forward.conf

IPv6全局路由模式:允许路由每个端口收到的IPv6包

cat <<EOF | sudo tee /etc/sysctl.d/100-ipv6-all-forward.conf
net.ipv6.conf.all.forwarding=1
EOF
sudo sysctl -p /etc/sysctl.d/100-ipv6-all-forward.conf

自动地址分配

sudo apt-get install -y isc-dhcp-server radvd
sudo vi /etc/default/isc-dhcp-server
sudo systemctl restart isc-dhcp-server radvd
sudo systemctl status isc-dhcp-server radvd

获取APNIC路由表

curl 'http://ftp.apnic.net/apnic/stats/apnic/delegated-apnic-latest' >/tmp/apnic.txt

# 只获取路由表项
awk -F\| '/CN\|ipv4/{ printf "%s/%d\n", $4, 32-log($5)/log(2) }' /tmp/apnic.txt >/tmp/apnic-entries.txt

# babel本地路由表项
awk -F\| '/CN\|ipv4/{ printf "in ip %s/%d deny\n", $4, 32-log($5)/log(2) }' /tmp/apnic.txt >/tmp/apnic-babel.txt

# 生成ipset
awk -F\| "
BEGIN{ print \"create apnic hash:net family inet hashsize 2048 maxelem 65536\" }
/CN\|ipv4/{ printf \"add apnic %s/%d\n\", \$4, 32-log(\$5)/log(2) }" /tmp/apnic.txt >/tmp/apnic-ipset.txt

# 生成nftables
awk -F\| "
BEGIN{ print \"set apnic_routes {\n type ipv4_addr; flags constant, interval;\nelements={\" }
/CN\|ipv4/{ printf \"%s/%d,\n\", \$4, 32-log(\$5)/log(2) }
END{ print \"}\n}\n\" }" /tmp/apnic.txt >/tmp/apnic-nft.conf

持久化路由策略

  • 首先添加路由表
sudo cp /etc/iproute2/{rt_tables,rt_tables.bak}
sudo vi /etc/iproute2/rt_tables
  • 然后添加路由规则使得表被使用
  • 然后往表里添加路由

ArchLinux

没找到,只好自己写脚本。systemd 的服务如下

# /etc/systemd/system/iproute2-rules.service
[Unit]
Description=IPRoute2 Rules
After=network.target

[Service]
Type=oneshot
ExecStart=/usr/local/bin/iproute2-rules-up.sh
ExecStop=/usr/local/bin/iproute2-rules-down.sh

[Install]
WantedBy=multi-user.target

CentOS 7

https://unix.stackexchange.com/a/295646

然而这个只支持 ifcfg-* 那种老格式的。如果想要支持 nm 管理的端口,请

#!/bin/sh

if [ "$2" != "pre-up" -a "$2" != "down" ]; then
    exit 0
fi

dir=$(dirname "$CONNECTION_FILENAME")
if [ "$dir" != "/etc/NetworkManager/system-connections" ]; then
    exit 0
fi
profile=$(basename "$CONNECTION_FILENAME")
if [ -z "$profile" ]; then
    exit 0
fi

dir=/etc/sysconfig/network-scripts
if ! [ -f "$dir/rule-$profile" -o -f "$dir/rule6-$profile" ]; then
    if ! [ -f "$dir/rule-$DEVICE_IP_IFACE" -o -f "$dir/rule6-$DEVICE_IP_IFACE" ]; then
        exit 0
    fi
fi

case "$2" in
    pre-up)
        /etc/sysconfig/network-scripts/ifup-routes "$DEVICE_IP_IFACE" "$profile"
        ;;
    down)
        /etc/sysconfig/network-scripts/ifdown-routes "$DEVICE_IP_IFACE" "$profile"
        ;;
esac
sudo chmod +x $dir/10-ifcfg-rh-nm-routes.sh
for d in no-wait.d  pre-down.d  pre-up.d; do
  sudo ln -sf $dir/10-ifcfg-rh-nm-routes.sh $dir/$d
done