在Linux上用兩張網路卡做網路流量管控
/* eth0:192.168.3.146 ; eth1:192.168.3.177 traffic out from eth1 and traffic from outside into eth0 */
/* 以下的指令不保證出去的封包一定從 eth1 出去, 在某些情況下, 封包有可能也會從 eth0 出去 ; 但是絕對保證從外部進來的封包一定是經過 eth0 */
# ip route replace default scope global nexthop via 192.168.3.254 dev eth0 weight 1 nexthop via 192.168.3.254 dev eth1 weight 100
# iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to-source  192.168.3.146
# iptables -t nat -A POSTROUTING -o eth1 --to-source  192.168.3.146

# ping www.yahoo.com.tw
PING rc.tpe.yahoo.com (202.43.195.13) 56(84) bytes of data.
64 bytes from rc.tpe.yahoo.com (202.43.195.13): icmp_seq=3 ttl=247 time=1012 ms
64 bytes from rc.tpe.yahoo.com (202.43.195.13): icmp_seq=4 ttl=247 time=112 ms
64 bytes from rc.tpe.yahoo.com (202.43.195.13): icmp_seq=5 ttl=247 time=57.2 ms
64 bytes from rc.tpe.yahoo.com (202.43.195.13): icmp_seq=6 ttl=247 time=43.0 ms
64 bytes from rc.tpe.yahoo.com (202.43.195.13): icmp_seq=7 ttl=247 time=44.0 ms
64 bytes from rc.tpe.yahoo.com (202.43.195.13): icmp_seq=8 ttl=247 time=51.8 ms
64 bytes from rc.tpe.yahoo.com (202.43.195.13): icmp_seq=9 ttl=247 time=102 ms
64 bytes from rc.tpe.yahoo.com (202.43.195.13): icmp_seq=10 ttl=247 time=85.4 ms
64 bytes from rc.tpe.yahoo.com (202.43.195.13): icmp_seq=11 ttl=247 time=43.0 ms
64 bytes from rc.tpe.yahoo.com (202.43.195.13): icmp_seq=12 ttl=247 time=43.8 ms
64 bytes from rc.tpe.yahoo.com (202.43.195.13): icmp_seq=13 ttl=247 time=107 ms
64 bytes from rc.tpe.yahoo.com (202.43.195.13): icmp_seq=14 ttl=247 time=41.9 ms
64 bytes from rc.tpe.yahoo.com (202.43.195.13): icmp_seq=15 ttl=247 time=43.3 ms
...

/*  open another console for monitoring the traffic from eth1 */
# tcpdump -n icmp -i eth1
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth1, link-type EN10MB (Ethernet), capture size 96 bytes
15:51:19.884123 IP 192.168.3.146 > 202.43.195.13: icmp 64: echo request seq 1
15:51:20.884951 IP 192.168.3.146 > 202.43.195.13: icmp 64: echo request seq 2
15:51:21.885775 IP 192.168.3.146 > 202.43.195.13: icmp 64: echo request seq 3
15:51:22.886632 IP 192.168.3.146 > 202.43.195.13: icmp 64: echo request seq 4
15:51:23.887427 IP 192.168.3.146 > 202.43.195.13: icmp 64: echo request seq 5
15:51:24.888252 IP 192.168.3.146 > 202.43.195.13: icmp 64: echo request seq 6
15:51:25.889079 IP 192.168.3.146 > 202.43.195.13: icmp 64: echo request seq 7
15:51:26.889932 IP 192.168.3.146 > 202.43.195.13: icmp 64: echo request seq 8
15:51:27.890727 IP 192.168.3.146 > 202.43.195.13: icmp 64: echo request seq 9
15:51:28.891557 IP 192.168.3.146 > 202.43.195.13: icmp 64: echo request seq 10
15:51:29.892380 IP 192.168.3.146 > 202.43.195.13: icmp 64: echo request seq 11
15:51:30.893210 IP 192.168.3.146 > 202.43.195.13: icmp 64: echo request seq 12
15:51:31.894034 IP 192.168.3.146 > 202.43.195.13: icmp 64: echo request seq 13
15:51:32.894861 IP 192.168.3.146 > 202.43.195.13: icmp 64: echo request seq 14
15:51:33.895684 IP 192.168.3.146 > 202.43.195.13: icmp 64: echo request seq 15
15:51:34.895505 IP 192.168.3.146 > 202.43.195.13: icmp 64: echo request seq 16
15:51:35.895330 IP 192.168.3.146 > 202.43.195.13: icmp 64: echo request seq 17
...

/* open another console for monitoring the traffic from eth0 */
# tcpdump -n icmp -i eth0
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
15:48:34.654627 IP 202.43.195.13 > 192.168.3.146: icmp 64: echo reply seq 3
15:48:34.754617 IP 202.43.195.13 > 192.168.3.146: icmp 64: echo reply seq 4
15:48:35.699992 IP 202.43.195.13 > 192.168.3.146: icmp 64: echo reply seq 5
15:48:36.686539 IP 202.43.195.13 > 192.168.3.146: icmp 64: echo reply seq 6
15:48:37.688416 IP 202.43.195.13 > 192.168.3.146: icmp 64: echo reply seq 7
15:48:38.696982 IP 202.43.195.13 > 192.168.3.146: icmp 64: echo reply seq 8
15:48:39.752510 IP 202.43.195.13 > 192.168.3.146: icmp 64: echo reply seq 9
15:48:40.736264 IP 202.43.195.13 > 192.168.3.146: icmp 64: echo reply seq 10
15:48:41.694697 IP 202.43.195.13 > 192.168.3.146: icmp 64: echo reply seq 11
15:48:42.696344 IP 202.43.195.13 > 192.168.3.146: icmp 64: echo reply seq 12
15:48:43.760632 IP 202.43.195.13 > 192.168.3.146: icmp 64: echo reply seq 13
15:48:44.696113 IP 202.43.195.13 > 192.168.3.146: icmp 64: echo reply seq 14
15:48:45.698366 IP 202.43.195.13 > 192.168.3.146: icmp 64: echo reply seq 15
15:48:46.698436 IP 202.43.195.13 > 192.168.3.146: icmp 64: echo reply seq 16
15:48:47.699991 IP 202.43.195.13 > 192.168.3.146: icmp 64: echo reply seq 17
15:48:48.700115 IP 202.43.195.13 > 192.168.3.146: icmp 64: echo reply seq 18
15:48:49.700359 IP 202.43.195.13 > 192.168.3.146: icmp 64: echo reply seq 19
15:48:50.702402 IP 202.43.195.13 > 192.168.3.146: icmp 64: echo reply seq 20
...

Reference:
    http://lartc.org/

arrow
arrow
    全站熱搜

    Bluelove1968 發表在 痞客邦 留言(0) 人氣()

    E-mail轉寄